| 3.11.7.2.10 (BL) Ensure 'Require additional authentication at startup' is set to 'Enabled' | CIS Microsoft Intune for Windows 11 v3.0.1 BitLocker (BL) | Windows | ACCESS CONTROL |
| 3.11.7.2.11 (BL) Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False' | CIS Microsoft Intune for Windows 11 v3.0.1 BitLocker (BL) | Windows | ACCESS CONTROL |
| 3.11.7.2.12 (BL) Ensure 'Require additional authentication at startup: Configure TPM startup key and PIN:' is set to 'Enabled: Do not allow startup key and PIN with TPM' | CIS Microsoft Intune for Windows 11 v3.0.1 BitLocker (BL) | Windows | ACCESS CONTROL |
| 3.11.7.2.13 (BL) Ensure 'Require additional authentication at startup: Configure TPM startup key:' is set to 'Enabled: Do not allow startup key with TPM' | CIS Microsoft Intune for Windows 11 v3.0.1 BitLocker (BL) | Windows | ACCESS CONTROL |
| 18.8.34.6.1 (BL) Ensure 'Allow standby states (S1-S3) when sleeping (on battery)' is set to 'Disabled' | CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker | Windows | ACCESS CONTROL |
| 18.9.11.1.10 (BL) Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker | Windows | ACCESS CONTROL |
| 18.9.11.2.12 (BL) Ensure 'Configure use of hardware-based encryption for operating system drives' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker | Windows | ACCESS CONTROL |
| 18.9.11.2.14 (BL) Ensure 'Configure use of hardware-based encryption for operating system drives: Restrict encryption algorithms and cipher suites allowed for hardware-based encryption' is set to 'Enabled: False' | CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker | Windows | ACCESS CONTROL |
| 18.9.11.3.11 (BL) Ensure 'Configure use of hardware-based encryption for removable data drives: Use BitLocker software-based encryption when hardware encryption is not available' is set to 'Enabled: True' | CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker | Windows | ACCESS CONTROL |
| 18.10.9.1.1 (BL) Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled' | CIS Microsoft Windows 11 Enterprise v3.0.0 L2 + BitLocker | Windows | ACCESS CONTROL |
| 18.10.9.1.1 (BL) Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled' | CIS Microsoft Windows 11 Enterprise v3.0.0 BL | Windows | ACCESS CONTROL |
| 18.10.9.1.1 (BL) Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled' | CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL | Windows | ACCESS CONTROL |
| 18.10.9.1.1 Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled' | CIS Microsoft Windows 10 EMS Gateway v2.0.0 L1 | Windows | ACCESS CONTROL |
| 18.10.9.1.1 Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL + NG | Windows | ACCESS CONTROL |
| 18.10.9.1.1 Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled' - Disabled | CIS Microsoft Windows 10 Stand-alone v2.0.0 L2 + BL + NG | Windows | ACCESS CONTROL |
| 18.10.9.1.1 Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled' - Disabled | CIS Microsoft Windows 10 Stand-alone v2.0.0 BL | Windows | ACCESS CONTROL |
| 18.10.9.1.1 Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled' - Disabled | CIS Microsoft Windows 11 Stand-alone v2.0.0 L1 + BL | Windows | ACCESS CONTROL |
| 18.10.9.1.10 (BL) Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Disabled' | CIS Microsoft Windows 11 Enterprise v3.0.0 BL | Windows | ACCESS CONTROL |
| 18.10.9.1.10 Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Disabled' - Disabled | CIS Microsoft Windows 10 Stand-alone v2.0.0 L2 + BL + NG | Windows | ACCESS CONTROL |
| 18.10.9.1.10 Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Disabled' - Disabled | CIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + BL | Windows | ACCESS CONTROL |
| 18.10.9.2.10 Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False' | CIS Microsoft Intune for Windows 10 v2.0.0 L2 + BL | Windows | ACCESS CONTROL |
| 18.10.9.2.10 Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False' | CIS Microsoft Intune for Windows 10 v2.0.0 Bitlocker | Windows | ACCESS CONTROL |
| 18.10.9.2.10 Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False' | CIS Microsoft Intune for Windows 11 v2.0.0 L1 + BL + NG | Windows | ACCESS CONTROL |
| 18.10.9.2.10 Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False' | CIS Microsoft Intune for Windows 10 v2.0.0 L1 + BL + NG | Windows | ACCESS CONTROL |
| 18.10.9.2.10 Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False' | CIS Microsoft Intune for Windows 11 v2.0.0 L2 + BL + NG | Windows | ACCESS CONTROL |
| 18.10.9.2.11 (BL) Ensure 'Configure use of hardware-based encryption for operating system drives' is set to 'Disabled' | CIS Microsoft Windows 11 Enterprise v3.0.0 L2 + BitLocker | Windows | ACCESS CONTROL |
| 18.10.9.2.11 (BL) Ensure 'Configure use of hardware-based encryption for operating system drives' is set to 'Disabled' | CIS Microsoft Windows 11 Enterprise v3.0.0 BL | Windows | ACCESS CONTROL |
| 18.10.9.2.11 (BL) Ensure 'Configure use of hardware-based encryption for operating system drives' is set to 'Disabled' | CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL | Windows | ACCESS CONTROL |
| 18.10.9.2.11 Ensure 'Configure use of hardware-based encryption for operating system drives' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL | Windows | ACCESS CONTROL |
| 18.10.9.2.11 Ensure 'Configure use of hardware-based encryption for operating system drives' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL + NG | Windows | ACCESS CONTROL |
| 18.10.9.2.11 Ensure 'Configure use of hardware-based encryption for operating system drives' is set to 'Disabled' - Disabled | CIS Microsoft Windows 10 Stand-alone v2.0.0 BL | Windows | ACCESS CONTROL |
| 18.10.9.2.11 Ensure 'Configure use of hardware-based encryption for operating system drives' is set to 'Disabled' - Disabled | CIS Microsoft Windows 11 Stand-alone v2.0.0 L1 + BL | Windows | ACCESS CONTROL |
| 18.10.9.2.13 (BL) Ensure 'Require additional authentication at startup' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v3.0.0 BL | Windows | ACCESS CONTROL |
| 18.10.9.2.13 (BL) Ensure 'Require additional authentication at startup' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL | Windows | ACCESS CONTROL |
| 18.10.9.2.13 Ensure 'Require additional authentication at startup' is set to 'Enabled' | CIS Microsoft Windows 10 EMS Gateway v2.0.0 L1 | Windows | ACCESS CONTROL |
| 18.10.9.2.13 Ensure 'Require additional authentication at startup' is set to 'Enabled' - Enabled | CIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + BL + NG | Windows | ACCESS CONTROL |
| 18.10.9.2.14 (BL) Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False' | CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL | Windows | ACCESS CONTROL |
| 18.10.9.2.14 Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False' | CIS Microsoft Windows 10 EMS Gateway v2.0.0 L1 | Windows | ACCESS CONTROL |
| 18.10.9.2.14 Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False' - Enabled: False | CIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + BL + NG | Windows | ACCESS CONTROL |
| 18.10.9.2.14 Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False' - Enabled: False | CIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + BL | Windows | ACCESS CONTROL |
| 18.10.9.2.14 Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False' - Enabled: False | CIS Microsoft Windows 11 Stand-alone v2.0.0 L1 + BL | Windows | ACCESS CONTROL |
| 18.10.9.3.1 (BL) Ensure 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' is set to 'Disabled' | CIS Microsoft Windows 11 Enterprise v3.0.0 BL | Windows | ACCESS CONTROL |
| 18.10.9.3.1 Ensure 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL | Windows | ACCESS CONTROL |
| 18.10.9.3.1 Ensure 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' is set to 'Disabled' | CIS Microsoft Windows 10 EMS Gateway v2.0.0 L1 | Windows | ACCESS CONTROL |
| 18.10.9.3.1 Ensure 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' is set to 'Disabled' - Disabled | CIS Microsoft Windows 10 Stand-alone v2.0.0 BL | Windows | ACCESS CONTROL |
| 18.10.9.3.1 Ensure 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' is set to 'Disabled' - Disabled | CIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + BL + NG | Windows | ACCESS CONTROL |
| 18.10.9.3.1 Ensure 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' is set to 'Disabled' - Disabled | CIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + BL | Windows | ACCESS CONTROL |
| 18.10.9.3.1 Ensure 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' is set to 'Disabled' - Disabled | CIS Microsoft Windows 11 Stand-alone v2.0.0 L1 + BL | Windows | ACCESS CONTROL |
| 18.10.9.3.10 (BL) Ensure 'Configure use of hardware-based encryption for removable data drives' is set to 'Disabled' | CIS Microsoft Windows 11 Enterprise v3.0.0 BL | Windows | ACCESS CONTROL |
| 18.10.9.3.10 (BL) Ensure 'Configure use of hardware-based encryption for removable data drives' is set to 'Disabled' | CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL | Windows | ACCESS CONTROL |
