Item Search

NameAudit NamePluginCategory
18.9.11.1.1 Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled'CIS Microsoft Windows 10 Stand-alone v1.0.1 L2 + BL + NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.1.1 Ensure 'Choose how BitLocker-protected fixed drives can be recovered' is set to 'Enabled'CIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.1.1 Ensure 'Choose how BitLocker-protected fixed drives can be recovered' is set to 'Enabled'CIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L2 + BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.1.1 Ensure 'Choose how BitLocker-protected fixed drives can be recovered' is set to 'Enabled'CIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L2 + BL + NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.1.2 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Allow data recovery agent' is set to 'Enabled: True'CIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.1.2 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Allow data recovery agent' is set to 'Enabled: True'CIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 BitlockerWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.1.2 Ensure 'Choose how BitLocker-protected fixed drives can be recovered' is set to 'Enabled'CIS Microsoft Windows 10 Stand-alone v1.0.1 L2 + BL + NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.1.3 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Allow data recovery agent' is set to 'Enabled: True'CIS Microsoft Windows 10 Stand-alone v1.0.1 L2 + BL + NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.1.3 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Password' is set to 'Enabled: Allow 48-digit recovery password'CIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 BitlockerWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.1.3 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Password' is set to 'Enabled: Allow 48-digit recovery password'CIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L2 + BL + NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.1.4 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True'CIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.1.5 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key'CIS Microsoft Windows 10 Stand-alone v1.0.1 L2 + BL + NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.1.5 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Save BitLocker recovery information to AD DS for fixed data drives' is set to 'Enabled: False'CIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.1.5 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Save BitLocker recovery information to AD DS for fixed data drives' is set to 'Enabled: False'CIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L2 + BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.1.6 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Configure storage of BitLocker recovery information to AD DS' is set to 'Enabled: Backup recovery passwords and key packages'CIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.1.6 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Configure storage of BitLocker recovery information to AD DS' is set to 'Enabled: Backup recovery passwords and key packages'CIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L2 + BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.1.6 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Configure storage of BitLocker recovery information to AD DS' is set to 'Enabled: Backup recovery passwords and key packages'CIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 BitlockerWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.1.6 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True'CIS Microsoft Windows 10 Stand-alone v1.0.1 L2 + BL + NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.1.7 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Save BitLocker recovery information to AD DS for fixed data drives' is set to 'Enabled: False'CIS Microsoft Windows 10 Stand-alone v1.0.1 L2 + BL + NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.1.8 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Configure storage of BitLocker recovery information to AD DS' is set to 'Enabled: Backup recovery passwords and key packages'CIS Microsoft Windows 10 Stand-alone v1.0.1 L2 + BL + NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.1.9 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives' is set to 'Enabled: False'CIS Microsoft Windows 10 Stand-alone v1.0.1 L2 + BL + NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.1.10 Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Disabled'CIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL + NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.1.10 Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Disabled'CIS Microsoft Windows 11 Enterprise v1.0.0 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.2.1 Ensure 'Choose how BitLocker-protected operating system drives can be recovered' is set to 'Enabled'CIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.2.2 Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Allow data recovery agent' is set to 'Enabled: False'CIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 BitlockerWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.2.3 Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password'CIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L2 + BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.2.3 Ensure 'Choose how BitLocker-protected operating system drives can be recovered' is set to 'Enabled'CIS Microsoft Windows 10 Stand-alone v1.0.1 L2 + BL + NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.2.4 Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'CIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.2.5 Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True'CIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L2 + BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.2.5 Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True'CIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 BitlockerWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.2.5 Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password'CIS Microsoft Windows 10 Stand-alone v1.0.1 L2 + BL + NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.2.6 Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'CIS Microsoft Windows 10 Stand-alone v1.0.1 L2 + BL + NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.2.6 Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Save BitLocker recovery information to AD DS for operating system drives' is set to 'Enabled: True'CIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.2.6 Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Save BitLocker recovery information to AD DS for operating system drives' is set to 'Enabled: True'CIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 BitlockerWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.2.7 Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Configure storage of BitLocker recovery information to AD DS:' is set to 'Enabled: Store recovery passwords and key packages'CIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.2.7 Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True'CIS Microsoft Windows 10 Stand-alone v1.0.1 L2 + BL + NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.2.8 Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for operating system drives' is set to 'Enabled: True'CIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.2.8 Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for operating system drives' is set to 'Enabled: True'CIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L2 + BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.2.8 Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for operating system drives' is set to 'Enabled: True'CIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 BitlockerWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.2.10 Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for operating system drives' is set to 'Enabled: True'CIS Microsoft Windows 10 Stand-alone v1.0.1 L2 + BL + NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.2.10 Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False'CIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 BitlockerWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.2.11 Ensure 'Configure use of hardware-based encryption for operating system drives' is set to 'Disabled'CIS Microsoft Windows 11 Enterprise v1.0.0 L2 + BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.2.11 Ensure 'Configure use of hardware-based encryption for operating system drives' is set to 'Disabled'CIS Microsoft Windows 11 Enterprise v1.0.0 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.2.13 Ensure 'Require additional authentication at startup' is set to 'Enabled'CIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL + NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.2.13 Ensure 'Require additional authentication at startup' is set to 'Enabled'CIS Microsoft Windows 11 Enterprise v1.0.0 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.2.14 Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False'CIS Microsoft Windows 10 Stand-alone v1.0.1 L2 + BL + NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.2.14 Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False'CIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL + NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.2.14 Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False'CIS Microsoft Windows 11 Enterprise v1.0.0 L2 + BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.2.14 Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False'CIS Microsoft Windows 11 Enterprise v1.0.0 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.3.1 Ensure 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' is set to 'Disabled'CIS Microsoft Windows 10 Stand-alone v1.0.1 L2 + BL + NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION