CSCv6|13.2

Title

Deploy approved hard drive encryption software to mobile devices and systems that hold sensitive data.

Description

Deploy approved hard drive encryption software to mobile devices and systems that hold sensitive data.

Reference Item Details

Category: Data Protection

Family: Network

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2.3.3.1 Configure 'Turn Off the Display (seconds):'WindowsCIS Windows 8 L1 v1.0.0
1.2.3.3.2 Configure 'Turn Off the Display (seconds):'WindowsCIS Windows 8 L1 v1.0.0
1.2.3.3.3 Set 'Require a Password When a Computer Wakes (Plugged In)' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.3.3.4 Set 'Require a Password When a Computer Wakes (On Battery)' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.1.1 Set 'Configure use of hardware-based encryption for fixed data drives' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.1.3 Set 'Configure use of passwords for fixed data drives' to 'Disabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.1.4 Set 'Recovery Key' to 'Allow 256-bit recovery key'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.1.5 Set 'Recovery Password' to 'Allow 48-digit recovery password'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.1.6 Set 'Use BitLocker software-based encryption when hardware encryption is not available' to 'True'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.1.7 Set 'Restrict crypto algorithms or cipher suites to the following:' to '2.16.840.1.101.3.4.1.2;2.16.840.1.101.3.4.1.42'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.1.8 Set 'Restrict encryption algorithms and cipher suites allowed for hardware-based encryption' to 'False'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.1.9 Set 'Allow data recovery agent' to 'True'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.1.10 Set 'Choose how BitLocker-protected fixed drives can be recovered' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.1.11 Set 'Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives' to 'False'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.1.12 Set 'Configure storage of BitLocker recovery information to AD DS:' to 'Backup recovery passwords and key packages'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.1.13 Set 'Save BitLocker recovery information to AD DS for fixed data drives' to 'False'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.1.14 Set 'Omit recovery options from the BitLocker setup wizard' to 'True'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.1.15 Set 'Configure use of smart cards on fixed data drives' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.1.16 Set 'Require use of smart cards on fixed data drives' to 'True'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.1.17 Configure 'Deny write access to fixed drives not protected by BitLocker'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.1.18 Set 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' to 'Disabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.2.1 Set 'Configure use of hardware-based encryption for operating system drives' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.2.3 Set 'Configure use of passwords for operating system drives' to 'Disabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.2.4 Set 'Recovery Key' to 'Do not allow 256-bit recovery key'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.2.5 Set 'Recovery Password' to 'Require 48-digit recovery password'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.2.6 Set 'Use BitLocker software-based encryption when hardware encryption is not available' to 'True'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.2.7 Set 'Restrict crypto algorithms or cipher suites to the following:' to '2.16.840.1.101.3.4.1.2;2.16.840.1.101.3.4.1.42'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.2.8 Set 'Restrict encryption algorithms and cipher suites allowed for hardware-based encryption' to 'False'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.2.9 Set 'Allow data recovery agent' to 'False'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.2.10 Set 'Choose how BitLocker-protected operating system drives can be recovered' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.2.11 Set 'Do not enable BitLocker until recovery information is stored to AD DS for operating system drives' to 'True'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.2.12 Set 'Configure storage of BitLocker recovery information to AD DS:' to 'Store recovery passwords and key packages'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.2.13 Set 'Save BitLocker recovery information to AD DS for operating system drives' to 'True'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.2.14 Set 'Omit recovery options from the BitLocker setup wizard' to 'True'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.2.15 Set 'Require additional authentication at startup' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.2.16 Set 'Allow BitLocker without a compatible TPM' to 'False'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.2.18 Set 'Configure TPM startup PIN:' to 'Require startup PIN with TPM'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.2.19 Set 'Configure TPM startup:' to 'Do not allow TPM'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.2.20 Set 'Configure TPM startup key:' to 'Do not allow startup key with TPM'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.2.25 Set 'Allow enhanced PINs for startup' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.2.27 Set 'Allow Secure Boot for integrity validation' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.2.28 Set 'Minimum characters:' to 'Enabled:7 or more characters'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.2.29 Configure 'Allow network unlock at startup'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.2.30 Configure 'Reset platform validation data after BitLocker recovery'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.3.1 Set 'Configure use of hardware-based encryption for removable data drives' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.3.10 Set 'Choose how BitLocker-protected removable drives can be recovered' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.3.11 Set 'Do not enable BitLocker until recovery information is stored to AD DS for removable data drives' to 'False'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.3.12 Set 'Configure storage of BitLocker recovery information to AD DS:' to 'Backup recovery passwords and key packages'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.3.13 Set 'Save BitLocker recovery information to AD DS for removable data drives' to 'False'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.10 Set 'Allow Standby States (S1-S3) When Sleeping (Plugged In)' to 'Disabled'WindowsCIS Windows 8 L1 v1.0.0