CSCv7|13.6

Title

Encrypt the Hard Drive of All Mobile Devices.

Description

Utilize approved whole disk encryption software to encrypt the hard drive of all mobile devices.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Data Protection

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
18.10.9.1.1 Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled'	Windows	CIS Microsoft Windows 11 Enterprise v2.0.0 BL
18.10.9.1.1 Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L2 + BL + NG
18.10.9.1.1 Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L2 + BL
18.10.9.1.1 Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 BL
18.10.9.1.1 Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL
18.10.9.1.1 Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled'	Windows	CIS Microsoft Windows 11 Enterprise v2.0.0 L2 + BL
18.10.9.1.1 Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL + NG
18.10.9.1.1 Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 EMS Gateway v2.0.0 L1
18.10.9.1.1 Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled'	Windows	CIS Microsoft Windows 11 Enterprise v2.0.0 L1 + BL
18.10.9.1.1 Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled' - Disabled	Windows	CIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + BL + NG
18.10.9.1.1 Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled' - Disabled	Windows	CIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + BL
18.10.9.1.1 Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled' - Disabled	Windows	CIS Microsoft Windows 11 Stand-alone v2.0.0 L2 + BL
18.10.9.1.1 Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled' - Disabled	Windows	CIS Microsoft Windows 11 Stand-alone v2.0.0 BL
18.10.9.1.1 Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled' - Disabled	Windows	CIS Microsoft Windows 10 Stand-alone v2.0.0 BL
18.10.9.1.1 Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled' - Disabled	Windows	CIS Microsoft Windows 10 Stand-alone v2.0.0 L2 + BL + NG
18.10.9.1.1 Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled' - Disabled	Windows	CIS Microsoft Windows 10 Stand-alone v2.0.0 L2 + BL
18.10.9.1.1 Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled' - Disabled	Windows	CIS Microsoft Windows 11 Stand-alone v2.0.0 L1 + BL
18.10.9.1.1 Ensure 'Choose how BitLocker-protected fixed drives can be recovered' is set to 'Enabled'	Windows	CIS Microsoft Intune for Windows 11 v2.0.0 L1 + BL
18.10.9.1.1 Ensure 'Choose how BitLocker-protected fixed drives can be recovered' is set to 'Enabled'	Windows	CIS Microsoft Intune for Windows 11 v2.0.0 L1 + BL + NG
18.10.9.1.1 Ensure 'Choose how BitLocker-protected fixed drives can be recovered' is set to 'Enabled'	Windows	CIS Microsoft Intune for Windows 11 v2.0.0 BitLocker
18.10.9.1.1 Ensure 'Choose how BitLocker-protected fixed drives can be recovered' is set to 'Enabled'	Windows	CIS Microsoft Intune for Windows 10 v2.0.0 L1 + BL + NG
18.10.9.1.1 Ensure 'Choose how BitLocker-protected fixed drives can be recovered' is set to 'Enabled'	Windows	CIS Microsoft Intune for Windows 11 v2.0.0 L2 + BL
18.10.9.1.1 Ensure 'Choose how BitLocker-protected fixed drives can be recovered' is set to 'Enabled'	Windows	CIS Microsoft Intune for Windows 10 v2.0.0 L2 + BL + NG
18.10.9.1.1 Ensure 'Choose how BitLocker-protected fixed drives can be recovered' is set to 'Enabled'	Windows	CIS Microsoft Intune for Windows 10 v2.0.0 Bitlocker
18.10.9.1.1 Ensure 'Choose how BitLocker-protected fixed drives can be recovered' is set to 'Enabled'	Windows	CIS Microsoft Intune for Windows 10 v2.0.0 L2 + BL
18.10.9.1.1 Ensure 'Choose how BitLocker-protected fixed drives can be recovered' is set to 'Enabled'	Windows	CIS Microsoft Intune for Windows 10 v2.0.0 L1 + BL
18.10.9.1.1 Ensure 'Choose how BitLocker-protected fixed drives can be recovered' is set to 'Enabled'	Windows	CIS Microsoft Intune for Windows 11 v2.0.0 L2 + BL + NG
18.10.9.1.10 Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Disabled'	Windows	CIS Microsoft Windows 11 Enterprise v2.0.0 L1 + BL
18.10.9.1.10 Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Disabled'	Windows	CIS Microsoft Windows 11 Enterprise v2.0.0 L2 + BL
18.10.9.1.10 Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L2 + BL
18.10.9.1.10 Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 BL
18.10.9.1.10 Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L2 + BL + NG
18.10.9.1.10 Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL + NG
18.10.9.1.10 Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL
18.10.9.1.10 Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 EMS Gateway v2.0.0 L1
18.10.9.1.10 Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Disabled'	Windows	CIS Microsoft Windows 11 Enterprise v2.0.0 BL
18.10.9.1.10 Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Disabled' - Disabled	Windows	CIS Microsoft Windows 11 Stand-alone v2.0.0 L2 + BL
18.10.9.1.10 Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Disabled' - Disabled	Windows	CIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + BL + NG
18.10.9.1.10 Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Disabled' - Disabled	Windows	CIS Microsoft Windows 11 Stand-alone v2.0.0 L1 + BL
18.10.9.1.10 Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Disabled' - Disabled	Windows	CIS Microsoft Windows 10 Stand-alone v2.0.0 BL
18.10.9.1.10 Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Disabled' - Disabled	Windows	CIS Microsoft Windows 11 Stand-alone v2.0.0 BL
18.10.9.1.10 Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Disabled' - Disabled	Windows	CIS Microsoft Windows 10 Stand-alone v2.0.0 L2 + BL
18.10.9.1.10 Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Disabled' - Disabled	Windows	CIS Microsoft Windows 10 Stand-alone v2.0.0 L2 + BL + NG
18.10.9.1.10 Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Disabled' - Disabled	Windows	CIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + BL
18.10.9.1.11 Ensure 'Configure use of passwords for fixed data drives' is set to 'Disabled'	Windows	CIS Microsoft Windows 11 Enterprise v2.0.0 BL
18.10.9.1.11 Ensure 'Configure use of passwords for fixed data drives' is set to 'Disabled'	Windows	CIS Microsoft Windows 11 Enterprise v2.0.0 L2 + BL
18.10.9.1.11 Ensure 'Configure use of passwords for fixed data drives' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL + NG
18.10.9.1.11 Ensure 'Configure use of passwords for fixed data drives' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL
18.10.9.1.11 Ensure 'Configure use of passwords for fixed data drives' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 EMS Gateway v2.0.0 L1
18.10.9.1.11 Ensure 'Configure use of passwords for fixed data drives' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 BL

Detections

Analytics

CSCv7|13.6

Title

Description

Reference Item Details

Audit Items