CSCv7|13.6

Title

Encrypt the Hard Drive of All Mobile Devices.

Description

Utilize approved whole disk encryption software to encrypt the hard drive of all mobile devices.

Reference Item Details

Category: Data Protection

Audit Items

View all Reference Audit Items

NamePluginAudit Name
18.8.34.6.1 (BL) Ensure 'Allow standby states (S1-S3) when sleeping (on battery)' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.8.34.6.1 (BL) Ensure 'Allow standby states (S1-S3) when sleeping (on battery)' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L2 Bitlocker
18.8.34.6.2 (BL) Ensure 'Allow standby states (S1-S3) when sleeping (plugged in)' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L2 Bitlocker
18.8.34.6.2 (BL) Ensure 'Allow standby states (S1-S3) when sleeping (plugged in)' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.8.34.6.3 Ensure 'Allow standby states (S1-S3) when sleeping (on battery)' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 BL
18.8.34.6.4 Ensure 'Allow standby states (S1-S3) when sleeping (plugged in)' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 BL
18.9.11.1.1 (BL) Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.9.11.1.1 (BL) Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L2 Bitlocker
18.9.11.1.1 Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 BL
18.9.11.1.1 Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L2 + BL
18.9.11.1.1 Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 BL
18.9.11.1.1 Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L2 + BL + NG
18.9.11.1.1 Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL
18.9.11.1.1 Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL
18.9.11.1.1 Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL + NG
18.9.11.1.1 Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L2 + BL + NG
18.9.11.1.1 Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 BL
18.9.11.1.1 Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L2 + BL
18.9.11.1.1 Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL + NG
18.9.11.1.1 Ensure 'Choose how BitLocker-protected fixed drives can be recovered' is set to 'Enabled'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 Bitlocker
18.9.11.1.1 Ensure 'Choose how BitLocker-protected fixed drives can be recovered' is set to 'Enabled'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BL + NG
18.9.11.1.1 Ensure 'Choose how BitLocker-protected fixed drives can be recovered' is set to 'Enabled'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L2 + BL + NG
18.9.11.1.1 Ensure 'Choose how BitLocker-protected fixed drives can be recovered' is set to 'Enabled'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BL
18.9.11.1.1 Ensure 'Choose how BitLocker-protected fixed drives can be recovered' is set to 'Enabled'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L2 + BL
18.9.11.1.10 (BL) Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L2 Bitlocker
18.9.11.1.10 (BL) Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.9.11.1.10 Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Disabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L2 + BL
18.9.11.1.10 Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L2 + BL + NG
18.9.11.1.10 Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L2 + BL
18.9.11.1.10 Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Disabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL
18.9.11.1.10 Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL
18.9.11.1.10 Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Disabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L2 + BL + NG
18.9.11.1.10 Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Disabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 BL
18.9.11.1.10 Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 BL
18.9.11.1.10 Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL + NG
18.9.11.1.10 Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Disabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL + NG
18.9.11.1.10 Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 BL
18.9.11.1.11 (BL) Ensure 'Configure use of hardware-based encryption for fixed data drives: Use BitLocker software-based encryption when hardware encryption is not available' is set to 'Enabled: True'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.9.11.1.11 (BL) Ensure 'Configure use of hardware-based encryption for fixed data drives: Use BitLocker software-based encryption when hardware encryption is not available' is set to 'Enabled: True'WindowsCIS Microsoft Windows 8.1 v2.4.0 L2 Bitlocker
18.9.11.1.11 Ensure 'Configure use of hardware-based encryption for fixed data drives: Use BitLocker software-based encryption when hardware encryption is not available' is set to 'Enabled: True'WindowsCIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 BL
18.9.11.1.11 Ensure 'Configure use of passwords for fixed data drives' is set to 'Disabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L2 + BL + NG
18.9.11.1.11 Ensure 'Configure use of passwords for fixed data drives' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L2 + BL
18.9.11.1.11 Ensure 'Configure use of passwords for fixed data drives' is set to 'Disabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL
18.9.11.1.11 Ensure 'Configure use of passwords for fixed data drives' is set to 'Disabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL + NG
18.9.11.1.11 Ensure 'Configure use of passwords for fixed data drives' is set to 'Disabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L2 + BL
18.9.11.1.11 Ensure 'Configure use of passwords for fixed data drives' is set to 'Disabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 BL
18.9.11.1.11 Ensure 'Configure use of passwords for fixed data drives' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 BL
18.9.11.1.11 Ensure 'Configure use of passwords for fixed data drives' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L2 + BL + NG
18.9.11.1.11 Ensure 'Configure use of passwords for fixed data drives' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL
18.9.11.1.11 Ensure 'Configure use of passwords for fixed data drives' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL + NG