CSCv7|13.6

Title

Encrypt the Hard Drive of All Mobile Devices.

Description

Utilize approved whole disk encryption software to encrypt the hard drive of all mobile devices.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Data Protection

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
18.10.10.1.1 (BL) Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 BitLocker
18.10.10.1.1 (BL) Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker
18.10.10.1.1 (BL) Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker
18.10.10.1.2 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker
18.10.10.1.2 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 BitLocker
18.10.10.1.2 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker
18.10.10.1.3 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Allow data recovery agent' is set to 'Enabled: True'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker
18.10.10.1.3 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Allow data recovery agent' is set to 'Enabled: True'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker
18.10.10.1.3 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Allow data recovery agent' is set to 'Enabled: True'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 BitLocker
18.10.10.1.4 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Password' is set to 'Enabled: Allow 48-digit recovery password' or higher	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 BitLocker
18.10.10.1.4 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Password' is set to 'Enabled: Allow 48-digit recovery password' or higher	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker
18.10.10.1.4 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Password' is set to 'Enabled: Allow 48-digit recovery password' or higher	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker
18.10.10.1.5 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key' or higher	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker
18.10.10.1.5 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key' or higher	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker
18.10.10.1.5 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key' or higher	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 BitLocker
18.10.10.1.6 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 BitLocker
18.10.10.1.6 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker
18.10.10.1.6 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker
18.10.10.1.7 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Save BitLocker recovery information to AD DS for fixed data drives' is set to 'Enabled: False'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker
18.10.10.1.7 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Save BitLocker recovery information to AD DS for fixed data drives' is set to 'Enabled: False'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 BitLocker
18.10.10.1.7 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Save BitLocker recovery information to AD DS for fixed data drives' is set to 'Enabled: False'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker
18.10.10.1.8 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Configure storage of BitLocker recovery information to AD DS' is set to 'Enabled: Backup recovery passwords and key packages'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker
18.10.10.1.8 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Configure storage of BitLocker recovery information to AD DS' is set to 'Enabled: Backup recovery passwords and key packages'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker
18.10.10.1.8 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Configure storage of BitLocker recovery information to AD DS' is set to 'Enabled: Backup recovery passwords and key packages'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 BitLocker
18.10.10.1.9 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives' is set to 'Enabled: False'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker
18.10.10.1.9 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives' is set to 'Enabled: False'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker
18.10.10.1.9 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives' is set to 'Enabled: False'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 BitLocker
18.10.10.1.10 (BL) Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Disabled'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker
18.10.10.1.10 (BL) Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Disabled'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 BitLocker
18.10.10.1.10 (BL) Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Disabled'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker
18.10.10.1.11 (BL) Ensure 'Configure use of passwords for fixed data drives' is set to 'Disabled'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker
18.10.10.1.11 (BL) Ensure 'Configure use of passwords for fixed data drives' is set to 'Disabled'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 BitLocker
18.10.10.1.11 (BL) Ensure 'Configure use of passwords for fixed data drives' is set to 'Disabled'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker
18.10.10.2.3 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 BitLocker
18.10.10.2.3 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker
18.10.10.2.10 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for operating system drives' is set to 'Enabled: True'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 BitLocker
18.10.10.2.10 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for operating system drives' is set to 'Enabled: True'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker
18.10.10.2.10 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for operating system drives' is set to 'Enabled: True'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker
18.10.10.2.11 (BL) Ensure 'Configure use of hardware-based encryption for operating system drives' is set to 'Disabled'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker
18.10.10.2.11 (BL) Ensure 'Configure use of hardware-based encryption for operating system drives' is set to 'Disabled'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker
18.10.10.2.11 (BL) Ensure 'Configure use of hardware-based encryption for operating system drives' is set to 'Disabled'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 BitLocker
18.10.10.2.12 (BL) Ensure 'Configure use of passwords for operating system drives' is set to 'Disabled'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 BitLocker
18.10.10.2.12 (BL) Ensure 'Configure use of passwords for operating system drives' is set to 'Disabled'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker
18.10.10.2.12 (BL) Ensure 'Configure use of passwords for operating system drives' is set to 'Disabled'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker
18.10.10.2.13 (BL) Ensure 'Require additional authentication at startup' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 BitLocker
18.10.10.2.13 (BL) Ensure 'Require additional authentication at startup' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker
18.10.10.2.13 (BL) Ensure 'Require additional authentication at startup' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker
18.10.10.2.14 (BL) Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 BitLocker
18.10.10.2.14 (BL) Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker
18.10.10.2.14 (BL) Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker

Detections

Analytics

CSCv7|13.6

Title

Description

Reference Item Details

Audit Items