CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark

First page Previous page 1262 Next page Last page

Control

Set Correctly Yes No

18.9.11.1.3

(BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Allow data recovery agent' is set to 'Enabled: True' (Scored) (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Password' is set to 'Enabled: Allow 48-digit recovery password' (Scored) (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key' (Scored) (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Save BitLocker recovery information to AD DS for fixed data drives' is set to 'Enabled: False' (Scored) (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Configure storage of BitLocker recovery information to AD DS' is set to 'Enabled: Backup recovery passwords and key packages' (Scored) (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True' (Scored)       (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives' is set to 'Enabled: False' (Scored)        

18.9.11.1.4

18.9.11.1.5

18.9.11.1.6

18.9.11.1.7

18.9.11.1.8

18.9.11.1.9

18.9.11.1.10

(BL) Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Enabled' (Scored)



18.9.11.1.11

(BL) Ensure 'Configure use of hardware-based encryption for fixed data drives: Use BitLocker software-based encryption when hardware encryption is not available' is set to 'Enabled: True' (Scored)  

18.9.11.1.12

(BL) Ensure 'Configure use of hardware-based encryption for fixed data drives: Restrict encryption algorithms and cipher suites allowed for hardware-based encryption' is set to 'Enabled: False' (Scored) (BL) Ensure 'Configure use of hardware-based encryption for fixed data drives: Restrict crypto algorithms or cipher suites to the following:' is set to 'Enabled: 2.16.840.1.101.3.4.1.2;2.16.840.1.101.3.4.1.42' (Scored) (BL) Ensure 'Configure use of passwords for fixed data drives' is set to 'Disabled' (Scored)



18.9.11.1.13



18.9.11.1.14



1261 | P a g e

Made with FlippingBook - Online magazine maker