CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark

First page Previous page 1264 Next page Last page

Control

Set Correctly Yes No

18.9.11.2.12

(BL) Ensure 'Configure use of hardware-based encryption for operating system drives: Use BitLocker software-based encryption when hardware encryption is not available' is set to 'Enabled: True' (Scored)   (BL) Ensure 'Configure use of hardware-based encryption for operating system drives: Restrict encryption algorithms and cipher suites allowed for hardware-based encryption' is set to 'Enabled: False' (Scored)   (BL) Ensure 'Configure use of hardware-based encryption for operating system drives: Restrict crypto algorithms or cipher suites to the following:' is set to 'Enabled: 2.16.840.1.101.3.4.1.2;2.16.840.1.101.3.4.1.42' (Scored) (BL) Ensure 'Configure use of passwords for operating system drives' is set to 'Disabled' (Scored) (BL) Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False' (Scored) (BL) Ensure 'Require additional authentication at startup: Configure TPM startup:' is set to 'Enabled: Do not allow TPM' (Scored) (BL) Ensure 'Require additional authentication at startup: Configure TPM startup PIN:' is set to 'Enabled: Require startup PIN with TPM' (Scored) (BL) Ensure 'Require additional authentication at startup: Configure TPM startup key:' is set to 'Enabled: Do not allow startup key with TPM' (Scored) (BL) Ensure 'Require additional authentication at startup: Configure TPM startup key and PIN:' is set to 'Enabled: Do not allow startup key and PIN with TPM' (Scored) (BL) Ensure 'Require additional authentication at startup' is set to 'Enabled' (Scored)             (BL) Ensure 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' is set to 'Disabled' (Scored)       Removable Data Drives

18.9.11.2.13

18.9.11.2.14

18.9.11.2.15

18.9.11.2.16

18.9.11.2.17

18.9.11.2.18

18.9.11.2.19

18.9.11.2.20

18.9.11.2.21

18.9.11.3 18.9.11.3.1

18.9.11.3.2

(BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered' is set to 'Enabled' (Scored)

18.9.11.3.3

(BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Allow data recovery agent' is set to 'Enabled: True' (Scored)  

1263 | P a g e

Made with FlippingBook - Online magazine maker