CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark

First page Previous page 1265 Next page Last page

Control

Set Correctly Yes No

18.9.11.3.4

(BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Password' is set to 'Enabled: Do not allow 48-digit recovery password' (Scored)  

18.9.11.3.5

(BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key' (Scored) (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True' (Scored) (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Save BitLocker recovery information to AD DS for removable data drives' is set to 'Enabled: False' (Scored) (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Configure storage of BitLocker recovery information to AD DS:' is set to 'Enabled: Backup recovery passwords and key packages' (Scored) (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for removable data drives' is set to 'Enabled: False' (Scored) (BL) Ensure 'Configure use of hardware-based encryption for removable data drives' is set to 'Enabled' (Scored)

18.9.11.3.6

18.9.11.3.7

18.9.11.3.8

18.9.11.3.9

18.9.11.3.10

18.9.11.3.11

(BL) Ensure 'Configure use of hardware-based encryption for removable data drives: Use BitLocker software-based encryption when hardware encryption is not available' is set to 'Enabled: True' (Scored)   (BL) Ensure 'Configure use of hardware-based encryption for removable data drives: Restrict encryption algorithms and cipher suites allowed for hardware-based encryption' is set to 'Enabled: False' (Scored)  

18.9.11.3.12

18.9.11.3.13

(BL) Ensure 'Configure use of hardware-based encryption for removable data drives: Restrict crypto algorithms or cipher suites to the following:' is set to 'Enabled: 2.16.840.1.101.3.4.1.2;2.16.840.1.101.3.4.1.42' (Scored)

18.9.11.3.14

(BL) Ensure 'Configure use of passwords for removable data drives' is set to 'Disabled' (Scored)  

18.9.11.3.15

(BL) Ensure 'Configure use of smart cards on removable data drives' is set to 'Enabled' (Scored)

1264 | P a g e

Made with FlippingBook - Online magazine maker