CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark

18.9.11 BitLocker DriveEncryption

This section contains recommendations for configuring BitLocker.

This Group Policy section is provided by the Group Policy template VolumeEncryption.admx/adml that is included with all versions of the Microsoft Windows Administrative Templates. 18.9.11.1 FixedDataDrives

This section contains recommendations for configuring Fixed Data Drives in BitLocker.

This Group Policy section is provided by the Group Policy template VolumeEncryption.admx/adml that is included with the Microsoft Windows 7 & Server 2008 R2 Administrative Templates (or newer). 18.9.11.1.1 (BL) Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled' (Scored)

ProfileApplicability:

 Level 1 (L1) + BitLocker (BL)

 Level 2 (L2) + BitLocker (BL)

 BitLocker (BL) - optional add-on for when BitLocker is deployed

Description:

This policy setting configures whether or not fixed data drives formatted with the FAT file system can be unlocked and viewed on computers running Windows Server 2008 (non- R2), Windows Vista, Windows XP with Service Pack 3 (SP3), or Windows XPwith Service Pack 2 (SP2) operating systems.

Note: This policy setting does not apply to drives that are formatted with the NTFS file system.

The recommended state for this setting is: Disabled .

778 | P a g e