CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark

Default Value:

Disabled. (The default recovery options are supported for BitLocker recovery - a DRA is allowed, and the recovery options can be specified by the user including the recovery password and recovery key, and recovery information is not backed up to AD DS.)

References:

1. CCE-33101-7

CIS Controls:

Version 6

10.3 Properly Protect Backups Ensure that backups are properly protected via physical security or encryption when they are stored, as well as when they are moved across the network. This includes remote backups and cloud services. 13.2 Deploy Hard Drive Encryption Software Deploy approved hard drive encryption software to mobile devices and systems that hold sensitive data. 10.4 Ensure Protection of Backups Ensure that backups are properly protected via physical security or encryption when they are stored, as well as when they are moved across the network. This includes remote backups and cloud services. 13.6 Encrypt the Hard Drive of All Mobile Devices. Utilize approved whole disk encryption software to encrypt the hard drive of all mobile devices. Version 7

829 | P a g e