[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-36837-3

Platform: cpe:/o:microsoft:windows_server_2012::r2Date: (C)2015-10-08   (M)2023-07-04



Configure use of hardware-based encryption for operating system drives This policy setting allows you to manage BitLocker?s use of hardware-based encryption on operating system drives and specify which encryption algorithms it can use with hardware-based encryption. Using hardware-based encryption can improve performance of drive operations that involve frequent reading or writing of data to the drive. If you enable this policy setting, you can specify additional options that control whether BitLocker software-based encryption is used instead of hardware-based encryption on computers that do not support hardware-based encryption and whether you want to restrict the encryption algorithms and cipher suites used with hardware-based encryption. If you disable this policy setting, BitLocker cannot use hardware-based encryption with operating system drives and BitLocker software-based encryption will be used by default when the drive is encrypted. If you do not configure this policy setting, BitLocker will use hardware-based encryption with the encryption algorithm set for the drive. If hardware-based encryption is not available BitLocker software-based encryption will be used instead. Note: The ?Choose drive encryption method and cipher strength? policy setting does not apply to hardware-based encryption. The encryption algorithm used by hardware-based encryption is set when the drive is partitioned. By default, BitLocker uses the algorithm configured on the drive to encrypt the drive. The ?Restrict encryption algorithms and cipher suites allowed for hardware-based encryption? option enables you to restrict the encryption algorithms that BitLocker can use with hardware encryption. If the algorithm set for the drive is not available, BitLocker will disable the use of hardware-based encryption. Encryption algorithms are specified by object identifiers (OID). For example: - AES 128 in CBC mode OID: 2.16.840.1.101.3.4.1.2 - AES 256 in CBC mode OID: 2.16.840.1.101.3.4.1.42


Parameter:

[enable/disable]


Technical Mechanism:

(1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsBitLocker Drive EncryptionOperating System Drives!Configure use of hardware-based encryption for operating system drives (2) REG: HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftFVE!OSHardwareEncryption

CCSS Severity:CCSS Metrics:
CCSS Score : 2.4Attack Vector: PHYSICAL
Exploit Score: 0.9Attack Complexity: LOW
Impact Score: 1.4Privileges Required: NONE
Severity: LOWUser Interaction: NONE
Vector: AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LScope: UNCHANGED
 Confidentiality: NONE
 Integrity: NONE
 Availability: LOW
  

References:
Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:27658


OVAL    1
oval:org.secpod.oval:def:27658
XCCDF    3
xccdf_org.secpod_benchmark_HIPAA_45CFR_164_Windows_Server_2012_R2
xccdf_org.secpod_benchmark_PCI_3_2_Windows_Server_2012_R2
xccdf_org.secpod_benchmark_general_Windows_2012_R2

© SecPod Technologies