Configure minimum PIN length for startupID: oval:org.secpod.oval:def:19210 | Date: (C)2014-05-29 (M)2023-07-14 |
Class: COMPLIANCE | Family: windows |
The Configure minimum PIN length for startup machine setting should be configured correctly.
This policy setting allows you to configure a minimum length for a Trusted Platform Module (TPM) startup PIN. This policy setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of 4 digits and can have a maximum length of 20 digits. If you enable this policy setting, you can require a minimum number of digits to be used when setting the startup PIN. If you disable or do not configure this policy setting, users can configure a startup PIN of any length between 4 and 20 digits.
Fix:
(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\Configure minimum PIN length for startup
(2) KEY: HKLM\Software\Policies\Microsoft\FVE\MinimumPIN
Platform: |
Microsoft Windows Server 2008 R2 |