From Windows 10 Security Technical Implementation Guide
Part of WN10-00-000030
Associated with: CCI-001199 CCI-002475 CCI-002476
If data at rest is unencrypted, it is vulnerable to disclosure. Even if the operating system enforces permissions on data access, an adversary can remove non-volatile memory and read it directly, thereby circumventing operating system controls. Encrypting the data ensures that confidentiality is protected even when the operating system is not running.
Verify mobile systems such as laptops and tablets employ DoD-approved full disk encryption. The method will vary depending on the package used. If full disk encryption is not implemented, this is a finding. If BitLocker is used, verify it is turned on for the operating system drive and any fixed data drives. Open "BitLocker Drive Encryption" from the Control Panel. If the operating system drive or any fixed data drives have "Turn on BitLocker", this is a finding.
Enable full disk encryption on mobile systems such as laptops and tablets using an approved DoD encryption package. If BitLocker, included in Windows, is used it can be enabled in the Control Panel under "BitLocker Drive Encryption" as well as other management tools.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer