Compliance: BitLocker should be configured in FIPS mode

330f6517-5c88-4086-b456-d3026307c001

The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government standard. FIPS is based on Section 5131 of the Information Technology Management Reform Act of 1996. It defines the minimum security requirements for cryptographic modules in IT products.

To be compliant to 140-2, NIST 800-171, and CMMC FIPS mode for BitLocker must be enabled.

https://docs.microsoft.com/en-us/windows/security/threat-protection/fips-140-validation

Remediation

Enable FIPS operation mode for BitLocker.

Option 1: Local Security Policy
From Computer Configuration / Windows Settings / Security Settings / Local Policies / Security Options:
Set System Cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing to be Enabled

Option 2: Domain Group Policy
Open Group Policy Management
Choose one of the following options:
To use an existing GPO to configure the necessary setting, link the _Campus-NIST800-171-FIPS-Compliant-BitLocker GPO to the OU where the computers in question reside.
Otherwise: Locate an existing GPO or create a new GPO, right-click it, and then select Edit
When the Group Policy Management Editor opens, navigate to Policies => Windows Settings => Security Settings => Local Policies => Security Options
Locate System Cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing and open it

https://cui.gatech.edu/3-13-11-bitlocker-setup/



nist800-171
fips140-2
compliance
cmmc-l3
server
desktop