Compliance: BitLocker should use AES 256 encryption


Some compliance requirements may require that AES 256-bit encryption is used for BitLocker.


Use Group Policy to set a specific encryption method in BitLocker

Computer Configuration
|_ Administrative Templates
|_ Windows Components
|_ BitLocker Drive Encryption
|_Choose drive encryption method and cipher strength set to "Enabled" and Select: AES 256-bit

More Information:

PCI DSS v3.2: 2.3
PCI DSS v4.0: 2.2.7 (,, 3.7.3)
CIS CSC v8: 4.6, 12.3
NIST Privacy Framework: PR.DS-P2
CMMC V2: SC.L2-3.13.11