Compliance: BitLocker should use AES 256 encryption

77de846e-473b-4c4d-8d70-85d27342fc45

Some compliance requirements may require that AES 256 bit encryption is used for BitLocker.

Remediation

Use Group Policy to set a specific encryption method in BitLocker

Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption

PCI DSS v3.2: 2.3
PCI DSS v4.0: 2.2.7 (3.6.1.1, 3.6.1.2, 3.7.3)
CIS CSC v8: 4.6, 12.3
NIST Privacy Framework: PR.DS-P2
CMMC V2: SC.L2-3.13.11