1.2.4.2.2.11 Set 'Do not enable BitLocker until recovery information is stored to AD DS for operating system drives' to 'True'

Information

This policy setting allows you to control how BitLocker-protected operating system drives are recovered in the absence
of the required startup key information.

Solution

Make sure 'Do not enable BitLocker until recovery information is stored to AD DS for operating system drives' is set to 'True'

See Also

https://workbench.cisecurity.org/files/17

Item Details

Category: CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|CP-10(6), 800-53|SC-28(1), CSCv6|10.3, CSCv6|13.2

Plugin: Windows

Control ID: 99ae21a9091d91d929bd8f4f679ec8e9ba651ee2eabeaa23acb6cfb37a971dea