800-53|CP-10(6)

Title

COMPONENT PROTECTION

Description

The organization protects backup and restoration hardware, firmware, and software.

Supplemental

Protection of backup and restoration hardware, firmware, and software components includes both physical and technical safeguards. Backup and restoration software includes, for example, router tables, compilers, and other security-relevant system software.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: AC-3,AC-6,PE-3

Category: CONTINGENCY PLANNING

Parent Title: INFORMATION SYSTEM RECOVERY AND RECONSTITUTION

Family: CONTINGENCY PLANNING

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.2.4.2.1.3 Set 'Configure use of passwords for fixed data drives' to 'Disabled'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.2.1.4 Set 'Recovery Key' to 'Allow 256-bit recovery key'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.2.1.5 Set 'Recovery Password' to 'Allow 48-digit recovery password'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.2.1.9 Set 'Allow data recovery agent' to 'True'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.2.1.10 Set 'Choose how BitLocker-protected fixed drives can be recovered' to 'Enabled'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.2.1.11 Set 'Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives' to 'False'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.2.1.12 Set 'Configure storage of BitLocker recovery information to AD DS:' to 'Backup recovery passwords and key packages'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.2.1.13 Set 'Save BitLocker recovery information to AD DS for fixed data drives' to 'False'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.2.1.14 Set 'Omit recovery options from the BitLocker setup wizard' to 'True'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.2.2.4 Set 'Recovery Key' to 'Do not allow 256-bit recovery key'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.2.2.5 Set 'Recovery Password' to 'Require 48-digit recovery password'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.2.2.9 Set 'Allow data recovery agent' to 'False'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.2.2.10 Set 'Choose how BitLocker-protected operating system drives can be recovered' to 'Enabled'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.2.2.11 Set 'Do not enable BitLocker until recovery information is stored to AD DS for operating system drives' to 'True'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.2.2.12 Set 'Configure storage of BitLocker recovery information to AD DS:' to 'Store recovery passwords and key packages'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.2.2.13 Set 'Save BitLocker recovery information to AD DS for operating system drives' to 'True'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.2.2.14 Set 'Omit recovery options from the BitLocker setup wizard' to 'True'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.2.3.3 Set 'Configure use of passwords for removable data drives' to 'Disabled'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.2.3.4 Set 'Recovery Key' to 'Do not allow 256-bit recovery key'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.2.3.5 Set 'Recovery Password' to 'Do not allow 48-digit recovery password'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.2.3.9 Set 'Allow data recovery agent' to 'True'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.2.3.10 Set 'Choose how BitLocker-protected removable drives can be recovered' to 'Enabled'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.2.3.11 Set 'Do not enable BitLocker until recovery information is stored to AD DS for removable data drives' to 'False'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.2.3.12 Set 'Configure storage of BitLocker recovery information to AD DS:' to 'Backup recovery passwords and key packages'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.2.3.14 Set 'Omit recovery options from the BitLocker setup wizard' to 'True'	Windows	CIS Windows 8 L1 v1.0.0
18.9.11.1.2 Ensure 'Choose how BitLocker-protected fixed drives can be recovered' is set to 'Enabled'	Windows	CIS Windows 7 Workstation Bitlocker v3.2.0
18.9.11.1.2 Ensure 'Choose how BitLocker-protected fixed drives can be recovered' is set to 'Enabled'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.11.1.2 Ensure 'Choose how BitLocker-protected fixed drives can be recovered' is set to 'Enabled'	Windows	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.9.11.1.3 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Allow data recovery agent' is set to 'Enabled: True'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.11.1.3 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Allow data recovery agent' is set to 'Enabled: True'	Windows	CIS Windows 7 Workstation Bitlocker v3.2.0
18.9.11.1.3 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Allow data recovery agent' is set to 'Enabled: True'	Windows	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.9.11.1.4 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Password' is set to 'Enabled: Allow 48-digit recovery password'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.11.1.4 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Password' is set to 'Enabled: Allow 48-digit recovery password'	Windows	CIS Windows 7 Workstation Bitlocker v3.2.0
18.9.11.1.4 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Password' is set to 'Enabled: Allow 48-digit recovery password'	Windows	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.9.11.1.5 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key'	Windows	CIS Windows 7 Workstation Bitlocker v3.2.0
18.9.11.1.5 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key'	Windows	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.9.11.1.5 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.11.1.6 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.11.1.6 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True'	Windows	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.9.11.1.6 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True'	Windows	CIS Windows 7 Workstation Bitlocker v3.2.0
18.9.11.1.7 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Save BitLocker recovery information to AD DS for fixed data drives' is set to 'Enabled: False'	Windows	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.9.11.1.7 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Save BitLocker recovery information to AD DS for fixed data drives' is set to 'Enabled: False'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.11.1.7 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Save BitLocker recovery information to AD DS for fixed data drives' is set to 'Enabled: False'	Windows	CIS Windows 7 Workstation Bitlocker v3.2.0
18.9.11.1.8 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Configure storage of BitLocker recovery information to AD DS' is set to 'Enabled: Backup recovery passwords and key packages'	Windows	CIS Windows 7 Workstation Bitlocker v3.2.0
18.9.11.1.8 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Configure storage of BitLocker recovery information to AD DS' is set to 'Enabled: Backup recovery passwords and key packages'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.11.1.8 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Configure storage of BitLocker recovery information to AD DS' is set to 'Enabled: Backup recovery passwords and key packages'	Windows	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.9.11.1.9 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives' is set to 'Enabled: False'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.11.1.10 Ensure 'Configure use of passwords for fixed data drives' is set to 'Disabled'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.11.1.10 Ensure 'Configure use of passwords for fixed data drives' is set to 'Disabled'	Windows	CIS Windows 7 Workstation Bitlocker v3.2.0
18.9.11.1.10 Ensure 'Configure use of passwords for fixed data drives' is set to 'Disabled'	Windows	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0

Detections

Analytics