Rule: EFS File System Encryption at Rest Should Be Enabled
This rule ensures encryption at rest for EFS file system to maintain data security.
| Rule | EFS file system encryption at rest should be enabled |
| Framework | GxP 21 CFR Part 11 |
| Severity | ✔ High |
Rule Description:
EFS (Encrypting File System) file system encryption at rest should be enabled for GxP (Good Practices) 21 CFR (Code of Federal Regulations) Part 11 compliance. This rule ensures that all files and data stored on the system are encrypted, providing an additional layer of security to protect sensitive information from unauthorized access.
Troubleshooting Steps:
If the EFS file system encryption at rest is not enabled for GxP compliance, follow these troubleshooting steps:
- 1.
Verify EFS Compatibility: Ensure that your operating system supports EFS file system encryption. EFS is available in Windows Professional, Enterprise, and Ultimate editions.
- 2.
Check EFS Configuration: Confirm that EFS encryption is not disabled or overridden through local or group policy settings. Ensure that the EFS service is running.
- 3.
Verify File/Folder Encryption: Check if the encryption attribute is enabled for the files and folders relevant to GxP compliance. Right-click on a file/folder, go to "Properties," and click on the "Advanced" button to check the encryption status.
- 4.
Check EFS Certificate: Ensure the presence of a valid EFS certificate. If the certificate is missing or expired, it can prevent proper encryption. You may need to renew or re-issue the certificate.
- 5.
Disk Space Availability: Ensure that there is sufficient disk space available for encrypting files. Lack of disk space can cause encryption failures.
- 6.
User Permissions: Verify that the user account attempting to enable EFS encryption has the necessary permissions. The user should have both read and write permissions on the files/folders to encrypt as well as the ability to manage EFS certificates.
- 7.
Data Backup: Before enabling EFS encryption, create a backup of all important files and folders. This will ensure data is not lost due to any unforeseen issues during the encryption process.
Necessary Codes:
There are no specific codes associated with enabling EFS file system encryption at rest for GxP compliance. The encryption process is primarily configured and managed through the Windows operating system interface.
Step-by-Step Guide for Remediation:
To enable EFS file system encryption at rest for GxP compliance, follow these step-by-step instructions:
- 1.
Identify the files and folders relevant for GxP compliance that require encryption.
- 2.
Right-click on a file or folder and select "Properties."
- 3.
In the "General" tab, click on the "Advanced" button.
- 4.
Check the box that says "Encrypt contents to secure data."
- 5.
Click "OK" to close the advanced attributes window.
- 6.
In the Confirm Attribute Changes dialog box, choose whether to encrypt only the file/folder or the file/folder and its subfolders.
- 7.
Click "OK" to start the encryption process. This may take a while depending on the size of the file/folder and the system performance.
- 8.
Repeat the above steps for all files and folders that require encryption for GxP compliance.
- 9.
Monitor the encryption process to ensure it completes successfully without any errors.
- 10.
After encryption, verify the encrypted status of files and folders by checking the encryption attribute as mentioned in the troubleshooting steps.
- 11.
Regularly review and audit EFS encryption settings to ensure ongoing compliance with GxP regulations.
Note: It is recommended to consult your organization's IT security or compliance team for any specific guidelines or processes related to EFS file system encryption for GxP compliance.