Rule: EFS File System Encryption at Rest Should Be Enabled
This rule specifies that EFS file system encryption at rest must be activated to ensure data security.
| Rule | EFS file system encryption at rest should be enabled |
| Framework | NIST 800-171 Revision 2 |
| Severity | ✔ High |
Rule Description
EFS (Encrypting File System) is a feature in Microsoft Windows that provides file encryption on NTFS volumes. Enabling EFS file system encryption at rest helps meet the requirements of NIST 800-171 Revision 2. This rule ensures that EFS encryption is enabled on supported Windows systems to protect data stored on the local file system from unauthorized access.
Troubleshooting Steps
- 1.
Verify EFS support: Ensure that the Windows version being used supports EFS file encryption. EFS is available on Windows 10 Professional, Enterprise, and Education editions, as well as on Windows Server operating systems.
- 2.
Verify Encryption Settings: Verify the local group policy settings to determine if EFS encryption is already enabled. Run the following command in Command Prompt or PowerShell:
gpedit.mscNavigate to "Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options" and look for the policy "System cryptography: Use system encryption for file data." If the policy is not set or disabled, EFS encryption needs to be enabled.
- 3.
Enable EFS Encryption: To enable EFS encryption, follow these steps:
- Open the Group Policy Editor by running the command
.gpedit.msc - Navigate to "Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options."
- Locate the policy "System cryptography: Use system encryption for file data" and double-click on it.
- Select the checkbox "Enabled" and click "Apply" and then "OK."
- 4.
Verify EFS Encryption: After enabling EFS encryption, verify if it is applied correctly:
- Create a test file on a local drive.
- Right-click on the file, select "Properties," and go to the "General" tab.
- Click on the "Advanced" button and ensure that the "Encrypt contents to secure data" checkbox is selected.
- Click "OK" to save the changes.
Necessary Codes
No specific codes are required for this rule, as it involves modifying group policy settings using the Group Policy Editor.
Step-by-Step Guide for Remediation
- 1.
Press the Windows key + R to open the Run dialog box.
- 2.
Type
and press Enter to open the Group Policy Editor.gpedit.msc - 3.
In the Group Policy Editor, navigate to "Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options."
- 4.
Locate the policy "System cryptography: Use system encryption for file data" in the list of policies.
- 5.
Double-click on the policy to open its properties.
- 6.
Select the checkbox "Enabled."
- 7.
Click "Apply" and then "OK" to save the changes.
- 8.
Close the Group Policy Editor.
- 9.
Verify that EFS encryption is enabled by creating a test file on a local drive.
- 10.
Right-click on the file, select "Properties," and go to the "General" tab.
- 11.
Click on the "Advanced" button and ensure that the "Encrypt contents to secure data" checkbox is selected.
- 12.
Click "OK" to save the changes.
EFS file system encryption at rest is now enabled on the system, meeting the requirements of NIST 800-171 Revision 2.