Cloud Defense Logo

Products

Solutions

Company

Rule: EFS File System Encryption at Rest Should Be Enabled

This rule specifies that EFS file system encryption at rest must be activated to ensure data security.

RuleEFS file system encryption at rest should be enabled
FrameworkNIST 800-171 Revision 2
Severity
High

Rule Description

EFS (Encrypting File System) is a feature in Microsoft Windows that provides file encryption on NTFS volumes. Enabling EFS file system encryption at rest helps meet the requirements of NIST 800-171 Revision 2. This rule ensures that EFS encryption is enabled on supported Windows systems to protect data stored on the local file system from unauthorized access.

Troubleshooting Steps

  1. 1.

    Verify EFS support: Ensure that the Windows version being used supports EFS file encryption. EFS is available on Windows 10 Professional, Enterprise, and Education editions, as well as on Windows Server operating systems.

  2. 2.

    Verify Encryption Settings: Verify the local group policy settings to determine if EFS encryption is already enabled. Run the following command in Command Prompt or PowerShell:

    gpedit.msc
    

    Navigate to "Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options" and look for the policy "System cryptography: Use system encryption for file data." If the policy is not set or disabled, EFS encryption needs to be enabled.

  3. 3.

    Enable EFS Encryption: To enable EFS encryption, follow these steps:

    • Open the Group Policy Editor by running the command
      gpedit.msc
      .
    • Navigate to "Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options."
    • Locate the policy "System cryptography: Use system encryption for file data" and double-click on it.
    • Select the checkbox "Enabled" and click "Apply" and then "OK."
  4. 4.

    Verify EFS Encryption: After enabling EFS encryption, verify if it is applied correctly:

    • Create a test file on a local drive.
    • Right-click on the file, select "Properties," and go to the "General" tab.
    • Click on the "Advanced" button and ensure that the "Encrypt contents to secure data" checkbox is selected.
    • Click "OK" to save the changes.

Necessary Codes

No specific codes are required for this rule, as it involves modifying group policy settings using the Group Policy Editor.

Step-by-Step Guide for Remediation

  1. 1.

    Press the Windows key + R to open the Run dialog box.

  2. 2.

    Type

    gpedit.msc
    and press Enter to open the Group Policy Editor.

  3. 3.

    In the Group Policy Editor, navigate to "Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options."

  4. 4.

    Locate the policy "System cryptography: Use system encryption for file data" in the list of policies.

  5. 5.

    Double-click on the policy to open its properties.

  6. 6.

    Select the checkbox "Enabled."

  7. 7.

    Click "Apply" and then "OK" to save the changes.

  8. 8.

    Close the Group Policy Editor.

  9. 9.

    Verify that EFS encryption is enabled by creating a test file on a local drive.

  10. 10.

    Right-click on the file, select "Properties," and go to the "General" tab.

  11. 11.

    Click on the "Advanced" button and ensure that the "Encrypt contents to secure data" checkbox is selected.

  12. 12.

    Click "OK" to save the changes.

EFS file system encryption at rest is now enabled on the system, meeting the requirements of NIST 800-171 Revision 2.

Is your System Free of Underlying Vulnerabilities?
Find Out Now