Ensure EFS File System Encryption at Rest Rule
This rule ensures that EFS file system encryption at rest is enabled for data protection.
| Rule | EFS file system encryption at rest should be enabled |
| Framework | NIST 800-53 Revision 5 |
| Severity | ✔ High |
Rule Description:
EFS file system encryption at rest should be enabled for NIST 800-53 Revision 5 is a security rule that ensures the encryption of files stored in the EFS (Encrypting File System) on a Windows operating system. It specifically aligns with the requirements set in the NIST (National Institute of Standards and Technology) 800-53 Revision 5 guidelines for data encryption.
EFS provides the capability to encrypt individual files, folders, or entire directory trees on NTFS (New Technology File System) volumes. By enabling EFS encryption, sensitive data stored in files is protected at rest from unauthorized access.
Troubleshooting Steps:
- 1.
Validate EFS Availability: Ensure that the Windows operating system supports EFS encryption. EFS is available on Professional, Enterprise, and Ultimate editions of Windows, not on Home editions.
- 2.
Check EFS Compatibility: Verify that your file system is formatted with NTFS. EFS encryption works only on NTFS volumes.
- 3.
Check User Permissions: Ensure that the user attempting to enable EFS encryption has the necessary permissions to encrypt files. The user should have the "Encrypting File System" certificate and the required permission to the target file or folder.
- 4.
Verify EFS Group Policy: Check the Group Policy settings on your Windows machine to ensure that EFS is not disabled or restricted. You can access Group Policy Editor by running "gpedit.msc" from the Run dialog (Win + R) and navigate to Computer Configuration > Windows Settings > Security Settings > Public Key Policies > Encrypting File System.
- 5.
Test EFS Encryption: Encrypt a sample file or folder to verify that EFS encryption is functioning correctly. Attempt to access the encrypted file or folder with a different user account to ensure that it remains inaccessible.
Necessary Codes:
No specific codes are required for this rule. However, you might need to utilize Group Policy settings or perform command-line operations for certain troubleshooting steps.
Remediation Steps:
- 1.
Verify EFS Compatibility:
- Open File Explorer, right-click on the drive or folder where EFS encryption is required, and select "Properties".
- In the "General" tab, ensure that the "File System" is listed as "NTFS". If not, convert the file system to NTFS.
- Note: Converting the file system may require you to back up your data and perform specific operations. Ensure you have a backup before proceeding and consult Windows documentation for detailed instructions.
- 2.
Enable EFS Encryption:
- Navigate to the target file or folder that needs to be encrypted using EFS.
- Right-click on the file or folder and select "Properties".
- In the "General" tab, click on the "Advanced" button.
- Check the box that says "Encrypt contents to secure data" and click "OK".
- Click "Apply" and "OK" to enable EFS encryption for the selected file or folder.
- 3.
Test EFS Encryption:
- Access the encrypted file or folder using a different user account or an account without the necessary permissions.
- Verify that the file or folder is inaccessible and prompts for decryption or denies access.
- 4.
Group Policy Configuration (if needed):
- Open the Group Policy Editor by running "gpedit.msc" from the Run dialog (Win + R).
- Navigate to Computer Configuration > Windows Settings > Security Settings > Public Key Policies > Encrypting File System.
- Ensure that the policy is set to "Enabled" or "Not Configured" to allow EFS encryption.
- Make any necessary changes and close the Group Policy Editor.
By following these steps, EFS file system encryption at rest can be enabled for NIST 800-53 Revision 5 compliance. Remember to test the encryption and ensure that all necessary permissions and settings are applied correctly.