Enable EFS File System Encryption at Rest Rule
This rule ensures encryption of EFS file system data at rest for increased security.
| Rule | EFS file system encryption at rest should be enabled |
| Framework | NIST 800-53 Revision 5 |
| Severity | ✔ High |
Rule Description
The rule states that the EFS (Encrypting File System) file system encryption at rest should be enabled to comply with the security requirements defined by the NIST (National Institute of Standards and Technology) Special Publication 800-53, Revision 5.
Enabling EFS file system encryption at rest ensures that sensitive data stored on the file system is protected from unauthorized access. This helps organizations meet the security controls and safeguards recommended by NIST 800-53 Revision 5.
Troubleshooting Steps (if applicable)
- 1.Verify EFS feature availability: Ensure that the Windows operating system version being used supports the EFS encryption feature. Certain editions or versions may not have this feature available.
- 2.Verify EFS certificate availability: Check if the necessary EFS certificates are installed and accessible on the system. Without the appropriate certificates, encryption at rest cannot be enabled.
- 3.Inspect file and folder properties: Review the properties of files and folders to determine if encryption is already enabled or if any encryption errors are present. Correct any errors found during the inspection.
Necessary Code (if applicable)
There are no specific codes associated with enabling EFS file system encryption at rest as it is a built-in feature provided by Windows operating systems. However, administrative privileges may be required to access certain features and settings.
Step-by-Step Guide for Remediation
- 1.
Determine EFS feature availability:
- Open the "Control Panel" in Windows.
- Navigate to "Programs" and click on "Programs and Features."
- Look for "File and Folder Encryption" or similar keywords to check if EFS is available. If not, consider upgrading the Windows edition or using alternative encryption methods.
- 2.
Verify EFS certificate availability:
- Open the "Certificate Manager" in Windows.
- Under "Personal" or "My Certificates," check if an EFS certificate is present. If not, obtain a valid EFS certificate from a trusted certification authority (CA) and import it into the certificate store.
- 3.
Enable EFS encryption for a file or folder:
- Right-click on the file or folder to encrypt.
- Select "Properties" from the context menu.
- In the "General" tab, click on the "Advanced" button.
- Check the box next to "Encrypt contents to secure data" and click "OK" to save the changes.
- If prompted, choose whether to encrypt only the file/folder or also the subfolders and files contained within.
- 4.
Verify encryption:
- After enabling encryption, the file or folder name should turn green, indicating successful encryption.
- Attempt to open the file or folder to ensure that the appropriate decryption key is available and that the contents are accessible.
- If any errors occur during the encryption or decryption process, troubleshoot and resolve the issue based on the error message or consult the appropriate resources.
Note:
Encrypting the file system at rest using EFS is just one aspect of overall data protection, ensuring that access controls, strong authentication, and other security measures are also in place as recommended by NIST 800-53 Revision 5.