EFS File System Encryption at Rest Rule
This rule requires enabling encryption at rest for EFS file system data to ensure security.
| Rule | EFS file system encryption at rest should be enabled |
| Framework | RBI Cyber Security Framework |
| Severity | ✔ High |
EFS File System Encryption at Rest
Rule Description
The EFS File System Encryption at Rest rule is a security requirement mandated by the RBI (Reserve Bank of India) Cyber Security Framework. This rule states that all files and folders stored on the EFS (Encrypting File System) should be encrypted at rest to ensure data confidentiality and protection against unauthorized access.
Troubleshooting Steps
If the EFS file system encryption at rest is not enabled or encounters any issues, the following troubleshooting steps can be followed:
- 1.
Verify EFS Status: Check if EFS is enabled on the targeted file system. Use the following command:
icacls <path_to_file>This command will display the current EFS status of the file.
- 2.
Permissions Check: Verify that the account attempting to access the file has the appropriate permissions to access EFS-encrypted files. Use the following command:
icacls <path_to_file>Ensure that the account has the necessary permissions.
- 3.
EFS Certificate Check: Ensure that the EFS certificate used for encryption is valid and has not expired. Use the following command to check the certificate:
certutil -user -store MyThis command will display the installed certificates. Verify the validity of the EFS certificate.
Remediation Steps
To enable EFS file system encryption at rest and ensure compliance with the RBI Cyber Security Framework, follow these steps:
- 1.
Identify Target Files/Folders: Determine the files and folders that require encryption using EFS. Make a list of these files and their respective paths.
- 2.
Enable EFS Encryption: Right-click on the file or folder to be encrypted and select "Properties". In the "General" tab, click on the "Advanced" button. Check the "Encrypt contents to secure data" option and click "OK" to enable EFS encryption.
- 3.
Verify Encryption Status: To confirm successful encryption, check the file or folder properties again. The "General" tab should display the message "Encrypting file system".
- 4.
Encrypt Existing Files: If there are existing files on the EFS file system that need encryption, you can use the command line interface (CLI) to encrypt them in bulk. Open a Command Prompt window and use the following command:
cipher /e /s:<path_to_folder>Replace
with the actual path of the folder that contains the files to be encrypted.<path_to_folder> - 5.
Update Group Policy (for Domain Environments): For domain environments, you may need to update the Group Policy settings to enforce EFS encryption at rest. Consult with your system administrator or IT department to apply the necessary Group Policy changes.
- 6.
Periodic Data Backup: Implement regular data backup procedures to ensure the safety of encrypted files. This will help in case of any unforeseen events or data loss scenarios.
Additional Notes/Codes
If you need to decrypt an EFS-encrypted file, right-click on the file, select "Properties", click on the "Advanced" button, uncheck the "Encrypt contents to secure data" option, and click "OK".
To revoke access to an EFS-encrypted file, remove the user's access permissions from the file/folder's Security tab.
It is recommended to monitor the EFS certificate expiration date and renew it as necessary.
Note: Please ensure that you have an eligible EFS certificate, and consult with an IT professional or refer to official documentation for specific implementation details as per your environment and requirements.
Remember to follow the RBI Cyber Security Framework guidelines in order to maintain compliance.