UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Windows 10 systems must use a BitLocker PIN with a minimum length of 6 digits for pre-boot authentication.


Overview

Finding ID Version Rule ID IA Controls Severity
V-94861 WN10-00-000032 SV-104691r1_rule Medium
Description
If data at rest is unencrypted, it is vulnerable to disclosure. Even if the operating system enforces permissions on data access, an adversary can remove non-volatile memory and read it directly, thereby circumventing operating system controls. Encrypting the data ensures that confidentiality is protected even when the operating system is not running. Pre-boot authentication prevents unauthorized users from accessing encrypted drives. Increasing the pin length requires a greater number of guesses for an attacker.
STIG Date
Windows 10 Security Technical Implementation Guide 2019-09-25

Details

Check Text ( C-94057r1_chk )
If the following registry value does not exist or is not configured as specified, this is a finding.

Value Name: MinimumPIN
Type: REG_DWORD
Value: 0x00000006 (6) or greater
Fix Text (F-100985r1_fix)
Configure the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> BitLocker Drive Encryption >> Operating System Drives "Configure minimum PIN length for startup" to "Enabled" with "Minimum characters:" set to "6" or greater.