question

HareMike-4225 avatar image
0 Votes"
HareMike-4225 asked JennyFeng-MSFT commented

FIPS Compliance with Already Encrypted Drives

We have Windows 10 systems already encrypted with BitLocker. I want to get them FIPS compliant. I know I have to set the security policy "System cryptography: Use FIPS compliant algorithms for encryption, hashing and signing." Once that is set, what do I need to do to get these systems FIPS compliant? Do I need to decrypt and re-encrypt them or is there a method to get these systems compliant without having to go through decryption?

windows-10-security
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@HareMike-4225
Hi,

Just checking in to see if the information provided was helpful.

If the reply helped you, please remember to accept as answer.
If no, please reply and tell us the current situation in order to provide further help.

0 Votes 0 ·

1 Answer

JennyFeng-MSFT avatar image
0 Votes"
JennyFeng-MSFT answered

@HareMike-4225
Hi,
I'm afraid you need to decrypt and re-encrypt them.
BitLocker is FIPS-validated, but it requires a setting before encryption that ensures that the encryption meets the standards set forth by FIPS 140-2.

-Open Local Security Policy as administrator
-Navigate to Local Policies => Security Options
-Set System Cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing to be Enabled
-Then, encrypt the machine using BitLocker

According to this article you will only have to decrypt if your changing the method BitLocker recovery.
https://docs.microsoft.com/zh-cn/archive/blogs/askcore/how-to-make-your-existing-bitlocker-encrypted-environment-fips-complaint
Hope above information can help you.

============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.