[Forgot Password]
Login  Register Subscribe

24002

 
 

127027

 
 

102010

 
 

909

 
 

81374

 
 

133

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-37061-9

Platform: win2012r2Date: (C)2015-10-08   (M)2018-01-30



Deny write access to removable drives not protected by BitLocker This policy setting configures whether BitLocker protection is required for a computer to be able to write data to a removable data drive. If you enable this policy setting, all removable data drives that are not BitLocker-protected will be mounted as read-only. If the drive is protected by BitLocker, it will be mounted with read and write access. If the 'Deny write access to devices configured in another organization' option is selected, only drives with identification fields matching the computer's identification fields will be given write access. When a removable data drive is accessed it will be checked for valid identification field and allowed identification fields. These fields are defined by the 'Provide the unique identifiers for your organization' policy setting. If you disable or do not configure this policy setting, all removable data drives on the computer will be mounted with read and write access.


Parameter:


Technical Mechanism: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives!Deny write access to removable drives not protected by BitLocker (2) REG: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Policies\Microsoft\FVE!RDVDenyWriteAccess

References:

Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:27784


OVAL    1
oval:org.secpod.oval:def:27784
XCCDF    3
xccdf_org.secpod_benchmark_general_Windows_2012_R2
xccdf_org.secpod_benchmark_PCI_3_2_Windows_Server_2012_R2
xccdf_org.secpod_benchmark_HIPAA_45CFR_164_Windows_Server_2012_R2

© 2013 SecPod Technologies