Disable: 'Allow Standby States (S1-S3) When Sleeping (On Battery)' Dictates whether or not Windows is allowed to use standby states when sleeping the computer. When this policy is enabled, Windows may use standby states to sleep the computer. If this policy is disabled, the only sleep state a computer may enter is hibernate. Counter Measure: During hibernation, system power state S4, the computer's RAM and CPU are powered off and memory is flushed to discard any secrets that had been stored there. Operating system context, however, is maintained in a hibernation file (an image of memory) that the system writes to the encrypted BitLocker OS volume before entering the S4 state. Upon restart, the loader reads this file and jumps to the system's previous, pre-hibernation location. Additionally, Disabling sleep states (S1-S3), and allowing only hibernation state (S4) has the additional benefit that the system resumes through the BitLocker startup checks to include prompting the user for a PIN if TPM+PIN is used. Potential Impact: Users will not be able to use Sleep (S3) which resumes faster than Hibernation (S4). [enable/disable] (1) GPO: Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings\Allow Standby States (S1-S3) When Sleeping (On Battery) (2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\abfc2519-3608-4c2a-94ea-171b0ed546ab\DCSettingIndex oval:org.secpod.oval:def:35023 SCAP Repo OVAL Definition 2016-06-10