You can use Microsoft’s BitLocker encryption to meet NIST SP 800-171 and CMMC 2.0 data at rest encryption requirements. BitLocker is a convenient solution for organizations using Windows operating systems especially if you are using Azure Active Directory and Microsoft Endpoint Manager. BitLocker encryption is easy to deploy and managing keys is easy with Azure Active Directory.
Is BitLocker FIPS Validated?
NIST SP 800-171 & CMMC 2.0 requirement 3.13.11 requires that organization’s “Employ FIPS-validated cryptography when used to protect the confidentiality of CUI.”
The following security requirements are directly related to encryption and can generally be met using BitLocker encryption.
3.13.11 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI.
3.1.19 Encrypt CUI on mobile devices.
3.8.1 Protect (i.e., physically control and securely store) information system media containing CUI, both paper and digital.
3.8.9 Protect the confidentiality of backup CUI at storage locations.
BitLocker for Windows Computers
To protect the confidentiality of controlled unclassified information (CUI) on Windows computers you can use BitLocker encryption. BitLocker will encrypt a computer’s hard drive, thus securing your data at rest. Make sure to save your BitLocker keys when encrypting the devices. If you use Azure Active Directory your BitLocker keys will automatically be saved.
BitLocker for External Drives
If you store controlled unclassified information (CUI) on removable storage devices such as USB thumb drives or external drives you should encrypt them. BitLocker can be used to accomplish this. For more information on removable storage requirements for NIST SP 800-171 and CMMC 2.0 check out or blog post "The Ultimate Guide to USB Compliance for CMMC and NIST 800-171".
BitLocker Microsoft 365
To protect the confidentiality of controlled unclassified information (CUI) stored on SharePoint and OneDrive, Microsoft uses BitLocker encryption.
According to Microsoft, “BitLocker is deployed for OneDrive for Business and SharePoint Online across the service. Per-file encryption is also in OneDrive for Business and SharePoint Online in Microsoft 365 multi-tenant and new dedicated environments that are built on multi-tenant technology.
While BitLocker encrypts all data on a disk, per-file encryption goes even further by including a unique encryption key for each file. Further, every update to every file is encrypted using its own encryption key. The keys to the encrypted content are stored in a physically separate location from the content. Every step of this encryption uses Advanced Encryption Standard (AES) with 256-bit keys and is Federal Information Processing Standard (FIPS) 140-2 compliant. The encrypted content is distributed across a number of containers throughout the datacenter, and each container has unique credentials. These credentials are stored in a separate physical location from either the content or the content keys.”
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
NIST SP 800-171 & CMMC Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
HIPAA Compliance
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.