Compliance: BitLocker should use AES 256 encryption

77de846e-473b-4c4d-8d70-85d27342fc45

Some compliance requirements may require that AES 256-bit encryption is used for BitLocker.

Remediation

Use Group Policy to set a specific encryption method in BitLocker

Computer Configuration
|_ Administrative Templates
|_ Windows Components
|_ BitLocker Drive Encryption
|_Choose drive encryption method and cipher strength set to "Enabled" and Select: AES 256-bit

More Information: https://www.howtogeek.com/193649/how-to-make-bitlocker-use-256-bit-aes-encryption-instead-of-128-bit-aes/

PCI DSS v3.2: 2.3
PCI DSS v4.0: 2.2.7 (3.6.1.1, 3.6.1.2, 3.7.3)
CIS CSC v8: 4.6, 12.3
NIST Privacy Framework: PR.DS-P2
CMMC V2: SC.L2-3.13.11