Checking the BitLocker Encryption Strength


Instructions here are provided as a courtesy only for students to set up BitLocker in compliance with CUIMC requirements.
IMPORTANT:  Computers used for work  - including any personally owned - must have BitLocker set up by the department or division's Certified IT Group as per CUIMC Information Security Requirements.

By default, BitLocker uses an encryption method called AES-128, which does not meet the University encryption requirement minimum of a 256 bit cipher key. These instructions will help you look up a computer's current BitLocker encryption method.

View BitLocker Drive Encryption Settings

  1. Login to the computer using an account with Administrative rights.
  2. Type "command prompt" into the Windows Search in the lower left to bring up a list of matches, and make sure to select the Run as administrator option under the Command Prompt app in the menu that appears. Click Yes if a User Account Control window opens.
  3. Type manage-bde -status and hit the Enter key.
  4. See what is listed in the Encryption Method field.
    BitLocker Encryption Method View
  5. Type exit at the prompt and hit enter or click the upper right hand corner to close the command window when done.

If AES-256 (or XTS-AES 256) is not listed the computer will need to be completely decrypted, then have BitLocker settings changed to use AES-256 and enable full disk encryption.