FIP Compliant BitLocker Setup RRS feed

  • Question

  • Hi,

    I'm trying to find a guide on setting up BitLocker for FIPS compliance.  Most of the web searching I have done has been for backing up the recovery password to AD, but the recovery password is not FIPS compliant.  I'm hoping there is a way to do this and not require a USB key to be purchased for each system for startup or recovery.  Also, I need to encrypt external drives as well.  Any guidance would be greatly appreciated.



    Tuesday, August 26, 2014 12:29 PM


  • Hi  Chad,

    BitLocker Drive Encryption take the AES-CBC + diffuser algorithm as a security algorithm, not a FIPS compliant, the detailed information can be found at:

    To avoid USB keys to be purchased, you can backup the recovery password to a Active Directory for startup, that’s the way available for now. To encrypt external drives, you can follow these steps:

    To enable BitLocker encryption on a USB flash drive, do the following:

    1. Insert the USB flash drive, click Start, and then click Computer.

    2. Right-click the USB flash drive, and then click Turn On BitLocker. BitLocker initializes the drive.

    3. On the Choose How You Want To Unlock This Drive page, choose one or more for the following options, and then click Next:

    4. On the How Do You Want To Store Your Recovery Key page, click Save The Recovery Key To A File.

    Or you can follow this for detailed steps:

    Any other problems, you can post it back.


    Wade Liu
    TechNet Community Support

    Wednesday, August 27, 2014 10:16 AM