https://community.isc2.org/t5/Privacy/Bitlocker-on-USB-drives-for-GDPR/m-p/10562#M480 <P>&nbsp;</P><P>Bitlocker is backed by multiple FIPS (CMVP and CAVP) validations. Windows 10 was Common Criteria&nbsp;validated as well, using the CAVP validations to back up its AES, XTS, RSA, and SHS implementations.</P><P>&nbsp;</P><P>I'm not a fancy, big-city GDPR expert, but having been a CC/FIPS evaluator, it seems to me that if&nbsp;the cryptographic implementations are good enough for use by the US and allied national governments then&nbsp;they are probably good enough for GDPR.</P> Tue, 22 May 2018 14:33:58 GMT Badfilemagic 2018-05-22T14:33:58Z https://community.isc2.org/t5/Privacy/Bitlocker-on-USB-drives-for-GDPR/m-p/10556#M479 <P>Did anybody look into Microsoft BitLocker on a USB drive and if the encryption level of BitLocker would be sufficiently secure for GDPR?</P><P>&nbsp;</P><P>In our stores we deal with Personal data and ship&nbsp;this between the stores and the office, an encrypted USB drive would be ideal for this purpose.</P><P>&nbsp;</P><P>Arthur Vermeer.</P> Mon, 09 Oct 2023 08:46:30 GMT https://community.isc2.org/t5/Privacy/Bitlocker-on-USB-drives-for-GDPR/m-p/10556#M479 AVermeer 2023-10-09T08:46:30Z https://community.isc2.org/t5/Privacy/Bitlocker-on-USB-drives-for-GDPR/m-p/10562#M480 <P>&nbsp;</P><P>Bitlocker is backed by multiple FIPS (CMVP and CAVP) validations. Windows 10 was Common Criteria&nbsp;validated as well, using the CAVP validations to back up its AES, XTS, RSA, and SHS implementations.</P><P>&nbsp;</P><P>I'm not a fancy, big-city GDPR expert, but having been a CC/FIPS evaluator, it seems to me that if&nbsp;the cryptographic implementations are good enough for use by the US and allied national governments then&nbsp;they are probably good enough for GDPR.</P> Tue, 22 May 2018 14:33:58 GMT https://community.isc2.org/t5/Privacy/Bitlocker-on-USB-drives-for-GDPR/m-p/10562#M480 Badfilemagic 2018-05-22T14:33:58Z https://community.isc2.org/t5/Privacy/Bitlocker-on-USB-drives-for-GDPR/m-p/10583#M481 <P>Dear Arthur,</P><P>&nbsp;</P><P>since there is no whitelist of products, there are two things that could very likely be cheked during a customer or government audit or if you need to present your crypto management during contract negotiation:</P><P>&nbsp;</P><OL><LI>Algorithms</LI><LI>Key Management (ideally managed by policy)</LI></OL><P>In terms of algorithms, there's nothing wrong with Bitlocker.</P><P>Key Management is completely up to you but might screw up the best encryption if not carried out properly.</P><P>&nbsp;</P><P>Kind regards</P><P>Oliver</P><P>&nbsp;</P> Tue, 22 May 2018 17:07:45 GMT https://community.isc2.org/t5/Privacy/Bitlocker-on-USB-drives-for-GDPR/m-p/10583#M481 oms 2018-05-22T17:07:45Z