cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Viewer III

Bitlocker on USB drives for GDPR

Did anybody look into Microsoft BitLocker on a USB drive and if the encryption level of BitLocker would be sufficiently secure for GDPR?

 

In our stores we deal with Personal data and ship this between the stores and the office, an encrypted USB drive would be ideal for this purpose.

 

Arthur Vermeer.

2 Replies
Contributor II

Re: Bitlocker on USB drives for GDPR

 

Bitlocker is backed by multiple FIPS (CMVP and CAVP) validations. Windows 10 was Common Criteria validated as well, using the CAVP validations to back up its AES, XTS, RSA, and SHS implementations.

 

I'm not a fancy, big-city GDPR expert, but having been a CC/FIPS evaluator, it seems to me that if the cryptographic implementations are good enough for use by the US and allied national governments then they are probably good enough for GDPR.

-- wdf//CISSP, CSSLP
oms
Newcomer I

Re: Bitlocker on USB drives for GDPR

Dear Arthur,

 

since there is no whitelist of products, there are two things that could very likely be cheked during a customer or government audit or if you need to present your crypto management during contract negotiation:

 

  1. Algorithms
  2. Key Management (ideally managed by policy)

In terms of algorithms, there's nothing wrong with Bitlocker.

Key Management is completely up to you but might screw up the best encryption if not carried out properly.

 

Kind regards

Oliver