Instructions here are provided as a courtesy only for students to set up BitLocker in compliance with CUIMC requirements.
IMPORTANT: Computers used for work  - including any personally owned - must have BitLocker set up by the department or division's Certified IT Group as per CUIMC Information Security Requirements.

Instructions

BitLocker has default encryption settings that do not meet University requirements. Once you've completed initial preparation, follow these steps to set BitLocker to use an approved encryption level called AES-256. If a computer already has BitLocker enabled you can check the encryption level and follow instructions to correct it if needed.

1. You must be logged in to the computer with Administrative rights, and the computer cannot be joined to a domain.
2. Launch the Run program: press the Windows and r keys on the keyboard at the same time, or type Run into the Windows Search box and select it from the list of results.
3. In the Open field, type gpedit.msc and click OK.
   
4. The Local Group Policy Editor window will open. Select/expand the following under the Computer Configuration heading in the left: Administrative Templates - Windows Components - BitLocker Drive Encryption.
   
5. Double-click on the Choose drive encryption method and cipher strength option in the right pane.
6. In the next window select Enabled near the upper left.
   
7. Under the Select the encryption method drop down menu choose AES 256-bit with Diffuser. NOTE: in some versions of Windows the "with Diffuser" option may not be available, if so it is fine to select AES-256 only. On Windows 10 you may need to select XTS-AES 256-bit.
8. Click the Apply button in the lower right, then OK
9. Click the red X in the upper right to corner to close the Local Group Policy Editor window. BitLocker will now use AES-256 when encrypting the full operating system disk.

Once AES-256 is set (and all other preparation steps are completed) you can enable BitLocker.