This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 6%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHM%3C/text%3E%3C/svg%3E)
We have Windows 10 systems already encrypted with BitLocker. I want to get them FIPS compliant. I know I have to set the security policy "System cryptography: Use FIPS compliant algorithms for encryption, hashing and signing." Once that is set, what do I need to do to get these systems FIPS compliant? Do I need to decrypt and re-encrypt them or is there a method to get these systems compliant without having to go through decryption?
@Hare, Mike
Hi,
Just checking in to see if the information provided was helpful.
If the reply helped you, please remember to accept as answer.
If no, please reply and tell us the current situation in order to provide further help.
@Hare, Mike
Hi,
I'm afraid you need to decrypt and re-encrypt them.
BitLocker is FIPS-validated, but it requires a setting before encryption that ensures that the encryption meets the standards set forth by FIPS 140-2.
-Open Local Security Policy as administrator
-Navigate to Local Policies => Security Options
-Set System Cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing to be Enabled
-Then, encrypt the machine using BitLocker
According to this article you will only have to decrypt if your changing the method BitLocker recovery.
https://learn.microsoft.com/zh-cn/archive/blogs/askcore/how-to-make-your-existing-bitlocker-encrypted-environment-fips-complaint
Hope above information can help you.
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.