Details
This policy setting manages whether or not Windows is allowed to use standby states when putting the computer in a sleep state.
The recommended state for this setting is: Disabled.
Rationale:
System sleep states (S1-S3) keep power to the RAM which may contain secrets, such as the BitLocker volume encryption key. An attacker finding a computer in sleep states (S1-S3) could directly attack the memory of the computer and gain access to the secrets through techniques such as RAM reminisce and direct memory access (DMA).
Impact:
Users will not be able to use Sleep (S3) while plugged in, which resumes faster than Hibernation (S4).
Solution
To establish the recommended configuration via GP, set the following UI path to Disabled:
Computer ConfigurationPoliciesAdministrative TemplatesSystemPower ManagementSleep SettingsAllow standby states (S1-S3) when sleeping (plugged in)
Note: This Group Policy path may not exist by default. It is provided by the Group Policy template Power.admx/adml that is included with the Microsoft Windows 8.0 & Server 2012 (non-R2) Administrative Templates (or newer).
Default Value:
Enabled. (Windows is allowed to use standby states when putting the computer in a sleep state.)
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management, Identification and Authentication.This control applies to the following type of system Windows.