WN10-00-000010 - Windows 10 domain-joined systems must have a Trusted Platform Module (TPM) enabled and ready for use - TPM enabled and ready for use.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Credential Guard uses virtualization-based security to protect information that could be used in credential theft attacks if compromised. A number of system requirements must be met for Credential Guard to be configured and enabled properly. Without a TPM enabled and ready for use, Credential Guard keys are stored in a less secure method using software.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

For standalone or nondomain-joined systems, this is NA.

Virtualization-based security, including Credential Guard, currently cannot be implemented in VDI due to specific supporting requirements including a TPM, UEFI with Secure Boot, and the capability to run the Hyper-V feature within the virtual desktop.

For VDIs where the virtual desktop instance is deleted or refreshed upon logoff, this is NA.

Ensure domain-joined systems have a Trusted Platform Module (TPM) that is configured for use. (Versions 2.0 or 1.2 support Credential Guard.)

The TPM must be enabled in the firmware.

Run 'tpm.msc' for configuration options in Windows.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_10_V2R7_STIG.zip

Item Details

References: CAT|II, CCI|CCI-000366, Rule-ID|SV-220698r857181_rule, STIG-ID|WN10-00-000010, STIG-Legacy|SV-77813, STIG-Legacy|V-63323, Vuln-ID|V-220698

Plugin: Windows

Control ID: 0007a09dddc3af1a08f6cb80d167fcea829c04b0a1808236163b0f613b3ed029