Detections
Analytics

1.105 WN22-CC-000110

Information

Windows Server 2022 virtualization-based security must be enabled with the platform security level configured to Secure Boot or Secure Boot with DMA Protection.

GROUP ID: V-254343
RULE ID: SV-254343r991589

Virtualization Based Security (VBS) provides the platform for the additional security features Credential Guard and virtualization-based protection of code integrity. Secure Boot is the minimum security level, with DMA protection providing additional memory protection. DMA Protection requires a CPU that supports input/output memory management unit (IOMMU).

Solution

Configure the policy value for

Computer Configuration >> Administrative Templates >> System >> Device Guard >> Turn On Virtualization Based Security to 'Enabled' with 'Secure Boot' or 'Secure Boot and DMA Protection' selected

A Microsoft TechNet article on Credential Guard, including system requirement details, can be found at the following link:

https://technet.microsoft.com/itpro/windows/keep-secure/credential-guard

See Also

https://workbench.cisecurity.org/benchmarks/22357

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-254343r991589_rule, STIG-ID|WN22-CC-000110, Vuln-ID|V-254343

Plugin: Windows

Control ID: 0b38b3799422dbf4d91d9f32f59a8ffa6129f170705ff6f961d243f496fce117