Detections
Analytics
WN11-00-000010 - Windows 11 domain-joined systems must have a Trusted Platform Module (TPM) enabled.
Information
Credential Guard uses virtualization-based security to protect information that could be used in credential theft attacks if compromised. There are a number of system requirements that must be met in order for Credential Guard to be configured and enabled properly. Without a TPM enabled and ready for use, Credential Guard keys are stored in a less secure method using software.Solution
For standalone systems, this is NA.Virtualization-based security, including Credential Guard, currently cannot be implemented in virtual desktop implementations (VDI) due to specific supporting requirements including a TPM, UEFI with Secure Boot, and the capability to run the Hyper-V feature within the virtual desktop.
For VDIs where the virtual desktop instance is deleted or refreshed upon logoff, this is NA.
Ensure domain-joined systems must have a TPM that is configured for use. (Versions 2.0 support Credential Guard.)
The TPM must be enabled in the firmware.
Run 'tpm.msc' for configuration options in Windows.
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_11_V2R7_STIG.zip
Item Details
Audit Name: DISA Microsoft Windows 11 STIG v2r7
Category: SYSTEM AND COMMUNICATIONS PROTECTION
References: 800-53|SC-8(1), CAT|II, CCI|CCI-002421, Rule-ID|SV-253255r1117271_rule, STIG-ID|WN11-00-000010, Vuln-ID|V-253255
Plugin: Windows
Control ID: d31db65a5930b29648c8433dd8a926bf37828d887994033bc6e4ebd4367eecf4