WN10-00-000010 - Windows 10 domain-joined systems must have a Trusted Platform Module (TPM) enabled and ready for use - TPM enabled and ready for use.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version


Credential Guard uses virtualization based security to protect information that could be used in credential theft attacks if compromised. There are a number of system requirements that must be met in order for Credential Guard to be configured and enabled properly. Without a TPM enabled and ready for use, Credential Guard keys are stored in a less secure method using software.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.


For standalone systems, this is NA.

Virtualization based security, including Credential Guard, currently cannot be implemented in virtual desktop implementations (VDI) due to specific supporting requirements including a TPM, UEFI with Secure Boot, and the capability to run the Hyper-V feature within the virtual desktop.

For VDIs where the virtual desktop instance is deleted or refreshed upon logoff, this is NA.

Ensure domain-joined systems must have a Trusted Platform Module (TPM) that is configured for use. (Versions 2.0 or 1.2 support Credential Guard.)

The TPM must be enabled in the firmware.
Run 'tpm.msc' for configuration options in Windows.

See Also


Item Details

References: CAT|II, CCI|CCI-000366, Rule-ID|SV-220698r569187_rule, STIG-ID|WN10-00-000010, STIG-Legacy|SV-77813, STIG-Legacy|V-63323, Vuln-ID|V-220698

Plugin: Windows

Control ID: b47944afd478e7a0003963a442f91414db6ae84661026df7c52c45d0cc09a6e6