WN16-00-000100 - Windows Server 2016 domain-joined systems must have a Trusted Platform Module (TPM) enabled and ready for use - TpmPresent

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Credential Guard uses virtualization-based security to protect data that could be used in credential theft attacks if compromised. A number of system requirements must be met for Credential Guard to be configured and enabled properly. Without a TPM enabled and ready for use, Credential Guard keys are stored in a less secure method using software.

Solution

Ensure domain-joined systems have a TPM that is configured for use. (Versions 2.0 or 1.2 support Credential Guard.)

The TPM must be enabled in the firmware.

Run 'tpm.msc' for configuration options in Windows.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_Server_2016_V2R5_STIG.zip

Item Details

References: CAT|II, CCI|CCI-000366, Rule-ID|SV-224827r857228_rule, STIG-ID|WN16-00-000100, STIG-Legacy|SV-87889, STIG-Legacy|V-73237, Vuln-ID|V-224827

Plugin: Windows

Control ID: 2226eeb8ed2b6d4ce1663a42a9885cd1d1669aa1d3504dfc275b23d560a049c6