WN19-00-000090 - Windows Server 2019 domain-joined systems must have a Trusted Platform Module (TPM) enabled and ready for use.

Information

Credential Guard uses virtualization-based security to protect data that could be used in credential theft attacks if compromised. A number of system requirements must be met in order for Credential Guard to be configured and enabled properly. Without a TPM enabled and ready for use, Credential Guard keys are stored in a less secure method using software.

Solution

Ensure domain-joined systems have a TPM that is configured for use. (Versions 2.0 or 1.2 support Credential Guard.)

The TPM must be enabled in the firmware.

Run 'tpm.msc' for configuration options in Windows.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_Server_2019_V2R2_STIG.zip

Item Details

References: CAT|II, CCI|CCI-000366, Rule-ID|SV-205848r569188_rule, STIG-ID|WN19-00-000090, STIG-Legacy|SV-103301, STIG-Legacy|V-93213, Vuln-ID|V-205848

Plugin: Windows

Control ID: 4729fda18d24cc59ef6c3872e85cbfa0d5a5161aae5ac041965ac3e37ed2826f