WN16-00-000100 – Windows Server 2016 domain-joined systems must have a Trusted Platform Module (TPM) enabled and ready for use – TPM enabled and ready for use.

Details

Credential Guard uses virtualization-based security to protect data that could be used in credential theft attacks if compromised. A number of system requirements must be met in order for Credential Guard to be configured and enabled properly. Without a TPM enabled and ready for use, Credential Guard keys are stored in a less secure method using software.

Solution

Ensure domain-joined systems have a TPM that is configured for use. (Versions 2.0 or 1.2 support Credential Guard.)

The TPM must be enabled in the firmware.

Run ‘tpm.msc’ for configuration options in Windows.

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_Server_2016_V2R3_STIG.ziphttps://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_Server_2016_V2R3_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Windows.

References

800-53|CM-6b.
CAT|II
CCI|CCI-000366
Rule-ID|SV-224827r569186_rule
STIG-ID|WN16-00-000100
STIG-Legacy|SV-87889
STIG-Legacy|V-73237
Vuln-ID|V-224827

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles