STIG ID: WN19-00-000090 | SRG: SRG-OS-000480-GPOS-00227 | Severity: medium | CCI: | Vulnerability Id: V-205848
Credential Guard uses virtualization-based security to protect data that could be used in credential theft attacks if compromised. A number of system requirements must be met in order for Credential Guard to be configured and enabled properly. Without a TPM enabled and ready for use, Credential Guard keys are stored in a less secure method using software.
Ensure domain-joined systems have a TPM that is configured for use. (Versions 2.0 or 1.2 support Credential Guard.)
The TPM must be enabled in the firmware.
Run "tpm.msc" for configuration options in Windows.
For standalone or nondomain-joined systems, this is NA.
Verify the system has a TPM and it is ready for use.
Run "tpm.msc".
Review the sections in the center pane.
"Status" must indicate it has been configured with a message such as "The TPM is ready for use" or "The TPM is on and ownership has been taken".
TPM Manufacturer Information - Specific Version = 2.0 or 1.2
If a TPM is not found or is not ready for use, this is a finding.