Windows Server 2022 systems must have a Trusted Platform Module (TPM) enabled and ready for use.

Severity
Group ID
Group Title
Version
Rule ID
Date
STIG Version
mediumV-254246SRG-OS-000480-GPOS-00227WN22-00-000090SV-254246r1210256_rule2026-05-192

Description

Credential Guard uses virtualization-based security to protect data that could be used in credential theft attacks if compromised. A number of system requirements must be met for Credential Guard to be configured and enabled properly. Without a TPM enabled and ready for use, Credential Guard keys are stored in a less secure method using software.

ℹ️ Check

Verify the system has a TPM and it is ready for use. Run "tpm.msc". Review the sections in the center pane. "Status" must indicate it has been configured with a message such as "The TPM is ready for use" or "The TPM is on and ownership has been taken". TPM Manufacturer Information - Specific Version = 2.0 If a TPM is not found or is not ready for use, this is a finding.

✔️ Fix

Ensure systems have a TPM that is configured for use. (Version 2.0 supports Credential Guard.) The TPM must be enabled in the firmware. Run "tpm.msc" for configuration options in Windows.