STIGhubSTIGhub
STIGhub— A free STIG search and compliance tool·STIGs updated 23 hours ago
Powered by Pylon·Privacy·Terms·Feedback·© 2026 Beacon Cloud Solutions, Inc.
← Back to Microsoft Windows 11 Security Technical Implementation Guide

V-253255

CAT II (Medium)

Windows 11 systems must have a Trusted Platform Module (TPM) enabled.

Rule ID

SV-253255r1210279_rule

STIG

Microsoft Windows 11 Security Technical Implementation Guide

Version

V2R8

CCIs

CCI-002421

Discussion

Credential Guard uses virtualization-based security to protect information that could be used in credential theft attacks if compromised. There are a number of system requirements that must be met in order for Credential Guard to be configured and enabled properly. Without a TPM enabled and ready for use, Credential Guard keys are stored in a less secure method using software.

Check Content

Verify the system has a TPM and is ready for use.

Run "tpm.msc".
Review the sections in the center pane.
"Status" must indicate it has been configured with a message such as "The TPM is ready for use" or "The TPM is on and ownership has been taken".
TPM Manufacturer Information - Specific Version = 2.0

If a TPM is not found or is not ready for use, this is a finding.

Fix Text

Ensure systems have a TPM that is configured for use. (Versions 2.0 supports Credential Guard.)

The TPM must be enabled in the firmware.

Run "tpm.msc" for configuration options in Windows.