Title

Domain-joined systems must use Windows 10 Enterprise Edition 64-bit version. (Cat II impact)

Discussion

Features such as Credential Guard use virtualization-based security to protect information that could be used in credential theft attacks if compromised. A number of system requirements must be met for Credential Guard to be configured and enabled properly. Virtualization-based security and Credential Guard are only available with Windows 10 Enterprise 64-bit version.

Check Content

Verify domain-joined systems are using Windows 10 Enterprise Edition 64-bit version. For standalone or nondomain-joined systems, this is NA. Open "Settings". Select "System", then "About". If "Edition" is not "Windows 10 Enterprise", this is a finding. If "System type" is not "64-bit operating system…", this is a finding.

Fix Text

Use Windows 10 Enterprise 64-bit version for domain-joined systems.

Additional Identifiers

Rule ID: SV-220697r857178_rule

Vulnerability ID: V-220697

Group Title: SRG-OS-000480-GPOS-00227

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.