The National Security Agency has recommended using the version 2.0 of Trusted Platform Modules, or TPM, on the Department of Defense’s enterprise infrastructure to defend against malicious actors seeking to steal credentials and stored data.
In a TPM usage guidance NSA released on Thursday, the agency highlighted how the TPM security solution, embedded in most enterprise computing systems, protects encryption keys and passwords and verifies the integrity of operating systems and firmware.
“TPM is a vital component to mitigate vulnerabilities affecting user credentials, boot security, and static data,” said Zachary Blum, an NSA analyst of platform security.
TPMs are required for many devices, particularly those used for protecting user credentials and data at rest, across the DOD as required by the DOD Instruction 8500.01 and the Defense Information Systems Agency’s Security Technical Implementation Guides, or STIGs.
The NSA guidance identifies additional use cases in which TPMs can be integrated, including managing assets, auditing the hardware supply chain and monitoring system integrity.
NSA advises DOD components to integrate TPM into their infrastructure for use cases achievable today to further secure DOD missions. According to the agency, more TPM use cases are expected to become requirements in the future as TPM-supporting technologies mature for more complex use cases.