Hi All,
The NSA just published CSI Trusted Platform Module (TPM) Use Cases
Trusted Platform Modules (TPMs) are components available on modern computing systems and intended to facilitate several cryptographic, protected storage, and integrity capabilities. NSA recommends acquiring TPMs of version 2.0 or later on devices that support them to be able to leverage their security capabilities for current and future use cases.
DoD Instruction 8500.1 requires inclusion of a TPM for DoD devices subject to DISA STIGs when user credentials and data-at-rest require protection. [1] NSA advocates for several TPM use cases in addition to those required by STIGs, such as for asset management, hardware supply chain security, and boot integrity measurement. Future use cases for the TPM include software supply chain auditing, runtime integrity measurement, and authentication and provisioning to support Zero Trust efforts. TPMs should transition to quantum-resistant cryptography to provide the proper capabilities and assurance for these use cases into the future. As TPM-supporting technologies mature and dependencies are satisfied, these recommended and future use cases may become DoD requirements.
------------------------------
Michael Roza CPA, CISA, CIA, CC, CCSKv5, CCZTv1, MBA, EMBA, CSA
------------------------------