January 31, 2017 is rapidly approaching. That is the date that the Department of Defense (DoD) has mandated that all physically domain-joined computers running a Microsoft Windows based operating system must transition to the Windows 10 SHB (Secure Host Baseline) operating system. Support for hardware-based cryptographic coprocessing, commonly referred to as the “Trusted Platform Module” has been required on newly acquired defense computers since early 2014. From DoD Instruction 8500.01:
“new computer assets (e.g., server, desktop, laptop, thin client, tablet, smartphone, personal digital assistant, mobile phone) procured to support DoD will include a TPM version 1.2 or higher where required by DISA STIGs and where such technology is available.”
These adoptions represent a wider move towards increasing the security of Military computing assets, data and associated networks.
Windows 10 SHB
The Department of Defense has decided to implement Windows 10 SHB as broadly and rapidly as possible in order to leverage the new operating system’s increased security and to streamline DoD Information Technology (IT) operations. More than 3 million current Windows PCs will be upgraded to Windows 10 with a “common baseline” among all of the machines, with certain departments and commands within the DoD able to customize their baseline operating systems with the software tools they use on a day to day basis. Windows 10 provides new features which help prevent data loss and unauthorized access to computers, notably, protection from so-called, “pass the hash” attacks.
At the heart of this new capability is, “Credential Guard” which utilizes virtualization technologies to isolate credentials, i.e., passwords, access codes, and biometric information from possibly malicious software. Credential Guard requires a 64 bit operating system, CPU virtualization extensions, UEFI firmware versions, and Secure Boot support. TPM 1.2 or 2.0 is a “soft requirement” of Credential Guard–assuming all other criteria are met, Credential Guard can run normally, but additional security can be achieved by utilizing a hardware-based Trusted Platform Module.
Trusted Platform Module
Part of the reason for the DoD’s move is the heightened security provided by the the Trusted Platform Module (ISO/IEC 11889) which a way to securely generate and store cryptographic keys in order to perform platform platform integrity authentication in conjunction with software and additionally provides increased security when encrypting data. The TPM usually takes the form of an add-on module connected via pins or a physical chip surface mounted to a motherboard or single board computer. In accordance with these DoD Instructions (DoDI) all physical machines attached to a military network will need a hardware TPM 1.2 or greater implementation in addition to support for the Windows 10 SHB.
Trenton Systems is a leader in Military Computing
Return to Blog Home
Trenton Systems’ TKL8255 is fully validated to support Windows 10 and brings the latest TPM 2.0 technology to the proven reliability, durability and flexibility of the PICMG 1.3 SHB/Backplane computing architecture. The Skylake-S processors provide SWaP benefits for mobile and remote deployments and the integrated, protected M.2 PCIe 3.0 x4 slot allows unprecedented storage speed, without the need for traditional, bulky 2.5″ or 3.5″ storage drives. Combined with our industry-leading 19″ rugged rackmount chassis in a variety of heights, drive bay configurations, power supply options and our wide selection of backplanes, we have the right combination of size, speed and slots to meet your military and defense-oriented computing requirements; if we don’t, we can customize any of our products to exactly meet your needs. Of course, all of our board products are designed and built in the USA and come with a five-year warranty, 7+ years of availability and lifetime, USA-based Technical Support. Contact us today to discuss securing your new military computing project with a solution from Trenton Systems.