Use of the Trusted Platform Module (TPM) on startup for operating system drives encyrpted with BitLocker should be configured correctly. allowed/required/not allowed (1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\s5-o2\Configure TPM startup (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\UseTPM Worksheet: Bitlocker Policy Settings; Row: 59 Setting Index #889: This is a setting option. Refer to the following parent setting for additional information: Require additional authentication at startup http://technet.microsoft.com/en-us/library/ee706521(WS.10).aspx oval:org.secpod.oval:def:14736 Microsoft Security Compliance Management Toolkit for Windows 7, Windows 7 Security Baseline Settings.xlsm 2009-10-01 Microsoft Security Compliance Management Toolkit for Windows 7, Windows 7 Security Baseline.xml 2009-10-01 Microsoft TechNet and other Microsoft online documentation and resources Microsoft HTML SCAP Repo OVAL Definition 2013-08-13