Use of the Trusted Platform Module (TPM) on startup for operating system drives encyrpted with BitLocker should be configured correctly.
allowed/required/not allowed
(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\s5-o2\Configure TPM startup
(2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\UseTPM
Worksheet: Bitlocker Policy Settings; Row: 59
Setting Index #889: This is a setting option. Refer to the following parent setting for additional information: Require additional authentication at startup
http://technet.microsoft.com/en-us/library/ee706521(WS.10).aspx
oval:org.secpod.oval:def:14736
Microsoft Security Compliance Management Toolkit for Windows 7, Windows 7 Security Baseline Settings.xlsm
2009-10-01
Microsoft Security Compliance Management Toolkit for Windows 7, Windows 7 Security Baseline.xml
2009-10-01
Microsoft TechNet and other Microsoft online documentation and resources
Microsoft
HTML
SCAP Repo OVAL Definition
2013-08-13