Obviously, these standards are not industry requirements, and most of the off-the-shelf PCs you can buy will struggle to meet all of these requirements. In time, of course, that could change, but as things stand now, if you’re interested in making your computer as safe and secure as it possibly can be, this is a road you’ll have to go down on your own and make the necessary mods and additions to your existing equipment. Here’s the summary, in a nutshell:
• 7th generation AMD or Intel Processors, because these contain MBEC (Mode-Based Execution Control)
• 64-bit processor architecture to take advantage of VBS (Virtualization-Based Security)
• Support for AMD-Vi, Intel VT-d, or ARM64SMMUs (this, to take advantage of Input-Output Memory Management Unit device virtualization)
• Purchase a Trusted Platform Module, if one is not already built into your existing chipset
• Make use of Platform Boot Verification to prevent the loading of firmware that was not designed by the manufacturer of your system
• A minimum of 8GB of RAM
• Use a system that implements UEFI (Unified Extensible Firmware Interface) 2.4 or above
• Systems should also support the Windows UEFI Firmware Capsule Update specification
• All drivers used should be Hypervisor-based Code Integrity compliant
At first blush, this list seems a bit daunting, but the cost requirements to better secure the Windows 10 PCs on your network are really not as bad as they first appear. In fact, it is possible to find a few off-the-shelf PCs that meet the newly published security standards, so if you’re ready to replace some of your network equipment, you do have at least a few options that don’t require you to custom build.
In any case, although it’s true that the new standards aren’t a magic bullet, they will certainly go a long way toward making your network as a whole more secure, making them a welcome addition indeed.