Reference¶
This reference page for the Defend module provides a comprehensive view of all supporting technical material that underpins lifecycle management operations, including:
- Hardware requirements for each security class
- Full lifecycle diagrams for devices and users
- Notes on privileged workflows
- Relevant configuration examples
All information here is specific to the Defend module and complements the main Usage Guide.
Hardware Requirements¶
SHIELD enforces hardware baselines per security class, especially for Privileged Security Mode (PSM), to reduce the risk of compromise through firmware, bootkits, and untrusted supply chains.
Enterprise and Specialized Modes (ESM/SSM)¶
| Requirement | Recommendation |
|---|---|
| OS | Windows 10 or later |
| RAM | 16GB or more |
| OEM Devices | Microsoft Surface or Lenovo preferred |
| Graphics Support | NVIDIA recommended (avoid AMD graphics) |
Device Security Considerations
In ESM/SSM, hardware risks are lower, but itβs still important to avoid unsupported OEMs and poor firmware hygiene. These devices typically handle non-elevated tasks.
Privileged Mode (PSM)¶
| Requirement | Recommendation |
|---|---|
| OS | Windows 11 Secure Core Certified |
| CPU | Intel Core i7 or Ryzen 7 equivalent |
| RAM | 32GB recommended (16GB minimum) |
| Storage | 256GB+ NVMe SSD |
| Certification | Secure Core Certified |
Potential Hardware Backdoors
Avoid OEMs that allow firmware-level master password resets or silent security bypasses. SHIELD recommends only certified hardware from Microsoft and Lenovo for PSM operations.
Lifecycle Workflow Diagrams¶
Each SHIELD lifecycle action is mapped to a standardized backend workflow. The following flowcharts show the logic for each user and device operation.
Device Workflow Diagrams¶
Commission Device¶
π Device - Commission
Decommission Device¶
Assign User to Device¶
π Device - Assign
Unassign User from Device¶
π Device - Unassign
User Workflow Diagrams¶
Commission User¶
π User - Commission
Decommission User¶
π User - Decommission
Privileged Workflows (Coming Soon)¶
A dedicated section for advanced Privileged workflows, including intermediary logic and RBAC extensions, will be added in a future release.
π Placeholder: Privileged Device Workflows