CISSP Domain 3: TPM, Reference Monitor, and TCB

On the CISSP, a reference monitor must be tamperproof, always invoked, and small enough to be fully verified - and the security kernel is what implements it. This Domain 3 deep-dive walks the hardware and architecture that enforce trust: memory protection, the Trusted Platform Module, the Hardware Security Module, the reference monitor, and the Trusted Computing Base.

With Professor Erica, Fenrir, Grace, and Isabella, we cover objectives 3.3 and 3.4 of the 2026 exam outline, the security capabilities of information systems and how to select controls that fit documented requirements. You will leave able to tell a TPM from an HSM, recite the three reference-monitor properties, and avoid the over-engineering trap that gets control-selection questions wrong.

In this video:

• Process isolation, segmentation, ASLR, and the no-execute bit
• The TPM as a hardware root of trust, sealed storage, and remote attestation
• How the HSM differs from the TPM, one platform versus the whole enterprise
• The reference monitor’s three properties and why it must be small
• Security kernel versus reference monitor versus Trusted Computing Base
• Protection rings, secure enclaves, and matching controls to requirements

The next video in the series moves into vulnerabilities by system type, from cloud to industrial control systems, IoT, and containers. Anchored to the (ISC)2 CISSP Detailed Content Outline effective April 15, 2024.

Presented by Professor Erica — CISSP, CISM, PMP, M.S. Project Management, D.B.A. in progress.

▶ Watch next: CISSP Domain 3: Cloud, ICS, IoT & Container Vulnerabilities https://www.youtube.com/watch?v=YAVhwFJdLO4

📺 Full playlist: CISSP (2026) v2 https://www.youtube.com/playlist?list=PLlIAFxS2964_K3g6WysWnLpifoxilduGi