Protecting a system involves a group of security elements, working together to mitigate threats to the system. These elements are known to the outside world, and in fact must be known in order to work properly; communicating to outside systems the state of the platform. The elements involved in this system protection group include evidence and measurement, reporting and attestation, Trusted Computing Base management, policy engine, and personal identifying information handling. Each element provides necessary services to ensure the identity of and establish trust in the system.