Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-92183 | TANS-SV-000036 | SV-102285r1_rule | Medium |
Description |
---|
The Tanium Server has the option to use a "self-signed" certificate or a Trusted Certificate Authority signed certificate for SSL connections. During evaluations of Tanium in Lab settings, customers often conclude that a "self-signed" certificate is an acceptable risk. However, in production environments it is critical that a SSL certificate signed by a Trusted Certificate Authority be used on the Tanium Server in lieu of an untrusted and insecure "self-signed" certificate. |
STIG | Date |
---|---|
Tanium 7.3 Security Technical Implementation Guide | 2019-02-22 |
Check Text ( C-91343r2_chk ) |
---|
Using a web browser on a system, which has connectivity to the Tanium Application, access the Tanium Application web user interface (UI). Log on with CAC. When connected, review the Certificate for the Tanium Server: In Internet Explorer, right-click on the page. Select "Properties". Click on the "Certificates" tab. On the "General" tab, validate the Certificate shows as issued by a DOD Root CA. On Certification "Path" tab, validate the path top-level is a DoD Root CA. If the certificate authority is not DoD Root CA, this is a finding. |
Fix Text (F-98387r1_fix) |
---|
Request or regenerate the certificate from a DoD Root Certificate Authority. |