UCF STIG Viewer Logo

The Tanium Application Server must be configured with a connector to sync to Microsoft Active Directory for account management functions.


Overview

Finding ID Version Rule ID IA Controls Severity
V-234048 TANS-CN-000002 SV-234048r612749_rule Medium
Description
By restricting access to the Tanium Server to only Microsoft Active Directory, user accounts and related permissions can be strictly monitored. Account management will be under the operational responsibility of the System Administrator for the Windows Operation System Active Directory. Satisfies: SRG-APP-000233, SRG-APP-000317
STIG Date
Tanium 7.3 Security Technical Implementation Guide 2021-12-20

Details

Check Text ( C-37233r610644_chk )
Using a web browser on a system that has connectivity to the Tanium Application, access the Tanium Application web user interface (UI) and log on with CAC.

Click on the navigation button (hamburger menu) on the top left of the console, then click on "Configuration".

Click the down arrow to view Apps.

Find "LDAP Sync".

Verify a sync exists under "Enabled Servers".

If no sync exists, this is a finding.

If sync exists under "Disabled Servers", this is a finding.
Fix Text (F-37198r610645_fix)
Using a web browser on a system that has connectivity to the Tanium Application, access the Tanium Application web user interface (UI) and log on with CAC.

Click on the navigation button (hamburger menu) on the top left of the console, then click on "Configuration".

Click the down arrow to view Apps.

Find "LDAP Sync".

Click "Add Server".

Complete the settings using guidance from https://docs.tanium.com/platform_user/platform_user/console_using_ldap.html.

Click "Show Preview to Continue".

Review the users and groups to be imported.

Save the configuration.