The Tanium endpoint must have the Tanium Server's pki.db in its installation.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-253805	TANS-CL-000001	SV-253805r858416_rule		Medium

Description
Without cryptographic integrity protections in the Tanium Client, information could be altered by unauthorized users without detection. Cryptographic mechanisms used for protecting the integrity of Tanium communications information include signed hash functions using asymmetric cryptography, enabling distribution of the public key to verify the hash information while maintaining the confidentiality of the secret key used to generate the hash. Satisfies: SRG-APP-000158

Description

Without cryptographic integrity protections in the Tanium Client, information could be altered by unauthorized users without detection. Cryptographic mechanisms used for protecting the integrity of Tanium communications information include signed hash functions using asymmetric cryptography, enabling distribution of the public key to verify the hash information while maintaining the confidentiality of the secret key used to generate the hash. Satisfies: SRG-APP-000158

STIG	Date
Tanium 7.x Security Technical Implementation Guide	2022-08-24

Details

Check Text ( C-57257r842441_chk )
1. Using a web browser on a system that has connectivity to the Tanium application, access the Tanium application web user interface (UI) and log on with multifactor authentication. 2. Click "Administration" on the top navigation banner. 3. Under "Configuration", select "Client Status". 4. Change "Show systems that have reported in the last:"; enter "7" in the first field. 5. Select "Days" from the drop-down menu in the second field to determine if any endpoints connected with an invalid key. If any systems are listed with "No" in the "Valid Key" column, this is a finding.

Check Text ( C-57257r842441_chk )

1. Using a web browser on a system that has connectivity to the Tanium application, access the Tanium application web user interface (UI) and log on with multifactor authentication.

2. Click "Administration" on the top navigation banner.

3. Under "Configuration", select "Client Status".

4. Change "Show systems that have reported in the last:"; enter "7" in the first field.

5. Select "Days" from the drop-down menu in the second field to determine if any endpoints connected with an invalid key.

If any systems are listed with "No" in the "Valid Key" column, this is a finding.

Fix Text (F-57208r842442_fix)
For systems that do not have a valid key for the Tanium Server, redeploy the client software from Tanium using Tanium Client Management or work with the Tanium system administrator to accomplish this. 1. Configure a deployment. 2. Deploy the package or installer. 3. Target appropriate systems.