The Tanium application must retain the session lock until the user reestablishes access using established identification and authentication procedures.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-253814	TANS-CN-000001	SV-253814r842470_rule		Medium

Description
Unattended systems are susceptible to unauthorized use and should be locked when unattended. This protects critical and sensitive data from exposure to unauthorized personnel with physical access to the system.

STIG	Date
Tanium 7.x Security Technical Implementation Guide	2022-08-24

Details

Check Text ( C-57266r842468_chk )
1. Access the Tanium Server. 2. Log on to the server with an account that has administrative privileges. 3. Run regedit as Administrator. 4. Navigate to HKEY_LOCAL_MACHINE >> SOFTWARE >> Wow6432Node >> Tanium >> Tanium Server. 5. Validate the value for REG_DWORD "ForceSOAPSSLClientCert" is set to "1". 6. Navigate to HKEY_LOCAL_MACHINE >> SOFTWARE >> Wow6432Node >> Tanium >> Tanium Server. 7. Validate the following keys exist and are configured: REG_SZ "ClientCertificateAuthField" For example: X509v3 Subject Alternative Name. REG_SZ "ClientCertificateAuthRegex" For example-DoD: .+?Name:\s?(\S+@[._a-zA-Z0-9]+). Note: This regex may vary. REG_SZ "ClientCertificateAuth" For example: C:\Program Files\Tanium\Tanium Server\dod.pem If the value for REG_DWORD "ForceSOAPSSLClientCert" is not set to "1" and the remaining registry values are not configured, this is a finding.

Check Text ( C-57266r842468_chk )

1. Access the Tanium Server.

2. Log on to the server with an account that has administrative privileges.

3. Run regedit as Administrator.

4. Navigate to HKEY_LOCAL_MACHINE >> SOFTWARE >> Wow6432Node >> Tanium >> Tanium Server.

5. Validate the value for REG_DWORD "ForceSOAPSSLClientCert" is set to "1".

6. Navigate to HKEY_LOCAL_MACHINE >> SOFTWARE >> Wow6432Node >> Tanium >> Tanium Server.

7. Validate the following keys exist and are configured:

REG_SZ "ClientCertificateAuthField"
For example:
X509v3 Subject Alternative Name.

REG_SZ "ClientCertificateAuthRegex"
For example-DoD:
.+?Name:\s*?(\S+@[._a-zA-Z0-9]+).*
Note: This regex may vary.

REG_SZ "ClientCertificateAuth"
For example:
C:\Program Files\Tanium\Tanium Server\dod.pem

If the value for REG_DWORD "ForceSOAPSSLClientCert" is not set to "1" and the remaining registry values are not configured, this is a finding.

Fix Text (F-57217r842469_fix)
Use the vendor documentation titled "Smart card authentication" to implement correct configuration settings for this requirement. Vendor documentation can be downloaded from https://docs.tanium.com/platform_deployment_reference/platform_deployment_reference/smart_card_authentication.html?Highlight=cac. 1. Access the Tanium Server. 2. Log on to the server with an account that has administrative privileges. 3. Run regedit as Administrator. 4. Navigate to HKEY_LOCAL_MACHINE >> SOFTWARE >> Wow6432Node >> Tanium >> Tanium Server. 5. Validate the value for REG_DWORD "ForceSOAPSSLClientCert" is set to "1". 6. Navigate to HKEY_LOCAL_MACHINE >> SOFTWARE >> Wow6432Node >> Tanium >> Tanium Server. 7. Configure the following keys: REG_SZ "ClientCertificateAuthField" For example: X509v3 Subject Alternative Name. REG_SZ "ClientCertificateAuthRegex" For example-DoD: .+?Name:\s?(\S+@[._a-zA-Z0-9]+). Note: This regex may vary. REG_SZ "ClientCertificateAuth" For example: C:\Program Files\Tanium\Tanium Server\dod.pem

Fix Text (F-57217r842469_fix)

Use the vendor documentation titled "Smart card authentication" to implement correct configuration settings for this requirement.

Vendor documentation can be downloaded from https://docs.tanium.com/platform_deployment_reference/platform_deployment_reference/smart_card_authentication.html?Highlight=cac.

1. Access the Tanium Server.

2. Log on to the server with an account that has administrative privileges.

3. Run regedit as Administrator.

4. Navigate to HKEY_LOCAL_MACHINE >> SOFTWARE >> Wow6432Node >> Tanium >> Tanium Server.

5. Validate the value for REG_DWORD "ForceSOAPSSLClientCert" is set to "1".

6. Navigate to HKEY_LOCAL_MACHINE >> SOFTWARE >> Wow6432Node >> Tanium >> Tanium Server.

7. Configure the following keys:

REG_SZ "ClientCertificateAuthField"
For example:
X509v3 Subject Alternative Name.

REG_SZ "ClientCertificateAuthRegex"
For example-DoD:
.+?Name:\s*?(\S+@[._a-zA-Z0-9]+).*
Note: This regex may vary.

REG_SZ "ClientCertificateAuth"
For example:
C:\Program Files\Tanium\Tanium Server\dod.pem