Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-253815 | TANS-CN-000002 | SV-253815r858409_rule | Medium |
Description |
---|
By restricting access to the Tanium Server to only Microsoft Active Directory, user accounts and related permissions can be strictly monitored. Account management will be under the operational responsibility of the system administrator for the Windows Operating System Active Directory. Satisfies: SRG-APP-000317 |
STIG | Date |
---|---|
Tanium 7.x Security Technical Implementation Guide | 2022-08-24 |
Check Text ( C-57267r842471_chk ) |
---|
1. Using a web browser on a system that has connectivity to the Tanium application, access the Tanium application web user interface (UI) and log on with multifactor authentication. 2. Click "Administration" on the top navigation banner. 3. Under "Configuration", select "LDAP/AD Sync Configurations". 4. Verify a sync exists under "Enabled Servers". If no sync exists, this is a finding. If sync exists under "Disabled Servers" and there are no Enabled Servers, this is a finding. |
Fix Text (F-57218r842472_fix) |
---|
1. Using a web browser on a system that has connectivity to the Tanium application, access the Tanium application web UI and log on with multifactor authentication. 2. Click "Administration" on the top navigation banner. 3. Under "Configuration", select "LDAP/AD Sync Configurations". 4. Click "Add Server". 5. Complete the settings using guidance from https://docs.tanium.com/platform_user/platform_user/console_using_ldap.html. 6. Click "Show Preview to Continue". 7. Review the users and groups to be imported. 8. Click "Save". |