UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Tanium 7.x Application on TanOS Security Technical Implementation Guide


Overview

Date Finding Count (83)
2022-10-31 CAT I (High): 0 CAT II (Med): 82 CAT III (Low): 1
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC I - Mission Critical Classified)

Finding ID Severity Title
V-254939 Medium The application must enforce access restrictions associated with changes to application configuration.
V-254948 Medium The Tanium application must limit the bandwidth used in communicating with endpoints to prevent a denial of service (DoS) condition at the server.
V-254877 Medium The Tanium endpoint must have the Tanium Server's pki.db in its installation.
V-254874 Medium The Tanium max_soap_sessions_total setting must be explicitly enabled to limit the number of simultaneous sessions.
V-254888 Medium Tanium Threat Response must be configured to receive IOC streams only from trusted sources.
V-254889 Medium The Tanium documentation identifying recognized and trusted folders for Threat Response Local Directory Source must be maintained.
V-254884 Medium The Tanium application must be configured to use Tanium User Groups in a manner consistent with the model outlined within the environment's system documentation.
V-254885 Medium Documentation identifying Tanium console users and their respective Computer Group rights must be maintained.
V-254886 Medium The Tanium Action Approval feature must be enabled for two-person integrity when deploying actions to endpoints.
V-254887 Medium The Tanium documentation identifying recognized and trusted IOC streams must be maintained.
V-254880 Medium Tanium public keys of content providers must be validated against documented trusted content providers.
V-254881 Medium The Tanium Application Server must be configured to only use LDAP for account management functions.
V-254882 Medium Tanium Computer Groups must be used to restrict console users from affecting changes to unauthorized computers.
V-254883 Medium Documentation identifying Tanium console users, their respective User Groups, Computer Groups, and Roles must be maintained.
V-254927 Medium The Tanium application must set an inactive timeout for sessions.
V-254909 Medium The Tanium endpoint must have the Tanium Servers public key in its installation.
V-254908 Medium The Tanium Application Server must be configured to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments.
V-254926 Medium Tanium must notify system administrators and ISSO for account removal actions.
V-254905 Medium Firewall rules must be configured on the Tanium Endpoints for Client-to-Server communications.
V-254904 Medium The Tanium cryptographic signing capabilities must be enabled on the Tanium Server.
V-254907 Medium Firewall rules must be configured on the Tanium Zone Server for Client-to-Zone Server communications.
V-254906 Medium Firewall rules must be configured on the Tanium Server for Client-to-Server communications.
V-254901 Medium Access to Tanium logs on each endpoint must be restricted by permissions.
V-254900 Medium The Tanium applications must provide the capability to filter audit records for events of interest based upon organization-defined criteria.
V-254903 Medium The Tanium cryptographic signing capabilities must be enabled on the Tanium Clients to safeguard the authenticity of communications sessions when answering requests from the Tanium Server.
V-254902 Medium The Tanium application must prohibit user installation, modification, or deletion of software without explicit privileged status.
V-254941 Medium Firewall rules must be configured on the Tanium Server for Server-to-Database communications.
V-254940 Medium Firewall rules must be configured on the Tanium Server for Console-to-Server communications.
V-254925 Medium Tanium must notify system administrators and ISSO for account disabling actions.
V-254942 Medium Firewall rules must be configured on the Tanium module server to allow Server-to-Module Server communications from the Tanium Server.
V-254945 Medium The SSLHonorCipherOrder must be configured to disable weak encryption algorithms on the Tanium Server.
V-254922 Medium The Tanium application must employ automated mechanisms to determine the state of information system components with regard to flaw remediation using the following frequency: Continuously, where ESS is used; 30 days, for any additional internal network scans not covered by ESS; and annually, for external scans by Computer Network Defense Service Provider (CNDSP).
V-254921 Medium The Tanium application must reveal error messages only to the ISSO, ISSM, and SA.
V-254920 Medium The Tanium application must manage bandwidth throttles to limit the effects of information flooding types of Denial of Service (DoS) attacks.
V-254949 Medium The Tanium application must install security-relevant software updates within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).
V-254923 Medium Tanium must notify SA and ISSO when accounts are created.
V-254938 Medium The Tanium application must prohibit user installation of software without explicit privileged status.
V-254929 Medium Tanium must notify system administrator and ISSO of account enabling actions.
V-254944 Medium Firewall rules must be configured on the Tanium Server for Server-to-Zone Server communications.
V-254951 Medium The application must, at a minimum, offload interconnected systems in real time and offload standalone systems weekly.
V-254876 Medium The Tanium Application Server console must be configured to initiate a session lock after a 15-minute period of inactivity.
V-254947 Medium The Tanium Server certificate must be signed by a DOD Certificate Authority.
V-254946 Medium The SSLCipherSuite must be configured to disable weak encryption algorithms on the Tanium Server.
V-254875 Medium The Tanium max_soap_sessions_per_user setting must be explicitly enabled to limit the number of simultaneous sessions.
V-254924 Medium Tanium must notify system administrators and ISSO when accounts are modified.
V-254879 Medium Content providers must provide their public key to the Tanium administrator to import for validating signed content.
V-254899 Medium The Tanium application must be configured to send audit records from multiple components within the system to a central location for review and analysis of audit records.
V-254898 Medium The Tanium application must alert the ISSO and SA (at a minimum) in the event of an audit processing failure.
V-254897 Medium Multi-factor authentication must be enabled and enforced on the Tanium Server for all access and all accounts.
V-254896 Medium The publicly accessible Tanium application must retain the Standard Mandatory DOD Notice and Consent Banner on the screen until users acknowledge the usage conditions and take explicit actions to log on for further access.
V-254895 Medium The publicly accessible Tanium application must display the Standard Mandatory DOD Notice and Consent Banner before granting access to the application.
V-254894 Medium Tanium Comply must be configured to receive OVAL feeds only from trusted sources.
V-254893 Medium Tanium Comply must be configured to receive SCAP content only from trusted sources.
V-254892 Medium The Tanium documentation identifying recognized and trusted OVAL feeds must be maintained.
V-254891 Medium The Tanium documentation identifying recognized and trusted SCAP sources must be maintained.
V-254890 Medium The Tanium Threat Response Local Directory Source must be configured to restrict access to only authorized maintainers of Threat Intel.
V-254918 Medium The Tanium Server and Client applications must have logging enabled.
V-254919 Medium The Tanium application must restrict the ability of individuals to use information systems to launch organization-defined Denial of Service (DoS) attacks against other information systems.
V-254943 Medium Firewall rules must be configured on the Tanium Server for Server-to-Module Server communications.
V-254912 Medium Tanium must enforce 24 hours/1 day as the minimum password lifetime.
V-254913 Medium The Tanium application must enforce a 60-day maximum password lifetime restriction.
V-254910 Medium The Tanium application must enforce a minimum 15-character password length.
V-254911 Medium The Tanium application must prohibit password reuse for a minimum of five generations.
V-254916 Medium The Tanium application must uniquely identify and authenticate nonorganizational users (or processes acting on behalf of nonorganizational users).
V-254917 Medium The Tanium application must separate user functionality (including user interface services) from information system management functionality.
V-254914 Medium The Tanium Server certificates must have Extended Key Usage entries for the serverAuth object TLS Web Server Authentication and the clientAuth object TLS Web Client Authentication.
V-254915 Medium The Tanium application must be configured for LDAP user/group synchronization to map the authenticated identity to the individual user or group account for PKI-based authentication.
V-254934 Medium The Tanium application must offload audit records onto a different system or media than the system being audited.
V-254935 Medium The Tanium application must provide an immediate warning to the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity.
V-254936 Medium The Tanium application must provide an immediate real-time alert to the SA and ISSO, at a minimum, of all audit failure events requiring real-time alerts.
V-254930 Medium Control of the Tanium Client service must be restricted to SYSTEM access only for all managed clients.
V-254931 Medium The ability to uninstall the Tanium Client service must be disabled on all managed clients.
V-254932 Medium The permissions on the Tanium Client directory must be restricted to only the SYSTEM account on all managed clients.
V-254933 Medium The Tanium application must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.
V-254956 Medium Tanium Server processes must be excluded from on-access scan.
V-254878 Medium Tanium Trusted Content providers must be documented.
V-254954 Medium Tanium endpoint files must be excluded from host-based intrusion prevention intervention.
V-254928 Medium The Tanium Application Server must be configured with a connector to sync to Microsoft Active Directory for account management functions.
V-254952 Medium Tanium Client processes must be excluded from on-access scan.
V-254953 Medium Tanium Client directory and subsequent files must be excluded from on-access scan.
V-254950 Medium Tanium must alert the ISSO, ISSM, and other individuals designated by the local organization when the following Indicators of Compromise (IOCs) or potential compromise are detected: real time intrusion detection; threats identified by authoritative sources (e.g., CTOs); and Category I, II, IV, and VII incidents in accordance with CJCSM 6510.01B.
V-254955 Medium Tanium Server directory and subsequent files must be excluded from on-access scan.
V-254937 Low Access to the Tanium Application Servers must be restricted. Only the designated administrator(s) can have elevated privileges to the Tanium Application Servers.