Tanium public keys of content providers must be validated against documented trusted content providers.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-254880	TANS-AP-000055	SV-254880r867540_rule		Medium

Description
A Tanium Sensor, also called content, enables an organization to gather real-time inventory, configuration, and compliance data elements from managed computers. Sensors gather specific information from the local device and then write the results to the computer's standard output channel. The Tanium Client captures that output and forwards the results through the platform's unique "ring" architecture for display in the Tanium Console. The language used for Sensor development is based on the scripting engine available on the largest number of devices under management as well as the scripting experience and background of the people who will be responsible for creating new Sensors. VBScript and PowerShell are examples of common scripting languages used for developing sensors. Because errors in scripting can and will provide errant feedback at best and will impact functionality of the endpoint to which the content is directed, it is imperative to ensure content is only accepted from trusted sources.

Description

A Tanium Sensor, also called content, enables an organization to gather real-time inventory, configuration, and compliance data elements from managed computers. Sensors gather specific information from the local device and then write the results to the computer's standard output channel. The Tanium Client captures that output and forwards the results through the platform's unique "ring" architecture for display in the Tanium Console. The language used for Sensor development is based on the scripting engine available on the largest number of devices under management as well as the scripting experience and background of the people who will be responsible for creating new Sensors. VBScript and PowerShell are examples of common scripting languages used for developing sensors. Because errors in scripting can and will provide errant feedback at best and will impact functionality of the endpoint to which the content is directed, it is imperative to ensure content is only accepted from trusted sources.

STIG	Date
Tanium 7.x Application on TanOS Security Technical Implementation Guide	2022-10-31

Details

Check Text ( C-58493r867538_chk )
Note: If only using Tanium-provided content and not accepting content from any other content providers, this is Not Applicable. Obtain documentation from the Tanium System Administrator that contains the public key validation data. 1. Access the Tanium Server interactively. 2. Log on to the TanOS server with the tanadmin role. 3. Press "2" for "Tanium Operations Menu," and then press "Enter". 4. Press "5" for "Manage Custom Signing Keys," and then press "Enter". 5. Press "L" for "List Content Signing Keys," and then press "Enter". If signing keys not listed in the provided documentation are present, this is a finding.

Check Text ( C-58493r867538_chk )

Note: If only using Tanium-provided content and not accepting content from any other content providers, this is Not Applicable.

Obtain documentation from the Tanium System Administrator that contains the public key validation data.

1. Access the Tanium Server interactively.

2. Log on to the TanOS server with the tanadmin role.

3. Press "2" for "Tanium Operations Menu," and then press "Enter".

4. Press "5" for "Manage Custom Signing Keys," and then press "Enter".

5. Press "L" for "List Content Signing Keys," and then press "Enter".

If signing keys not listed in the provided documentation are present, this is a finding.

Fix Text (F-58437r867539_fix)
Note: If only using Tanium-provided content and not accepting content from any other content providers, this is Not Applicable. Obtain documentation from the Tanium System Administrator that contains the public key validation data. 1. Access the Tanium Server interactively. 2. Log on to the TanOS server with the tanadmin role. 3. Press "2" for "Tanium Operations Menu," and then press "Enter". 4. Press "5" for "Manage Custom Signing Keys," and then press "Enter". 5. Press "A" for "List Content Signing Keys," and then press "Enter". 6. Check the provided documentation and either update the document with the name and SHA-256 hash of the key or remove the key.

Fix Text (F-58437r867539_fix)

Note: If only using Tanium-provided content and not accepting content from any other content providers, this is Not Applicable.

Obtain documentation from the Tanium System Administrator that contains the public key validation data.

1. Access the Tanium Server interactively.

2. Log on to the TanOS server with the tanadmin role.

3. Press "2" for "Tanium Operations Menu," and then press "Enter".

4. Press "5" for "Manage Custom Signing Keys," and then press "Enter".

5. Press "A" for "List Content Signing Keys," and then press "Enter".

6. Check the provided documentation and either update the document with the name and SHA-256 hash of the key or remove the key.