The Tanium application must employ automated mechanisms to determine the state of information system components with regard to flaw remediation using the following frequency: Continuously, where ESS is used; 30 days, for any additional internal network scans not covered by ESS; and annually, for external scans by Computer Network Defense Service Provider (CNDSP).

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-254922	TANS-AP-000660	SV-254922r867666_rule		Medium

Description
Without the use of automated mechanisms to scan for security flaws on a continuous and/or periodic basis, the system components may remain vulnerable to the exploits presented by undetected software flaws. To support this requirement, the flaw remediation application may have automated mechanisms that perform automated scans for security-relevant software updates (e.g., patches, service packs, and hot fixes) and security vulnerabilities of the information system components being monitored. For example, a method of compliance would be an integrated solution incorporating continuous scanning using ESS and periodic scanning using other tools as specified in the requirement.

Description

Without the use of automated mechanisms to scan for security flaws on a continuous and/or periodic basis, the system components may remain vulnerable to the exploits presented by undetected software flaws. To support this requirement, the flaw remediation application may have automated mechanisms that perform automated scans for security-relevant software updates (e.g., patches, service packs, and hot fixes) and security vulnerabilities of the information system components being monitored. For example, a method of compliance would be an integrated solution incorporating continuous scanning using ESS and periodic scanning using other tools as specified in the requirement.

STIG	Date
Tanium 7.x Application on TanOS Security Technical Implementation Guide	2022-10-31

Details

Check Text ( C-58535r867664_chk )
Note: If Patch is not licensed or used for patch scanning, then this is not applicable. 1. Using a web browser on a system that has connectivity to the Tanium Application, access the Tanium Application web user interface (UI) and log on with multi-factor authentication. 2. Click "Modules" at the top of the console. 3. Select "Patch". 4. On the left expand the menu (three vertical dots). 5. Select "Scan Management". If there are no Scan Configurations for all applicable Operating Systems or Scan Configurations with a Scan Frequency greater than 30 days, this is a finding.

Check Text ( C-58535r867664_chk )

Note: If Patch is not licensed or used for patch scanning, then this is not applicable.

1. Using a web browser on a system that has connectivity to the Tanium Application, access the Tanium Application web user interface (UI) and log on with multi-factor authentication.

2. Click "Modules" at the top of the console.

3. Select "Patch".

4. On the left expand the menu (three vertical dots).

5. Select "Scan Management".

If there are no Scan Configurations for all applicable Operating Systems or Scan Configurations with a Scan Frequency greater than 30 days, this is a finding.

Fix Text (F-58479r867665_fix)
Note: If Patch is not licensed or used for patch scanning, then this is not applicable. 1. Using a web browser on a system that has connectivity to the Tanium Application, access the Tanium Application web user interface (UI) and log on with multi-factor authentication. 2. Click "Modules" on the top navigation banner. 3. Click "Patch". 4. Expand the left menu. 5. Select "Scan Management". 6. Work with the Tanium Administrator to create Scan Configurations that run more often than 30 days.

Fix Text (F-58479r867665_fix)

Note: If Patch is not licensed or used for patch scanning, then this is not applicable.

1. Using a web browser on a system that has connectivity to the Tanium Application, access the Tanium Application web user interface (UI) and log on with multi-factor authentication.

2. Click "Modules" on the top navigation banner.

3. Click "Patch".

4. Expand the left menu.

5. Select "Scan Management".

6. Work with the Tanium Administrator to create Scan Configurations that run more often than 30 days.