UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Tanium application must set an inactive timeout for sessions.


Overview

Finding ID Version Rule ID IA Controls Severity
V-254927 TANS-AP-000720 SV-254927r867681_rule Medium
Description
Leaving sessions open indefinitely is a major security risk. An attacker can easily use an already authenticated session to access the hosted application as the previously authenticated user. By closing sessions after a set period of inactivity, the web server can make certain that sessions not closed through the user logging out of an application are eventually closed. Acceptable values are 5 minutes for high-value applications, 10 minutes for medium-value applications, and 20 minutes for low-value applications.
STIG Date
Tanium 7.x Application on TanOS Security Technical Implementation Guide 2022-10-31

Details

Check Text ( C-58540r867679_chk )
Using a web browser on a system that has connectivity to the Tanium Application, access the Tanium Application web user interface (UI).

1. Log on with multi-factor authentication.

2. Click "Administration" at top center of the screen.

3. Select the "Global Settings" under "Management".

4. In "Filter Items" box, enter "max_console_idle_seconds".

If no results are returned, this is a finding.

If results are returned for "max_console_idle_seconds", but the value is not "900" or less, this is a finding.
Fix Text (F-58484r867680_fix)
In the event the "max_console_idle_seconds" setting exists, but is not "900" or less:

1. Using a web browser on a system that has connectivity to the Tanium Application, access the Tanium Application web user interface (UI) and log on with multi-factor authentication.

2. Click "Administration" on the top navigation banner.

3. Under "Configuration," select "Platform Settings".

4. In the "Filter Items" box, enter "max_console_idle_seconds".

5. Select the "max_console_idle_seconds" setting.

6. Enter "900" or less for "Value".

7. Click "Save".


In the event the "max_console_idle_seconds" setting does not exist:

1. Using a web browser on a system that has connectivity to the Tanium Application, access the Tanium Application web user interface (UI) and log on with multi-factor authentication.

2. Click "Administration" on the top navigation banner.

3. Under "Configuration," select "Platform Settings".

4. Click "Create Setting" in the top right.

5. Select "Server" for "Setting Type".

6. In "Create Platform Setting" dialog box, enter "max_console_idle_seconds" for "Name".

7. Select "Numeric" for the "Value Type".

8. Enter "900" or less for the "Value".

9. Click "Save".