The Tanium Server certificate must be signed by a DOD Certificate Authority.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-254947 | TANS-AP-001130 | SV-254947r867741_rule | Medium |
| Description |
|---|
| The Tanium Server has the option to use a "self-signed" certificate or a Trusted Certificate Authority signed certificate for SSL connections. During evaluations of Tanium in Lab settings, customers often conclude that a "self-signed" certificate is an acceptable risk. However, in production environments it is critical that a SSL certificate signed by a Trusted Certificate Authority be used on the Tanium Server in lieu of an untrusted and insecure "self-signed" certificate. |
| STIG | Date |
|---|---|
| Tanium 7.x Application on TanOS Security Technical Implementation Guide | 2022-10-31 |
Details
| Check Text ( C-58560r867739_chk ) |
|---|
| 1. Using a web browser on a system that has connectivity to the Tanium Application, access the Tanium Application web user interface (UI) and log on with multi-factor authentication. 2. When connected, review the Certificate for the Tanium Server. 3. In the web browser, view the presented Certificate and verify that the Certificate shows as issued by a DOD Root CA. Also verify that the Certification path's top-level is a DOD Root CA. 4. If the certificate authority is not DOD Root CA, this is a finding. |
| Fix Text (F-58504r867740_fix) |
|---|
| Request or regenerate the certificate from a DOD Root Certificate Authority. |