UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Tanium documentation identifying recognized and trusted IOC streams must be maintained.


Overview

Finding ID Version Rule ID IA Controls Severity
V-254887 TANS-AP-000130 SV-254887r960804_rule Medium
Description
Using trusted and recognized IOC sources may detect and prevent systems from becoming compromised. An IOC stream is a series or stream of IOCs that are imported from a vendor based on a subscription service. An IOC stream can be downloaded manually or on a scheduled basis. The items in an IOC stream can be separately manipulated after they are imported.
STIG Date
Tanium 7.x Application on TanOS Security Technical Implementation Guide 2024-06-04

Details

Check Text ( C-58500r867559_chk )
Consult with the Tanium System Administrator to determine if the Threat Response module is being used. If not, this is Not Applicable.

Review the documented list of IOC trusted stream sources.

If the site does use an external source for IOCs and the IOC trusted stream source is not documented, this is a finding.
Fix Text (F-58444r867560_fix)
Prepare and maintain documentation identifying the Threat Response trusted stream sources.