UCF STIG Viewer Logo

Tanium 7.x Operating System on TanOS Security Technical Implementation Guide


Overview

Date Finding Count (35)
2022-10-31 CAT I (High): 2 CAT II (Med): 33 CAT III (Low): 0
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-254847 High The Tanium Operating System (TanOS) must use multifactor authentication for network access to privileged accounts.
V-254873 High The Tanium Operating System (TanOS) must use a FIPS-validated cryptographic module to provision digital signatures.
V-254850 Medium The Tanium Operating System (TanOS) must terminate all sessions and network connections when nonlocal maintenance is completed.
V-254859 Medium Tanium Operating System (TanOS) must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.
V-254848 Medium The Tanium Operating System (TanOS) must use multifactor authentication for network access to nonprivileged accounts.
V-254849 Medium The Tanium Operating System (TanOS) must use FIPS-validated SHA-2 or higher hash function to protect the integrity of hash message authentication code (HMAC), Key Derivation Functions (KDFs), Random Bit Generation, and hash-only applications.
V-254858 Medium The Tanium Operating System (TanOS) must notify system administrators and ISSOs when accounts are removed.
V-254868 Medium The Tanium operating system (TanOS) must perform data integrity verification on the name/address resolution responses the system receives from authoritative sources.
V-254869 Medium The Tanium operating system (TanOS) must perform data origin verification authentication on the name/address resolution responses the system receives from authoritative sources.
V-254866 Medium The Tanium Operating System (TanOS) must synchronize internal information system clocks to the authoritative time source when the time difference is greater than the organization-defined time period.
V-254867 Medium The Tanium Operating System (TanOS) must be configured to synchronize internal information system clocks with the primary and secondary time sources located in different geographic regions using redundant authoritative time sources.
V-254864 Medium The Tanium operating system (TanOS) must provide an immediate real-time alert to the SA and ISSO, at a minimum, of all audit failure events requiring real-time alerts.
V-254865 Medium The Tanium operating system (TanOS) must, for networked systems, compare internal information system clocks at least every 24 hours with a server synchronized to one of the redundant United States Naval Observatory (USNO) time servers or a time server designated for the appropriate DOD network (NIPRNet/SIPRNet), and/or the Global Positioning System (GPS).
V-254862 Medium The Tanium operating system (TanOS) must offload audit records onto a different system or media than the system being audited.
V-254863 Medium The Tanium operating system (TanOS) must provide an immediate warning to the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity.
V-254860 Medium Tanium must audit and notify system administrators and ISSOs when accounts are enabled.
V-254840 Medium The Tanium Operating System (TanOS) must display the Standard Mandatory DOD Notice and Consent Banner before granting access to the system.
V-254841 Medium The Tanium Operating System (TanOS) must limit the number of concurrent sessions to an organization-defined number for all accounts and/or account types.
V-254842 Medium The Tanium operating system (TanOS) must alert the ISSO and SA (at a minimum) in the event of an audit processing failure.
V-254843 Medium The Tanium Operating System (TanOS) must enforce 24 hours/1 day as the maximum password lifetime.
V-254839 Medium The Tanium Operating System (TanOS) must enforce the limit of three consecutive invalid logon attempts by a user during a 15 minute time period.
V-254844 Medium The Tanium Operating System (TanOS) must enforce a 60-day maximum password lifetime restriction.
V-254845 Medium The Tanium Operating System (TanOS) must prohibit password reuse for a minimum of five generations.
V-254871 Medium The Tanium operating system (TanOS) must install security-relevant software updates within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).
V-254870 Medium The Tanium Operating System (TanOS) must protect against or limit the effects of denial of service (DoS) attacks by employing organization-defined security safeguards.
V-254872 Medium The Tanium operating system (TanOS) must install security-relevant firmware updates within the time period directed by an authoritative source (e.g. IAVM, CTOs, DTMs, and STIGs).
V-254846 Medium The Tanium Operating System (TanOS) must enforce a minimum 15-character password length.
V-254853 Medium The Tanium Operating System (TanOS) must use FIPS-validated encryption and hashing algorithms to protect the confidentiality and integrity of operating system configuration and user-generated data stored on the host.
V-254852 Medium Tanium Operating System (TanOS) must terminate all network connections associated with a communications session at the end of the session, or as follows: For in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity; for user sessions (nonprivileged session), the session must be terminated after 15 minutes of inactivity, except to fulfill documented and validated mission requirements.
V-254851 Medium The Tanium Operating System (TanOS) must manage excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of Denial of Service (DoS) attacks.
V-254861 Medium Tanium must automatically lock accounts and require them be unlocked by an administrator when three unsuccessful login attempts in 15 minutes are exceeded.
V-254857 Medium The Tanium Operating System (TanOS) must audit and notify system administrators and ISSOs when accounts are modified.
V-254856 Medium The Tanium Operating System (TanOS) must notify system administrators and ISSOs when accounts are created.
V-254855 Medium The publicly accessible Tanium Operating System (TanOS) must display the Standard Mandatory DOD Notice and Consent Banner before granting access to the system.
V-254854 Medium The Tanium Operating System (TanOS) must notify the ISSO and ISSM of failed security verification tests.