The Tanium Operating System (TanOS) must prohibit password reuse for a minimum of five generations.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-254845	TANS-OS-000280	SV-254845r866076_rule		Medium

Description
Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. If the information system or application allows the user to consecutively reuse their password when that password has exceeded its defined lifetime, the end result is a password that is not changed as per policy requirements.

STIG	Date
Tanium 7.x Operating System on TanOS Security Technical Implementation Guide	2022-10-31

Details

Check Text ( C-58458r866074_chk )
1. Access the Tanium Server interactively. 2. Log on to the TanOS server with the tanadmin role. 3. Press "C" for "User Administration Menu". 4. Press "L" for "Local Tanium User Management". 5. Press "B" for "Security Policy Local Authentication Service". If "Password History" is not set to "5", this is a finding.

Fix Text (F-58402r866075_fix)
1. Access the Tanium Server interactively. 2. Log on to the TanOS server with the tanadmin role. 3. Press "C" for "User Administration Menu". 4. Press "L" for "Local Tanium User Management". 5. Press "B" for "Security Policy Local Authentication Service". 6. Type "Yes". 7. Press "Enter" to accept the current value for "Define the minimum password in days [0 - 20]". 8. Press "Enter" to accept the current value for "Define the maximum password lifetime in days [0-300]". 9. Press "Enter" to accept the current value for "Define the maximum password length (characters) [0-30]". 10. Set the value for "Define the minimum password history counter [0-10]" to "5". 11. Press "Enter" to accept the current values for the rest of the options. 12. Type "Yes" to apply the new security policy.

Fix Text (F-58402r866075_fix)

1. Access the Tanium Server interactively.

2. Log on to the TanOS server with the tanadmin role.

3. Press "C" for "User Administration Menu".

4. Press "L" for "Local Tanium User Management".

5. Press "B" for "Security Policy Local Authentication Service".

6. Type "Yes".

7. Press "Enter" to accept the current value for "Define the minimum password in days [0 - 20]".

8. Press "Enter" to accept the current value for "Define the maximum password lifetime in days [0-300]".

9. Press "Enter" to accept the current value for "Define the maximum password length (characters) [0-30]".

10. Set the value for "Define the minimum password history counter [0-10]" to "5".

11. Press "Enter" to accept the current values for the rest of the options.

12. Type "Yes" to apply the new security policy.