STIGQter STIGQter: STIG Summary: Tanium 7.3 Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Feb 2019: Flaw remediation Tanium applications must employ automated mechanisms to determine the state of information system components with regard to flaw remediation using the following frequency: continuously, where HBSS is used; 30 days, for any additional internal network scans not covered by HBSS; and annually, for external scans by Computer Network Defense Service Provider (CNDSP).

DISA Rule

SV-102193r1_rule

Vulnerability Number

V-92091

Group Title

SRG-APP-000270

Rule Version

TANS-CN-000018

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Using a web browser on a system that has connectivity to the Tanium Application, access the Tanium Application web user interface (UI).

Log on with CAC.

Click on the navigation button (hamburger menu) on the top left of the console.

Click on "Administration".

Select the "Scheduled Actions" tab.

Look for a scheduled action targeting all machines that is titled either "Patch - Distribute Scan Configuration" or "Patch Management - Run Patch Scan".

Make sure the action is enabled, and configure it to reissue at a minimum, every "30" days.

Check Contents

Using a web browser on a system that has connectivity to the Tanium Application, access the Tanium Application web user interface (UI).

Log on with CAC.

Click on the navigation button (hamburger menu) on the top left of the console.

Click on "Administration".

Select the "Scheduled Actions" tab.

Look for a scheduled action targeting all machines that is titled either "Patch - Distribute Scan Configuration" or "Patch Management - Run Patch Scan".

If there is no Scheduled Action for patching or the Scheduled Action is less frequent than every "30" days, this is a finding.

Vulnerability Number

V-92091

Documentable

False

Rule Version

TANS-CN-000018

Severity Override Guidance

Using a web browser on a system that has connectivity to the Tanium Application, access the Tanium Application web user interface (UI).

Log on with CAC.

Click on the navigation button (hamburger menu) on the top left of the console.

Click on "Administration".

Select the "Scheduled Actions" tab.

Look for a scheduled action targeting all machines that is titled either "Patch - Distribute Scan Configuration" or "Patch Management - Run Patch Scan".

If there is no Scheduled Action for patching or the Scheduled Action is less frequent than every "30" days, this is a finding.

Check Content Reference

M

Target Key

3505

Comments