STIGQter STIGQter: STIG Summary: Tanium 7.3 Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Feb 2019: The Tanium Server must be configured to only allow signed content to be imported.

DISA Rule

SV-102247r1_rule

Vulnerability Number

V-92145

Group Title

SRG-APP-000131

Rule Version

TANS-SV-000015

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Contact Tanium for a corrected license file.

Check Contents

Note: This requirement only applies to Tanium implementations in production. If implementation being evaluated is in development, this requirement is Not Applicable.

Access the Tanium Server through interactive logon.

Drill to Program Files >> Tanium >> Tanium Server.

Open the "tanium.license" in Notepad and search for "allow_unsigned_import".

If "allow unsigned_import" is followed by ":true", this is a finding.

Vulnerability Number

V-92145

Documentable

False

Rule Version

TANS-SV-000015

Severity Override Guidance

Note: This requirement only applies to Tanium implementations in production. If implementation being evaluated is in development, this requirement is Not Applicable.

Access the Tanium Server through interactive logon.

Drill to Program Files >> Tanium >> Tanium Server.

Open the "tanium.license" in Notepad and search for "allow_unsigned_import".

If "allow unsigned_import" is followed by ":true", this is a finding.

Check Content Reference

M

Target Key

3505

Comments