STIGQter: STIG Summary: Tanium 7.3 Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The vulnerability scanning application must implement privileged access authorization to all Tanium information systems and infrastructure components for selected organization-defined vulnerability scanning activities.

DISA Rule

SV-234034r612749_rule

Vulnerability Number

V-234034

Group Title

SRG-APP-000414

Rule Version

TANS-00-000755

Severity

CAT II

CCI(s)

• CCI-001067 - The information system implements privileged access authorization to organization-identified information system components for selected organization-defined vulnerability scanning activities.

Weight

10

Fix Recommendation

Prepare and maintain documentation identifying the Tanium Comply users and their respective User Roles and AD security groups.

Check Contents

Consult with the Tanium System Administrator to review the documented list of Tanium users.

If any users have access to Tanium Comply and are not on the list of documented users, this is a finding.

If Tanium Comply is not installed, this check is Not Applicable.

Vulnerability Number

V-234034

Documentable

False

Rule Version

TANS-00-000755

Severity Override Guidance

Consult with the Tanium System Administrator to review the documented list of Tanium users.

If any users have access to Tanium Comply and are not on the list of documented users, this is a finding.

If Tanium Comply is not installed, this check is Not Applicable.

Check Content Reference

M

Target Key

5259

Comments