STIGQter: STIG Summary: Tanium 7.3 Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The Tanium Application Server must be configured to only use Microsoft Active Directory for account management functions.

DISA Rule

SV-234049r612749_rule

Vulnerability Number

V-234049

Group Title

SRG-APP-000023

Rule Version

TANS-CN-000003

Severity

CAT II

CCI(s)

• CCI-000015 - The organization employs automated mechanisms to support the information system account management functions.

Weight

10

Fix Recommendation

Consult with the Tanium System Administrator to review the documented list of Tanium users.

Compare the list of Tanium users versus the users found in the appropriate Active Directory security groups for the User Roles.

Using a web browser on a system that has connectivity to the Tanium Application, access the Tanium Application web user interface (UI).

Log on with CAC.

Click on "Administration".

Select the "Users" tab.

Any users populated manually, select the user's name, and then click on the ""trashcan"" icon at the top of the console to delete this user.

Note: Consult with the Tanium System Administrator before deleting any user accounts to ensure any scheduled actions or other content is reassigned to another user. This will prevent any potential issues arising from the deletion of a user.

Check Contents

Using a web browser on a system that has connectivity to the Tanium Application, access the Tanium Application web user interface (UI).

Log on with CAC.

Click on the navigation button (hamburger menu) on the top left of the console.

Click on "Administration".

Select the "Users" tab.

Consult with the Tanium System Administrator to review the documented list of Tanium users.

Compare the list of Tanium users versus the users found in the appropriate Active Directory security groups for the User Roles.

If there are any console users who are listed in the Tanium console that are not found in a synced Active Directory security group, this is a finding.

Alternatively, the ISSO can document the non-synced Active Directory security group users and accept the risk for the users.

If this is the case, this would no longer be a finding.

Vulnerability Number

V-234049

Documentable

False

Rule Version

TANS-CN-000003

Severity Override Guidance

Using a web browser on a system that has connectivity to the Tanium Application, access the Tanium Application web user interface (UI).

Log on with CAC.

Click on the navigation button (hamburger menu) on the top left of the console.

Click on "Administration".

Select the "Users" tab.

Consult with the Tanium System Administrator to review the documented list of Tanium users.

Compare the list of Tanium users versus the users found in the appropriate Active Directory security groups for the User Roles.

If there are any console users who are listed in the Tanium console that are not found in a synced Active Directory security group, this is a finding.

Alternatively, the ISSO can document the non-synced Active Directory security group users and accept the risk for the users.

If this is the case, this would no longer be a finding.

Check Content Reference

M

Target Key

5259

Comments