STIGQter: STIG Summary: Tanium 7.3 Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

Tanium Trusted Content providers must be documented.

DISA Rule

SV-234079r612749_rule

Vulnerability Number

V-234079

Group Title

SRG-APP-000015

Rule Version

TANS-SV-000003

Severity

CAT II

CCI(s)

• CCI-001453 - The information system implements cryptographic mechanisms to protect the integrity of remote access sessions.

Weight

10

Fix Recommendation

Prepare and maintain documentation identifying the Tanium trusted content providers along with the SHA-256 Hash from their respective public keys.

Check Contents

Note: If only using Tanium provided content and not accepting content from any other content providers, this is Not Applicable.

Consult with the Tanium System Administrator to review the documented list of trusted content providers along with the Hash for their respective public keys.

If the site does not have the Tanium trusted content providers documented along with the SHA-256 Hash for their respective public keys, this is a finding.

Vulnerability Number

V-234079

Documentable

False

Rule Version

TANS-SV-000003

Severity Override Guidance

Note: If only using Tanium provided content and not accepting content from any other content providers, this is Not Applicable.

Consult with the Tanium System Administrator to review the documented list of trusted content providers along with the Hash for their respective public keys.

If the site does not have the Tanium trusted content providers documented along with the SHA-256 Hash for their respective public keys, this is a finding.

Check Content Reference

M

Target Key

5259

Comments