STIGQter STIGQter: STIG Summary: Tanium 7.3 Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

Firewall rules must be configured on the Tanium Server for Client-to-Server communications.

DISA Rule

SV-234089r612749_rule

Vulnerability Number

V-234089

Group Title

SRG-APP-000142

Rule Version

TANS-SV-000017

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure host-based and network firewall rules as required, to include Tanium Clients or Zone Clients over TCP port 17472, bi-directionally.

Allow TCP traffic on port 17472 from any computer to be managed on a local area network to any other computer to be managed on the same local area network.

Check Contents

Consult with the Tanium System Administrator to verify which firewall is being used as a host-based firewall on the Tanium Server.

Access the host-based firewall configuration on the Tanium Server.

Validate rules exist, as required, to include:

Between Tanium Clients or Zone Clients over TCP port 17472, bi-directionally.

If a host-based firewall rule does not exist to allow TCP port 17472, bi-directionally, this is a finding.

Consult with the network firewall administrator and validate rules exist for the following:

Allow TCP traffic on port 17472 from any computer to be managed on a local area network to any other computer to be managed on the same local area network.

If a network firewall rule does not exist to allow TCP port 17472 from any managed computer to any other managed computer on the same local area network, this is a finding.

Vulnerability Number

V-234089

Documentable

False

Rule Version

TANS-SV-000017

Severity Override Guidance

Consult with the Tanium System Administrator to verify which firewall is being used as a host-based firewall on the Tanium Server.

Access the host-based firewall configuration on the Tanium Server.

Validate rules exist, as required, to include:

Between Tanium Clients or Zone Clients over TCP port 17472, bi-directionally.

If a host-based firewall rule does not exist to allow TCP port 17472, bi-directionally, this is a finding.

Consult with the network firewall administrator and validate rules exist for the following:

Allow TCP traffic on port 17472 from any computer to be managed on a local area network to any other computer to be managed on the same local area network.

If a network firewall rule does not exist to allow TCP port 17472 from any managed computer to any other managed computer on the same local area network, this is a finding.

Check Content Reference

M

Target Key

5259

Comments