STIGQter: STIG Summary: Tanium 7.0 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 27 July 2018:

The Tanium Server must be configured with a connector to sync to Microsoft Active Directory for account management functions, must isolate security functions from non-security functions, and must terminate shared/group account credentials when members leave the group.

DISA Rule

SV-93307r1_rule

Vulnerability Number

V-78601

Group Title

SRG-APP-000023

Rule Version

TANS-CN-000002

Severity

CAT II

CCI(s)

• CCI-000015 - The organization employs automated mechanisms to support the information system account management functions.
• CCI-001084 - The information system isolates security functions from nonsecurity functions.
• CCI-002142 - The information system terminates shared/group account credentials when members leave the group.

Weight

10

Fix Recommendation

Access the Tanium Module server interactively.

Log on with an account with administrative privileges to the server.

Click "Start" and click the down arrow to view Apps.

Find "Tanium Connection Manager AD Sync".

Right-click on the icon.

Choose to Run-as administrator, at the "User Account Control window" prompt.

Click "Yes".

In the Tanium Connection Manager configuration window, select the "Connector Plug-Ins" tab.

Click the "+" (plus sign) to add a connector.

For "Connector Type:" select "Active Directory Sync" from the drop-down menu.

Assign a unique "Connector Name:" or leave the default of "Active Directory Sync".

Click "OK".

Configure "Active Directory" and "Configuration" tabs with variables according to the site's Active Directory configuration.

Consult the Tanium Administrator for these variables.

Check Contents

Access the Tanium Module server interactively.

Log on with an account with administrative privileges to the server.

Click "Start".

Click the down arrow to view Apps.

Find "Tanium Connection Manager AD Sync".

Right-click on the icon.

Choose to Run-as administrator, at the "User Account Control" window prompt.

Click "Yes".

In the "Tanium Connection Manager" configuration window, select the "Connector Plug-Ins" tab.

Verify a plug-in exists for the "Type" of "Active Directory Sync".

If no plug-in exists with the "Type" of "Active Directory Sync", this is a finding.

Vulnerability Number

V-78601

Documentable

False

Rule Version

TANS-CN-000002

Severity Override Guidance

Access the Tanium Module server interactively.

Log on with an account with administrative privileges to the server.

Click "Start".

Click the down arrow to view Apps.

Find "Tanium Connection Manager AD Sync".

Right-click on the icon.

Choose to Run-as administrator, at the "User Account Control" window prompt.

Click "Yes".

In the "Tanium Connection Manager" configuration window, select the "Connector Plug-Ins" tab.

Verify a plug-in exists for the "Type" of "Active Directory Sync".

If no plug-in exists with the "Type" of "Active Directory Sync", this is a finding.

Check Content Reference

M

Target Key

3215

Comments