STIGQter: STIG Summary: Tanium 7.0 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 27 July 2018:

Flaw remediation Tanium applications must employ automated mechanisms to determine the state of information system components with regard to flaw remediation using the following frequency: continuously, where HBSS is used; 30 days, for any additional internal network scans not covered by HBSS; and annually, for external scans by Computer Network Defense Service Provider (CNDSP).

DISA Rule

SV-93331r1_rule

Vulnerability Number

V-78625

Group Title

SRG-APP-000270

Rule Version

TANS-CN-000018

Severity

CAT II

CCI(s)

• CCI-001233 - The organization employs automated mechanisms on an organization-defined frequency to determine the state of information system components with regard to flaw remediation.

Weight

10

Fix Recommendation

Using a web browser on a system that has connectivity to Tanium, access the Tanium web UI and log on with CAC.

Click on the navigation button (hamburger menu) on the top left of the console.

Click on "Administration".

Select the "Scheduled Actions" tab.

Look for a scheduled action targeting all machines that is titled either "Patch - Distribute Scan Configuration" or "Patch Management - Run Patch Scan".

Make sure the action is enabled, and configure it to reissue at a minimum, every "30" days.

Check Contents

Using a web browser on a system that has connectivity to Tanium, access the Tanium web user interface (UI) and log on with CAC.

Click on the navigation button (hamburger menu) on the top left of the console.

Click on "Administration".

Select the "Scheduled Actions" tab.

Look for a scheduled action targeting all machines that is titled either "Patch - Distribute Scan Configuration" or "Patch Management - Run Patch Scan".

If there is no Scheduled Action for patching or the Scheduled Action is less frequent than every "30" days, this is a finding.

Vulnerability Number

V-78625

Documentable

False

Rule Version

TANS-CN-000018

Severity Override Guidance

Using a web browser on a system that has connectivity to Tanium, access the Tanium web user interface (UI) and log on with CAC.

Click on the navigation button (hamburger menu) on the top left of the console.

Click on "Administration".

Select the "Scheduled Actions" tab.

Look for a scheduled action targeting all machines that is titled either "Patch - Distribute Scan Configuration" or "Patch Management - Run Patch Scan".

If there is no Scheduled Action for patching or the Scheduled Action is less frequent than every "30" days, this is a finding.

Check Content Reference

M

Target Key

3215

Comments