STIGQter STIGQter: STIG Summary: Tanium 7.0 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 27 July 2018:

The Tanium Server certificates must have Extended Key Usage entries for the serverAuth object TLS Web Server Authentication and the clientAuth object TLS Web Client Authentication.

DISA Rule

SV-93393r1_rule

Vulnerability Number

V-78687

Group Title

SRG-APP-000175

Rule Version

TANS-SV-000020

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Request or regenerate the certificate being used to include both the "Server Authentication" and "Client Authentication" objects.

Check Contents

Access the Tanium Server interactively.

Log on with an account with administrative privileges to the server.

Navigate to Program Files >> Tanium >> Tanium Server.

Locate the SOAPServer.crt file.

Double-click on the file to open the certificate.

Select the "Details" tab.

Scroll down through the details to find and select the "Enhanced Key Usage" Field.

If there is no "Enhanced Key Usage" field, this is a finding.

In the bottom screen, verify "Server Authentication" and "Client Authentication" are both identified.

If "Server Authentication" and "Client Authentication" are not both identified, this is a finding.

Vulnerability Number

V-78687

Documentable

False

Rule Version

TANS-SV-000020

Severity Override Guidance

Access the Tanium Server interactively.

Log on with an account with administrative privileges to the server.

Navigate to Program Files >> Tanium >> Tanium Server.

Locate the SOAPServer.crt file.

Double-click on the file to open the certificate.

Select the "Details" tab.

Scroll down through the details to find and select the "Enhanced Key Usage" Field.

If there is no "Enhanced Key Usage" field, this is a finding.

In the bottom screen, verify "Server Authentication" and "Client Authentication" are both identified.

If "Server Authentication" and "Client Authentication" are not both identified, this is a finding.

Check Content Reference

M

Target Key

3215

Comments