STIGQter: STIG Summary: Tanium 7.0 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 27 July 2018:

All Active Directory accounts synchronized with Tanium for non-privileged functions must be non-privileged domain accounts.

DISA Rule

SV-93407r1_rule

Vulnerability Number

V-78701

Group Title

SRG-APP-000340

Rule Version

TANS-SV-000028

Severity

CAT II

CCI(s)

• CCI-002235 - The information system prevents non-privileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.

Weight

10

Fix Recommendation

Access one of the domain's Active Directory Domain Controller servers with a Domain Administrator account.

For each of the users for which a synced account is in the Tanium console as a privileged user, adjust the user to an appropriate security group in Active Directory.

Verify, after syncing with Tanium, the non-privileged user account is no longer in a privileged role within Tanium.

Check Contents

Using a web browser on a system that has connectivity to Tanium, access the Tanium web user interface (UI) and log on with CAC.

Click on the navigation button (hamburger menu) on the top left of the console.

Click on "Administration".

Select the "Users" tab.

Review each of the users listed and determine their Active Directory synced account.

Access one of the domain's Active Directory Domain Controller servers with a Domain Administrator account.

Review each of the users for which a synced account is in the Tanium console as a user.

Validate whether any of the users are considered to be non-privileged in Active Directory, yet have privileged capabilities in Tanium.

If any of the non-privileged Active Directory accounts have elevated privileges and are synced as a Tanium privileged account, this is a finding.

Vulnerability Number

V-78701

Documentable

False

Rule Version

TANS-SV-000028

Severity Override Guidance

Using a web browser on a system that has connectivity to Tanium, access the Tanium web user interface (UI) and log on with CAC.

Click on the navigation button (hamburger menu) on the top left of the console.

Click on "Administration".

Select the "Users" tab.

Review each of the users listed and determine their Active Directory synced account.

Access one of the domain's Active Directory Domain Controller servers with a Domain Administrator account.

Review each of the users for which a synced account is in the Tanium console as a user.

Validate whether any of the users are considered to be non-privileged in Active Directory, yet have privileged capabilities in Tanium.

If any of the non-privileged Active Directory accounts have elevated privileges and are synced as a Tanium privileged account, this is a finding.

Check Content Reference

M

Target Key

3215

Comments