Tanium 7.x Application on TanOS Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The Tanium application must restrict the ability of individuals to use information systems to launch organization-defined Denial of Service (DoS) attacks against other information systems.
The Tanium Action Approval feature provides a two-person integrity control mechanism designed to achieve a high-level of security and reduce the possibility of error for critical operations and DoS...Rule Medium Severity -
The Tanium application must employ automated mechanisms to determine the state of information system components with regard to flaw remediation using the following frequency: Continuously, where ESS is used; 30 days, for any additional internal network scans not covered by ESS; and annually, for external scans by Computer Network Defense Service Provider (CNDSP).
Without the use of automated mechanisms to scan for security flaws on a continuous and/or periodic basis, the system components may remain vulnerable to the exploits presented by undetected softwar...Rule Medium Severity -
Tanium must notify SA and ISSO when accounts are created.
Once an attacker establishes initial access to a system, the attacker often attempts to create a persistent method of re-establishing access. One way to accomplish this is for the attacker to simpl...Rule Medium Severity -
The Tanium Application Server must be configured with a connector to sync to Microsoft Active Directory for account management functions.
By restricting access to the Tanium Server to only Microsoft Active Directory, user accounts and related permissions can be strictly monitored. Account management will be under the operational resp...Rule Medium Severity -
Tanium must notify system administrator and ISSO of account enabling actions.
Once an attacker establishes access to an application, the attacker often attempts to create a persistent method of re-establishing access. One way to accomplish this is for the attacker to simply ...Rule Medium Severity -
The Tanium application must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.
In order to ensure applications have a sufficient storage capacity in which to write the audit logs, applications need to be able to allocate audit record storage capacity. The task of allocating...Rule Medium Severity -
The Tanium application must prohibit user installation of software without explicit privileged status.
Allowing regular users to install software without explicit privileges creates the risk that untested or potentially malicious software will be installed on the system. Explicit privileges (escalat...Rule Medium Severity -
Firewall rules must be configured on the Tanium Server for Console-to-Server communications.
An HTML5 based application, the Tanium Console runs from any device with a browser that supports HTML5. For security, the HTTP and SOAP communication to the Tanium Server is SSL encrypted, so the T...Rule Medium Severity -
The SSLHonorCipherOrder must be configured to disable weak encryption algorithms on the Tanium Server.
Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. The application must implement cryptographic modules adhering to the higher standards ...Rule Medium Severity -
Tanium must alert the ISSO, ISSM, and other individuals designated by the local organization when the following Indicators of Compromise (IOCs) or potential compromise are detected: real time intrusion detection; threats identified by authoritative sources (e.g., CTOs); and Category I, II, IV, and VII incidents in accordance with CJCSM 6510.01B.
When a security event occurs, the application that has detected the event must immediately notify the appropriate support personnel so they can respond appropriately. Alerts may be generated from...Rule Medium Severity -
Tanium must enforce 24 hours/1 day as the minimum password lifetime.
Enforcing a minimum password lifetime helps prevent repeated password changes to defeat the password reuse or history enforcement requirement.Rule Medium Severity -
SRG-APP-000174
Group -
SRG-APP-000291
Group -
SRG-APP-000001
Group -
SRG-APP-000003
Group -
The Tanium Application Server console must be configured to initiate a session lock after a 15-minute period of inactivity.
The Tanium Console, when multi-factor authentication is enabled, will initiate a session lock based upon the ActivClient or other Smart Card software. By initiating the session lock, the console...Rule Medium Severity -
SRG-APP-000015
Group -
SRG-APP-000015
Group -
SRG-APP-000015
Group -
Content providers must provide their public key to the Tanium administrator to import for validating signed content.
A Tanium Sensor, also called content, enables an organization to gather real-time inventory, configuration, and compliance data elements from managed computers. Sensors gather specific information ...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.