Tanium 7.x Application on TanOS Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The Tanium Action Approval feature must be enabled for two-person integrity when deploying actions to endpoints.
The Tanium Action Approval feature provides a two-person integrity control mechanism designed to achieve a high-level of security and reduce the possibility of error for critical operations. When ...Rule Medium Severity -
SRG-APP-000039
Group -
The Tanium documentation identifying recognized and trusted IOC streams must be maintained.
Using trusted and recognized IOC sources may detect and prevent systems from becoming compromised. An IOC stream is a series or stream of IOCs that are imported from a vendor based on a subscriptio...Rule Medium Severity -
SRG-APP-000039
Group -
Tanium Threat Response must be configured to receive IOC streams only from trusted sources.
Using trusted and recognized IOC sources may detect and prevent systems from becoming compromised. An IOC stream is a series or stream of intel that is imported from a vendor based on a subscriptio...Rule Medium Severity -
SRG-APP-000039
Group -
SRG-APP-000039
Group -
The Tanium Threat Response Local Directory Source must be configured to restrict access to only authorized maintainers of Threat Intel.
Using trusted and recognized IOC sources may detect and prevent systems from becoming compromised. An IOC stream is a series or stream of intel imported from a vendor based on a subscription servic...Rule Medium Severity -
SRG-APP-000039
Group -
The Tanium documentation identifying recognized and trusted SCAP sources must be maintained.
NIST validated SCAP XML documents are provided from several possible sources such as DISA, NIST, and the other nongovernment entities. These documents are used as the basis of compliance definition...Rule Medium Severity -
SRG-APP-000039
Group -
The Tanium documentation identifying recognized and trusted OVAL feeds must be maintained.
OVAL XML documents are provided from several possible sources such as the CIS open source repository, or any number of vendor/third-party paid repositories. These documents are used to automate the...Rule Medium Severity -
SRG-APP-000039
Group -
Tanium Comply must be configured to receive SCAP content only from trusted sources.
NIST-validated SCAP XML documents are provided from several possible sources such as DISA, NIST, and the other nongovernment entities. These documents are used as the basis of compliance definition...Rule Medium Severity -
SRG-APP-000039
Group -
Tanium Comply must be configured to receive OVAL feeds only from trusted sources.
OVAL XML documents are provided from several possible sources such as the CIS open source repository, or any number of vendor/third party paid repositories. These documents are used to automate the...Rule Medium Severity -
SRG-APP-000069
Group -
The publicly accessible Tanium application must retain the Standard Mandatory DOD Notice and Consent Banner on the screen until users acknowledge the usage conditions and take explicit actions to log on for further access.
Display of a standardized and approved use notification before granting access to the publicly accessible application ensures privacy and security notification verbiage used is consistent with appl...Rule Medium Severity -
SRG-APP-000080
Group -
SRG-APP-000108
Group -
The Tanium application must alert the ISSO and SA (at a minimum) in the event of an audit processing failure.
It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without this notification, the security personnel may be unaware of an ...Rule Medium Severity -
SRG-APP-000111
Group -
SRG-APP-000115
Group -
The Tanium applications must provide the capability to filter audit records for events of interest based upon organization-defined criteria.
The ability to specify the event criteria of interest provides the persons reviewing the logs with the ability to quickly isolate and identify these events without having to review entries that are...Rule Medium Severity -
SRG-APP-000119
Group -
Access to Tanium logs on each endpoint must be restricted by permissions.
For the Tanium Client software to run without impact from external negligent or malicious changes, the permissions on the Tanium log files and their directory must be restricted. Tanium is deploye...Rule Medium Severity -
SRG-APP-000121
Group -
The Tanium application must prohibit user installation, modification, or deletion of software without explicit privileged status.
Allowing regular users to install, modify, or delete software, without explicit privileges, creates the risk that the application performs in an inconsistent manner from its design. Explicit privil...Rule Medium Severity -
SRG-APP-000131
Group -
SRG-APP-000131
Group -
The Tanium cryptographic signing capabilities must be enabled on the Tanium Server.
All of Tanium's signing capabilities must be enabled upon install. Tanium supports the cryptographic signing and verification before execution of all Sensors, Questions, Actions, Sensor Libraries, ...Rule Medium Severity -
SRG-APP-000142
Group -
Firewall rules must be configured on the Tanium Endpoints for Client-to-Server communications.
In addition to the client-to-server TCP communication that takes place over port 17472, Tanium Clients also communicate to other Tanium-managed computers over port 17472. Without proper firewall co...Rule Medium Severity -
SRG-APP-000142
Group -
SRG-APP-000142
Group -
SRG-APP-000142
Group -
SRG-APP-000158
Group -
The Tanium endpoint must have the Tanium Servers public key in its installation.
Without cryptographic integrity protections, information can be altered by unauthorized users without detection. Remote access is access to DOD nonpublic information systems by an authorized user ...Rule Medium Severity -
SRG-APP-000164
Group -
The Tanium application must enforce a minimum 15-character password length.
The shorter the password, the lower the number of possible combinations that need to be tested before the password is compromised. Password complexity, or strength, is a measure of the effectivene...Rule Medium Severity -
SRG-APP-000165
Group -
The Tanium application must prohibit password reuse for a minimum of five generations.
Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. To meet password policy requirements, passwords need to...Rule Medium Severity -
SRG-APP-000173
Group -
SRG-APP-000175
Group -
The Tanium Server certificates must have Extended Key Usage entries for the serverAuth object TLS Web Server Authentication and the clientAuth object TLS Web Client Authentication.
Restricting this setting limits the user's ability to change their password. Passwords need to be changed at specific policy based intervals; however, if the application allows the user to immediat...Rule Medium Severity -
SRG-APP-000177
Group -
The Tanium application must be configured for LDAP user/group synchronization to map the authenticated identity to the individual user or group account for PKI-based authentication.
Without mapping the certificate used to authenticate to the user account, the ability to determine the identity of the individual user or group will not be available for forensic analysis.Rule Medium Severity -
SRG-APP-000180
Group -
The Tanium application must uniquely identify and authenticate nonorganizational users (or processes acting on behalf of nonorganizational users).
Lack of authentication and identification enables nonorganizational users to gain access to the application or possibly other information systems and provides an opportunity for intruders to compro...Rule Medium Severity -
SRG-APP-000211
Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.