Tanium 7.x Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-APP-000226
Group -
The Tanium Server and Client applications must have logging enabled.
Failure to a known state can address safety or security in accordance with the mission/business needs of the organization. Failure to a known secure state helps prevent a loss of confidentiality, i...Rule Medium Severity -
SRG-APP-000246
Group -
The Tanium application must restrict the ability of individuals to use information systems to launch organization-defined denial-of-service (DoS) attacks against other information systems.
The Tanium Action Approval feature provides a two-person integrity control mechanism designed to achieve a high level of security and reduce the possibility of error for critical operations and DoS...Rule Medium Severity -
SRG-APP-000247
Group -
SRG-APP-000378
Group -
SRG-APP-000266
Group -
The Tanium application must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.
Any application providing too much information in error messages risks compromising the data and security of the application and system. The structure and content of error messages must be carefull...Rule Medium Severity -
SRG-APP-000267
Group -
The Tanium application must reveal error messages only to the information system security officer (ISSO), information system security manager (ISSM), and system administrator (SA).
Only authorized personnel must be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the application. Additionally...Rule Medium Severity -
SRG-APP-000357
Group -
The Tanium application must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.
To ensure applications have a sufficient storage capacity in which to write the audit logs, applications must be able to allocate audit record storage capacity. The task of allocating audit recor...Rule Medium Severity -
SRG-APP-000358
Group -
The Tanium application must offload audit records onto a different system or media than the system being audited.
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Offloading is a common process in information systems with limited audit storage capacity.Rule Medium Severity -
SRG-APP-000380
Group -
The application must enforce access restrictions associated with changes to application configuration.
Failure to provide logical access restrictions associated with changes to application configuration may have significant effects on the overall security of the system. When dealing with access re...Rule Medium Severity -
SRG-APP-000386
Group -
The application must employ a deny-all, permit-by-exception (allowlist) policy to allow the execution of authorized software programs.
Using an allowlist provides a configuration management method for allowing the execution of only authorized software. Using only authorized software decreases risk by limiting the number of potenti...Rule Medium Severity -
SRG-APP-000391
Group -
The Tanium application must accept Personal Identity Verification (PIV) credentials.
The use of PIV credentials facilitates standardization and reduces the risk of unauthorized access. DoD has mandated the use of the CAC to support identity management and personal authentication f...Rule Medium Severity -
SRG-APP-000392
Group -
SRG-APP-000402
Group -
SRG-APP-000456
Group -
SRG-APP-000471
Group -
Tanium must alert the ISSO, ISSM, and other individuals designated by the local organization when the following Indicators of Compromise (IOCs) or potential compromise are detected: real-time intrusion detection; threats identified by authoritative sources (e.g., CTOs); and Category I, II, IV, and VII incidents in accordance with CJCSM 6510.01B.
When a security event occurs, the application that has detected the event must immediately notify the appropriate support personnel so they can respond appropriately. Alerts may be generated from...Rule Medium Severity -
SRG-APP-000516
Group -
Tanium Server processes must be excluded from On-Access scan.
Similar to any other host-based applications, the Tanium Server is subject to the restrictions other system-level software may place on an operating environment. Antivirus, intrusion prevention sys...Rule Medium Severity -
SRG-APP-000580
Group -
The Tanium application must authenticate endpoint devices (servers) before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based.
Without authenticating devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity. Bidirectional authentication provides stronger safeguards to validate the...Rule Medium Severity -
SRG-APP-000015
Group -
SRG-APP-000383
Group -
SRG-APP-000119
Group -
Access to Tanium logs on each endpoint must be restricted by permissions.
For the Tanium Client software to run without impact from external negligent or malicious changes, the permissions on the Tanium log files and their directory must be restricted. Tanium is deploye...Rule Medium Severity -
SRG-APP-000131
Group -
SRG-APP-000142
Group -
Firewall rules must be configured on the Tanium endpoints for client-to-server communications.
In addition to the client-to-server TCP communication that takes place over port 17472, Tanium Clients also communicate to other Tanium-managed computers over port 17472. Without proper firewall co...Rule Medium Severity -
SRG-APP-000328
Group -
Control of the Tanium Client service must be restricted to SYSTEM access only for all managed clients.
The reliability of the Tanium client's ability to operate depends on controlling access to the Tanium client service. By restricting access to SYSTEM access only, the non-Tanium system administrato...Rule Medium Severity -
SRG-APP-000328
Group -
SRG-APP-000328
Group -
The permissions on the Tanium Client directory must be restricted to only the SYSTEM account on all managed clients.
By restricting access to the Tanium Client directory on managed clients, the Tanium client's ability to operate and function as designed will be protected from malicious attack and unintentional mo...Rule Medium Severity -
SRG-APP-000516
Group -
Tanium Client directory and subsequent files must be excluded from On-Access scan.
Similar to any other host-based applications, the Tanium Client is subject to the restrictions other system-level software may place on an operating environment. Antivirus, intrusion prevention sys...Rule Medium Severity -
SRG-APP-000516
Group -
Tanium endpoint files must be excluded from host-based intrusion prevention system (HIPS) intervention.
Similar to any other host-based applications, the Tanium Client is subject to the restrictions other system-level software may place on an operating environment. Antivirus, intrusion prevention sys...Rule Medium Severity -
SRG-APP-000002
Group -
The Tanium application must retain the session lock until the user reestablishes access using established identification and authentication procedures.
Unattended systems are susceptible to unauthorized use and should be locked when unattended. This protects critical and sensitive data from exposure to unauthorized personnel with physical access t...Rule Medium Severity -
SRG-APP-000233
Group -
The Tanium Application Server must be configured with a connector to sync to Microsoft Active Directory for account management functions.
By restricting access to the Tanium Server to only Microsoft Active Directory, user accounts and related permissions can be strictly monitored. Account management will be under the operational resp...Rule Medium Severity -
SRG-APP-000023
Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.