Skip to content
Log In

Tanium 7.x Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-APP-000039

    Group
    Show

  • The Tanium documentation identifying recognized and trusted Open Vulnerability and Assessment Language (OVAL) feeds must be maintained.

    OVAL XML documents are provided from several possible sources such as the Community Intercomparison Suite (CIS) open-source repository and vendor/third-party paid repositories. These documents are ...
    Rule Medium Severity
    Show

  • SRG-APP-000039

    Group
    Show

  • SRG-APP-000039

    Group
    Show

  • Tanium Comply must be configured to receive Open Vulnerability and Assessment Language (OVAL) feeds only from trusted sources.

    OVAL XML documents are provided from several possible sources such as the Community Intercomparison Suite (CIS) open-source repository and vendor/third-party paid repositories. These documents are ...
    Rule Medium Severity
    Show

  • SRG-APP-000435

    Group
    Show

  • SRG-APP-000516

    Group
    Show

  • Tanium Server files must be excluded from host-based intrusion prevention intervention.

    Similar to any other host-based applications, the Tanium Server is subject to the restrictions other system-level software may place on an operating environment. Antivirus, intrusion prevention sys...
    Rule Medium Severity
    Show

  • SRG-APP-000295

    Group
    Show

  • The Tanium application must set an inactive timeout for sessions.

    Leaving sessions open indefinitely is a major security risk. An attacker can easily use an already authenticated session to access the hosted application as the previously authenticated user. By cl...
    Rule Medium Severity
    Show

  • SRG-APP-000435

    Group
    Show

  • SRG-APP-000439

    Group
    Show

  • The Tanium Application, SQL, and Module servers must all be configured to communicate using TLS 1.2 Strict Only.

    Disabling feedback to senders when there is a failure in protocol validation format prevents adversaries from obtaining information that would otherwise be unavailable.
    Rule High Severity
    Show

  • SRG-APP-000439

    Group
    Show

  • SRG-APP-000439

    Group
    Show

  • The SSLCipherSuite registry value must be set.

    Without protection of the transmitted information, confidentiality and integrity may be compromised since unprotected communications can be intercepted and either read or altered. This requirement...
    Rule High Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules