The Tanium Application Server must be configured to only use LDAP for account management functions.

An XCCDF Rule

Description

<VulnDiscussion>Enterprise environments make application account management challenging and complex. A manual process for account management functions adds the risk of a potential oversight or other error. To reduce risk, the Tanium Application Server must be configured to allow for LDAP to provide account management functions that immediately enforce the organization's current account policy.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-254881r960768_rule
Severity: Medium
References: CCI-000015
Updated: 17 days ago

Vendor documentation can be downloaded from the following URL: https://docs.tanium.com/platform_user/platform_user/console_using_ldap.html?Highlight=LDAP
 
1. Using a web browser on a system that has connectivity to the Tanium Application, access the Tanium Application web user interface (UI) and log on with multi-factor authentication. 

2. Click "Administration" on the top navigation banner. 
3. Under "Configuration," select "LDAP/AD Sync Configurations". 

4. Follow the vendor documentation titled "Integrating with LDAP Servers" to implement correct configuration settings for this requirement.

The Tanium Application Server must be configured to only use LDAP for account management functions.

Description

Remediation - Manual Procedure