The Tanium application must retain the session lock until the user reestablishes access using established identification and authentication procedures.

An XCCDF Rule

Description

Unattended systems are susceptible to unauthorized use and should be locked when unattended. This protects critical and sensitive data from exposure to unauthorized personnel with physical access to the system.

ID: SV-253814r997251_rule
Version: TANS-CN-000001
Severity: Medium
References: CCI-000060
Updated: 6 days ago

Remediation Templates

Use the vendor documentation titled "Smart card authentication" to implement correct configuration settings for this requirement. 

Vendor documentation can be downloaded from https://docs.tanium.com/platform_deployment_reference/platform_deployment_reference/smart_card_authentication.html?Highlight=cac.
 
1. Access the Tanium Server.
 2. Log on to the server with an account that has administrative privileges.
 
3. Run regedit as Administrator.
 
4. Navigate to HKEY_LOCAL_MACHINE >> SOFTWARE >> Wow6432Node >> Tanium >> Tanium Server.
 
5. Validate the value for REG_DWORD "ForceSOAPSSLClientCert" is set to "1".
 
6. Navigate to HKEY_LOCAL_MACHINE >> SOFTWARE >> Wow6432Node >> Tanium >> Tanium Server.
 
7. Configure the following keys:
 
REG_SZ "ClientCertificateAuthField"
For example: 
X509v3 Subject Alternative Name.
 
REG_SZ "ClientCertificateAuthRegex"
For example-DoD:
.+?Name:\s*?(\S+@[._a-zA-Z0-9]+).*
Note: This regex may vary. 
 
REG_SZ "ClientCertificateAuth"
For example:
C:\Program Files\Tanium\Tanium Server\dod.pem

The Tanium application must retain the session lock until the user reestablishes access using established identification and authentication procedures.

Description

Remediation Templates

A Manual Procedure