Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Tanium 7.0 Security Technical Implementation Guide
SRG-APP-000340
All Active Directory accounts synchronized with Tanium for non-privileged functions must be non-privileged domain accounts.
All Active Directory accounts synchronized with Tanium for non-privileged functions must be non-privileged domain accounts.
An XCCDF Rule
Details
Profiles
Prose
All Active Directory accounts synchronized with Tanium for non-privileged functions must be non-privileged domain accounts.
Medium Severity
<VulnDiscussion>Tanium has the ability to synchronize with Active Directory for Tanium account management. Tanium advises that all replicated accounts for non-privileged level functions should be non-privileged domain accounts. In doing so, should a vulnerability in the industry standard OpenSSL libraries used by Tanium ever come to light, no privileged account information could be gained by an attacker. This is simply good housekeeping and should be exercised with any such platform product.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>