Tanium Comply must be configured to receive OVAL feeds only from trusted sources.

An XCCDF Rule

Description

<VulnDiscussion>OVAL XML documents are provided from several possible sources such as the CIS open source repository, or any number of vendor/3rd party paid repositories. These documents are used to automate the passive validation of vulnerabilities on systems and therefore require a reasonable level of confidence in their origin. Non-approved OVAL definitions lead to a false sense of security when evaluating an enterprise environment.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-93447r1_rule
Severity: Medium
References: CCI-001414
Updated: about 1 year ago

Using a web browser on a system that has connectivity to Tanium, access the Tanium web UI and log on with CAC.

Click on the navigation button (hamburger menu) on the top left of the console.

Click on "Comply".
Along the left side of the interface, click on "Benchmarks" then "Vulnerability".

Delete any vulnerability sources that are configured to non-trusted sources, or reconfigured to point to a trusted sources.

Tanium Comply must be configured to receive OVAL feeds only from trusted sources.

Description

Remediation - Manual Procedure