The Tanium Application Server must be configured to only use Microsoft Active Directory for account management functions.

An XCCDF Rule

Description

<VulnDiscussion>By restricting access to the Tanium Server to only Microsoft Active Directory, user accounts and related permissions can be strictly monitored. Account management will be under the operational responsibility of the System Administrator for the Windows Operation System Active Directory.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-234049r612749_rule
Severity: Medium
References: CCI-000015
Updated: about 1 year ago

Consult with the Tanium System Administrator to review the documented list of Tanium users.

Compare the list of Tanium users versus the users found in the appropriate Active Directory security groups for the User Roles.

Using a web browser on a system that has connectivity to the Tanium Application, access the Tanium Application web user interface (UI).
Log on with CAC.

Click on "Administration".

Select the "Users" tab.

Any users populated manually, select the user's name, and then click on the ""trashcan"" icon at the top of the console to delete this user.

Note: Consult with the Tanium System Administrator before deleting any user accounts to ensure any scheduled actions or other content is reassigned to another user. This will prevent any potential issues arising from the deletion of a user.

The Tanium Application Server must be configured to only use Microsoft Active Directory for account management functions.

Description

Remediation - Manual Procedure