The Tanium Action Approval feature must be enabled for two-person integrity when deploying actions to endpoints.

An XCCDF Rule

Description

<VulnDiscussion>The Tanium Action Approval feature provides a "four eyes" control mechanism designed to achieve a high-level of security and reduce the possibility of error for critical operations. When this feature is enabled, an action configured by one Tanium console user will require a second Tanium console user with a role of Action Approver (or higher) to approve the action before it is deployed to targeted computers. While this system slows workflow, the reliability of actions deployed will be greater on the Packaging and Targeting.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-234082r612749_rule
Severity: Medium
References: CCI-000213
Updated: about 1 year ago

Using a web browser on a system that has connectivity to the Tanium Application, access the Tanium Application web user interface (UI) and log on with CAC.

Click on the navigation button (hamburger menu) on the top left of the console then click on "Administration".

Select the "Global Settings" tab.
If "require_action_approval" does not exist: click on "New Setting".

In "New System Setting" dialog box, enter "require_action_approval" for "Setting Name:".

Enter "1" for "Setting Value:".

Select "Server" from "Affects" drop-down list.

Select "Numeric" from "Value Type" drop-down list.

Click "Save".

The Tanium Action Approval feature must be enabled for two-person integrity when deploying actions to endpoints.

Description

Remediation - Manual Procedure