The Tanium endpoint must have the Tanium Server's pki.db in its installation.
An XCCDF Rule
Description
<VulnDiscussion>Without cryptographic integrity protections in the Tanium Client, information could be altered by unauthorized users without detection. Cryptographic mechanisms used for protecting the integrity of Tanium communications information include signed hash functions using asymmetric cryptography, enabling distribution of the public key to verify the hash information while maintaining the confidentiality of the secret key used to generate the hash. Satisfies: SRG-APP-000158</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-253805r858416_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
For systems that do not have a valid key for the Tanium Server, redeploy the client software from Tanium using Tanium Client Management or work with the Tanium system administrator to accomplish this.
1. Configure a deployment.
2. Deploy the package or installer.