The Tanium application must restrict the ability of individuals to use information systems to launch organization-defined Denial of Service (DoS) attacks against other information systems.

An XCCDF Rule

Description

<VulnDiscussion>The Tanium Action Approval feature provides a two-person integrity control mechanism designed to achieve a high-level of security and reduce the possibility of error for critical operations and DoS conditions. When this feature is enabled, an action configured by one Tanium console user will require a second Tanium console user with a role of Action Approver (or higher) to approve the action before it is deployed to targeted computers.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-254919r867657_rule
Severity: Medium
References: CCI-001094
Updated: about 1 year ago

1. Using a web browser on a system that has connectivity to the Tanium Application, access the Tanium Application web user interface (UI) and log on with multi-factor authentication.

2. Click "Administration" on the top navigation banner.

3. Under "Configuration," select "Platform Settings".
4. Click "Create Setting".

5. Select "Server" for "Setting Type".

5. In "Create Platform Setting" dialog box, enter "require_action_approval" does not exist: Flag" for " Name".

6. Select the "Numeric" radio button for "Value Type".

7. Enter "1" for "Value".

8. Click "Save".

The Tanium application must restrict the ability of individuals to use information systems to launch organization-defined Denial of Service (DoS) attacks against other information systems.

Description

Remediation - Manual Procedure