Skip to content
Log In

I - Mission Critical Sensitive

Rules and Groups employed by this XCCDF Profile

  • SRG-APP-000039

    Group
    Show

  • Tanium Comply must be configured to receive Open Vulnerability and Assessment Language (OVAL) feeds only from trusted sources.

    OVAL XML documents are provided from several possible sources such as the Community Intercomparison Suite (CIS) open-source repository and vendor/third-party paid repositories. These documents are ...
    Rule Medium Severity
    Show

  • SRG-APP-000435

    Group
    Show

  • The Tanium application must limit the bandwidth used in communicating with endpoints to prevent a denial-of-service (DoS) condition at the server.

    DoS is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot accomplish its mission or must operate at degraded capacity. This require...
    Rule Medium Severity
    Show

  • SRG-APP-000516

    Group
    Show

  • Tanium Server files must be excluded from host-based intrusion prevention intervention.

    Similar to any other host-based applications, the Tanium Server is subject to the restrictions other system-level software may place on an operating environment. Antivirus, intrusion prevention sys...
    Rule Medium Severity
    Show

  • SRG-APP-000295

    Group
    Show

  • The Tanium application must set an inactive timeout for sessions.

    Leaving sessions open indefinitely is a major security risk. An attacker can easily use an already authenticated session to access the hosted application as the previously authenticated user. By cl...
    Rule Medium Severity
    Show

  • SRG-APP-000435

    Group
    Show

  • The Tanium application service must be protected from being stopped by a nonprivileged user.

    Denial of service (DoS) is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot accomplish its mission or must operate at degraded cap...
    Rule Medium Severity
    Show

  • SRG-APP-000439

    Group
    Show

  • The Tanium Application, SQL, and Module servers must all be configured to communicate using TLS 1.2 Strict Only.

    Disabling feedback to senders when there is a failure in protocol validation format prevents adversaries from obtaining information that would otherwise be unavailable.
    Rule High Severity
    Show

  • SRG-APP-000439

    Group
    Show

  • The SchUseStrongCrypto registry value must be set.

    Without protection of the transmitted information, confidentiality and integrity may be compromised since unprotected communications can be intercepted and either read or altered. This requirement...
    Rule High Severity
    Show

  • SRG-APP-000439

    Group
    Show

  • The SSLCipherSuite registry value must be set.

    Without protection of the transmitted information, confidentiality and integrity may be compromised since unprotected communications can be intercepted and either read or altered. This requirement...
    Rule High Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules