The publicly accessible Tanium application must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the application.
DISA Rule
SV-234058r612749_rule
Vulnerability Number
V-234058
Group Title
SRG-APP-000070
Rule Version
TANS-CN-000015
Severity
CAT II
CCI(s)
- CCI-001384 - The information system, for publicly accessible systems, displays system use information organization-defined conditions before granting further access.
- CCI-001385 - The information system, for publicly accessible systems, displays references, if any, to monitoring that are consistent with privacy accommodations for such systems that generally prohibit those activities.
- CCI-001386 - The information system, for publicly accessible systems, displays references, if any, to recording that are consistent with privacy accommodations for such systems that generally prohibit those activities.
- CCI-001387 - The information system, for publicly accessible systems, displays references, if any, to auditing that are consistent with privacy accommodations for such systems that generally prohibit those activities.
- CCI-001388 - The information system, for publicly accessible systems, includes a description of the authorized uses of the system.
- CCI-000048 - The information system displays an organization-defined system use notification message or banner before granting access to the system that provides privacy and security notices consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.
- CCI-000050 - The information system retains the notification message or banner on the screen until users acknowledge the usage conditions and take explicit actions to log on to or further access the information system.
Weight
10
Fix Recommendation
Create an .html file composed of the DoD-authorized warning banner verbiage.
Name the file "warning_banner.html".
Copy the .html file to the Tanium Server’s http folder.
Using a web browser on a system that has connectivity to the Tanium Server, access the Tanium Server web user interface (UI).
Log on with CAC.
Click on the navigation button (hamburger menu) on the top left of the console.
Click on "Administration".
Select the "Global Settings" tab.
Click on "New Setting".
In "New System Setting" dialog box, enter "console_PreLoginBannerHTML" for "Setting Name:".
Enter "warning_banner.html" for "Setting Value:".
Enter Server for "Affects:".
Enter Text for "Value Type:".
Click "Save".
Check Contents
Using a web browser on a system that has connectivity to the Tanium Application, access the Tanium Application web user interface (UI).
If a DoD-approved use notification banner does not display prior to logon, this is a finding.
Vulnerability Number
V-234058
Documentable
False
Rule Version
TANS-CN-000015
Severity Override Guidance
Using a web browser on a system that has connectivity to the Tanium Application, access the Tanium Application web user interface (UI).
If a DoD-approved use notification banner does not display prior to logon, this is a finding.
Check Content Reference
M
Target Key
5259
Comments