STIGQter: STIG Summary: Tanium 7.3 Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

Flaw remediation Tanium applications must employ automated mechanisms to determine the state of information system components with regard to flaw remediation using the following frequency: continuously, where HBSS is used; 30 days, for any additional internal network scans not covered by HBSS; and annually, for external scans by Computer Network Defense Service Provider (CNDSP).

DISA Rule

SV-234060r612749_rule

Vulnerability Number

V-234060

Group Title

SRG-APP-000270

Rule Version

TANS-CN-000018

Severity

CAT II

CCI(s)

CCI-001233 - The organization employs automated mechanisms on an organization-defined frequency to determine the state of information system components with regard to flaw remediation.

Weight

Fix Recommendation

Using a web browser on a system that has connectivity to the Tanium Application, access the Tanium Application web user interface (UI).

Log on with CAC.

Click on the navigation button (hamburger menu) on the top left of the console.

Click on "Administration".

Select the "Scheduled Actions" tab.

Look for a scheduled action targeting all machines that is titled either "Patch - Distribute Scan Configuration" or "Patch Management - Run Patch Scan".

Make sure the action is enabled, and configure it to reissue at a minimum, every "30" days.

Check Contents

Using a web browser on a system that has connectivity to the Tanium Application, access the Tanium Application web user interface (UI).

Log on with CAC.

Click on the navigation button (hamburger menu) on the top left of the console.

Click on "Administration".

Select the "Scheduled Actions" tab.

Look for a scheduled action targeting all machines that is titled either "Patch - Distribute Scan Configuration" or "Patch Management - Run Patch Scan".

If there is no Scheduled Action for patching or the Scheduled Action is less frequent than every "30" days, this is a finding.

Vulnerability Number

V-234060

Documentable

False

Rule Version

TANS-CN-000018

Severity Override Guidance

Using a web browser on a system that has connectivity to the Tanium Application, access the Tanium Application web user interface (UI).

Log on with CAC.

Click on the navigation button (hamburger menu) on the top left of the console.

Click on "Administration".

Select the "Scheduled Actions" tab.

Look for a scheduled action targeting all machines that is titled either "Patch - Distribute Scan Configuration" or "Patch Management - Run Patch Scan".

If there is no Scheduled Action for patching or the Scheduled Action is less frequent than every "30" days, this is a finding.

Check Content Reference

Target Key

5259

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments