STIGQter: STIG Summary: Tanium 7.3 Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

Content providers must provide their public key to the Tanium administrator to import for validating signed content.

DISA Rule

SV-234080r612749_rule

Vulnerability Number

V-234080

Group Title

SRG-APP-000015

Rule Version

TANS-SV-000004

Severity

CAT II

CCI(s)

• CCI-001453 - The information system implements cryptographic mechanisms to protect the integrity of remote access sessions.

Weight

10

Fix Recommendation

Obtain the public key from the content providers and validate the keys are present in the Tanium folders.

If the public keys are found for non-trusted content providers, remove the associated signing key and remove any content imported by that provider.

Access the Tanium Server interactively.

Log on to the server with an account that has administrative privileges.

Open an Explorer window.

Navigate to the following folder: Program Files >> Tanium >> Tanium Server >> content_public_keys >> content folder.

Copy any Trusted Source's .pub key into the folder and document them.

Remove any non-Trusted Source's .pub keys from the folder.

Check Contents

Note: If only using Tanium provided content and not accepting content from any other content providers, this is Not Applicable.

Obtain documentation from the Tanium System Administrator that contains the public key validation data.

Access the Tanium Server interactively.

Log on to the server with an account that has administrative privileges.

Open an Explorer window.

Navigate to the following folder: Program Files >> Tanium >> Tanium Server >> content_public_keys >> content folder.

If the Tanium default content-release.pub key is the only key in the folder, this is not a finding.

If there are documented content provider keys in the content folder, this is not a finding.

If non-documented content provider keys are found in the content folder, this is a finding.

Vulnerability Number

V-234080

Documentable

False

Rule Version

TANS-SV-000004

Severity Override Guidance

Note: If only using Tanium provided content and not accepting content from any other content providers, this is Not Applicable.

Obtain documentation from the Tanium System Administrator that contains the public key validation data.

Access the Tanium Server interactively.

Log on to the server with an account that has administrative privileges.

Open an Explorer window.

Navigate to the following folder: Program Files >> Tanium >> Tanium Server >> content_public_keys >> content folder.

If the Tanium default content-release.pub key is the only key in the folder, this is not a finding.

If there are documented content provider keys in the content folder, this is not a finding.

If non-documented content provider keys are found in the content folder, this is a finding.

Check Content Reference

M

Target Key

5259

Comments