STIGQter: STIG Summary: Tanium 7.3 Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The Tanium Server certificates must have Extended Key Usage entries for the serverAuth object TLS Web Server Authentication and the clientAuth object TLS Web Client Authentication.

DISA Rule

SV-234092r612749_rule

Vulnerability Number

V-234092

Group Title

SRG-APP-000175

Rule Version

TANS-SV-000020

Severity

CAT II

CCI(s)

CCI-000185 - The information system, for PKI-based authentication, validates certifications by constructing and verifying a certification path to an accepted trust anchor including checking certificate status information.

Weight

Fix Recommendation

Request or regenerate the certificate being used to include both the "Server Authentication" and "Client Authentication" objects.

Check Contents

Access the Tanium Application server interactively.

Log on to the server with an account that has administrative privileges.

Navigate to Program Files >> Tanium >> Tanium Server.

Locate the "SOAPServer.crt" file.

Double-click on the file to open the certificate.

Select the "Details" tab.

Scroll down through the details to find and select the "Enhanced Key Usage" field.

If there is no "Enhanced Key Usage" field, this is a finding.

In the bottom screen, verify "Server Authentication" and "Client Authentication" are both identified.

If "Server Authentication" and "Client Authentication" are not both identified, this is a finding.

The Tanium Server certificates must have Extended Key Usage entries for the serverAuth object TLS Web Server Authentication and the clientAuth object TLS Web Client Authentication.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments