STIGQter: STIG Summary: Tanium 7.3 Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The permissions on the Tanium Server registry keys must be restricted to only the Tanium service account and the [Tanium Admins] group.

DISA Rule

SV-234097r612749_rule

Vulnerability Number

V-234097

Group Title

SRG-APP-000328

Rule Version

TANS-SV-000026

Severity

CAT II

CCI(s)

CCI-002165 - The information system enforces organization-defined discretionary access control policies over defined subjects and objects.

Weight

Fix Recommendation

Access the Tanium Server interactively.

Log on to the server with an account that has administrative privileges.

Run regedit as Administrator.

Navigate to HKEY_LOCAL_MACHINE >> SOFTWARE >> Wow6432Node >> Tanium >> Tanium Server.

Right-click on "Tanium Server".

Select "Properties".

Click on the "Security" tab.

Click on the "Advanced" button.

Provide the [Tanium service account] with full permissions.

Provide the [Tanium Admins] group with full permissions.

Reduce permissions for any other accounts with full permissions.

Remove permissions for User accounts.

Check Contents

Access the Tanium Server interactively.

Log on to the server with an account that has administrative privileges.

Run regedit as Administrator.

Navigate to HKEY_LOCAL_MACHINE >> SOFTWARE >> Wow6432Node >> Tanium >> Tanium Server.

Right-click on "Tanium Server".

Select "Permissions".

Click on the "Security" tab.

Click on the "Advanced" button.

Validate the [Tanium service account] has full permissions.

Validate the [Tanium Admins] group has full permissions.

Validate the SYSTEM account has full permissions.

Validate the User accounts do not have any permissions.

If any other account has full permissions and/or the User account has any permissions, this is a finding.

Vulnerability Number

V-234097

Documentable

False

Rule Version

TANS-SV-000026

Severity Override Guidance

Access the Tanium Server interactively.

Log on to the server with an account that has administrative privileges.

Run regedit as Administrator.

Navigate to HKEY_LOCAL_MACHINE >> SOFTWARE >> Wow6432Node >> Tanium >> Tanium Server.

Right-click on "Tanium Server".

Select "Permissions".

Click on the "Security" tab.

Click on the "Advanced" button.

Validate the [Tanium service account] has full permissions.

Validate the [Tanium Admins] group has full permissions.

Validate the SYSTEM account has full permissions.

Validate the User accounts do not have any permissions.

If any other account has full permissions and/or the User account has any permissions, this is a finding.

Check Content Reference

Target Key

5259

The permissions on the Tanium Server registry keys must be restricted to only the Tanium service account and the [Tanium Admins] group.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments