STIGQter: STIG Summary: Tanium 7.0 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 27 July 2018:

The Tanium endpoint must have the Tanium Servers public key in its installation, which will allow it to authenticate and uniquely identify all network-connected endpoint devices before establishing any connection.

DISA Rule

SV-93283r1_rule

Vulnerability Number

V-78577

Group Title

SRG-APP-000015

Rule Version

TANS-CL-000001

Severity

CAT II

CCI(s)

• CCI-000778 - The information system uniquely identifies an organization-defined list of specific and/or types of devices before establishing a local, remote, or network connection.
• CCI-001453 - The information system implements cryptographic mechanisms to protect the integrity of remote access sessions.
• CCI-001958 - The information system authenticates an organization-defined list of specific and/or types of devices before establishing a local, remote, or network connection.

Weight

10

Fix Recommendation

For systems that do not have a valid key for the Tanium Server, redeploy the client software from Tanium using the Tanium Client Deployment Tool or work with the Tanium System Administrator to accomplish this.

Check Contents

The Tanium endpoint makes a connection to the Tanium Server, the endpoint's copy of the Tanium Server's public key is used to verify the validity of the registration day coming from the Tanium Server.

If any endpoint systems do not have the correct Tanium Server public key in its configuration, they will not perform any instructions from the Tanium Server and a record of those endpoints will be listed in the Tanium Server's System Status.

To validate, Click on the navigation button (hamburger menu) on the top left of the console.

Click on "Administration".

Select the "System Status" tab.

Change "Show systems that have reported in the last:", enter "7" in the first field and select "Days" from the drop-down menu in the second field to determine if any endpoints connected with an invalid key.

If any systems are listed with "No" in the "Valid Key" column, this is a finding.

Vulnerability Number

V-78577

Documentable

False

Rule Version

TANS-CL-000001

Severity Override Guidance

The Tanium endpoint makes a connection to the Tanium Server, the endpoint's copy of the Tanium Server's public key is used to verify the validity of the registration day coming from the Tanium Server.

If any endpoint systems do not have the correct Tanium Server public key in its configuration, they will not perform any instructions from the Tanium Server and a record of those endpoints will be listed in the Tanium Server's System Status.

To validate, Click on the navigation button (hamburger menu) on the top left of the console.

Click on "Administration".

Select the "System Status" tab.

Change "Show systems that have reported in the last:", enter "7" in the first field and select "Days" from the drop-down menu in the second field to determine if any endpoints connected with an invalid key.

If any systems are listed with "No" in the "Valid Key" column, this is a finding.

Check Content Reference

M

Target Key

3215

Comments