STIGQter: STIG Summary: Tanium 7.0 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 27 July 2018:

Content providers must provide their public key to the Tanium administrator to import for validating signed content.

DISA Rule

SV-93369r1_rule

Vulnerability Number

V-78663

Group Title

SRG-APP-000015

Rule Version

TANS-SV-000004

Severity

CAT II

CCI(s)

• CCI-001453 - The information system implements cryptographic mechanisms to protect the integrity of remote access sessions.

Weight

10

Fix Recommendation

Obtain the public key from the content providers and validate the keys are present in the Tanium folders. If the public keys are found for non-trusted content providers, remove the associated signing key and remove any content imported by that provider.

Access the Tanium Server interactively.

Log on with an account with administrative privileges to the server.

Open an Explorer window.

Navigate to the following folder: Program Files >> Tanium >> Tanium Server >> content_public_keys >> content folder.

Copy any Trusted Source's .pub key into the folder and document them.

Remove any non-Trusted Source's .pub keys from the folder.

Check Contents

Note: If only using Tanium provided content and not accepting content from any other content providers, this is "Not Applicable".

Obtain documentation from the Tanium System Administrator that contains the public key validation data.

Access the Tanium Server interactively.

Log on with an account with administrative privileges to the server.

Open an Explorer window.

Navigate to the following folder: Program Files >> Tanium >> Tanium Server >> content_public_keys >> content folder.

If the Tanium default content-release.pub key is the only key in the folder, this is not a finding.

If there are documented content provider keys in the content folder, this is not a finding.

If non-documented content provider keys are found in the content folder, this is a finding.

Vulnerability Number

V-78663

Documentable

False

Rule Version

TANS-SV-000004

Severity Override Guidance

Note: If only using Tanium provided content and not accepting content from any other content providers, this is "Not Applicable".

Obtain documentation from the Tanium System Administrator that contains the public key validation data.

Access the Tanium Server interactively.

Log on with an account with administrative privileges to the server.

Open an Explorer window.

Navigate to the following folder: Program Files >> Tanium >> Tanium Server >> content_public_keys >> content folder.

If the Tanium default content-release.pub key is the only key in the folder, this is not a finding.

If there are documented content provider keys in the content folder, this is not a finding.

If non-documented content provider keys are found in the content folder, this is a finding.

Check Content Reference

M

Target Key

3215

Comments