An error occurred:

Check: TANS-CL-000009

Tanium 6.5 STIG: TANS-CL-000009 (in versions v1 r3 through v1 r2)

Title

The Tanium Client - Set Action Lock must be set to OFF during maintenance window timeframes only. (Cat II impact)

Discussion

Set Action Lock On will prevent any managed system from executing Tanium generated actions. This functionality is helpful when needing to eliminate systems from taking actions (e.g. patch scanning/installation, unmanaged asset scanning, updating, etc.), whether it is automatically scheduled upon install or manually scheduled. This functionality can also be used to help debug performance issues on a client if there is a fear that Tanium is running an action that could be causing a negative impact. Setting Action Lock Off will ensure any Tanium generated actions are executed at the endpoint.

Check Content

Using a web browser on a system that has connectivity to the Tanium Server, access the Tanium Server web user interface (UI) and log on with CAC. In the “Home” tab, locate the Tanium Administration dashboard. Click on “Client Configuration”. The results will display two windows. One window will show "Clients that can take actions - Action Lock Off" and the other window will show "Clients that cannot take actions - Action Lock On". If any systems are listed in the "Clients that cannot take actions - Action Lock Off" window and it is not an official maintenance window timeframe for those systems, this is a finding.

Fix Text

Using a web browser on a system that has connectivity to the Tanium Server, access the Tanium Server web user interface (UI) and log on with CAC. In the “Home” tab, locate the Tanium Administration dashboard. Click on “Client Configuration”. The results will display two windows. One window will show "Clients that can take actions - Action Lock Off" and the other window will show "Clients that cannot take actions - Action Lock On". In the windows displaying systems with Action Lock Off, highlight to select all systems displayed. Right-click and choose "Deploy Action".

Additional Identifiers

Rule ID: SV-81477r1_rule

Vulnerability ID: V-66987

Group Title: SRG-APP-000516

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000366

Implement the security configuration settings.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-6

Configuration Settings