An error occurred:

Check: TANS-CN-000001

Tanium 7.x STIG: TANS-CN-000001 (in versions v2 r1 through v1 r1)

Title

The Tanium application must retain the session lock until the user reestablishes access using established identification and authentication procedures. (Cat II impact)

Discussion

Unattended systems are susceptible to unauthorized use and should be locked when unattended. This protects critical and sensitive data from exposure to unauthorized personnel with physical access to the system.

Check Content

1. Access the Tanium Server. 2. Log on to the server with an account that has administrative privileges. 3. Run regedit as Administrator. 4. Navigate to HKEY_LOCAL_MACHINE >> SOFTWARE >> Wow6432Node >> Tanium >> Tanium Server. 5. Validate the value for REG_DWORD "ForceSOAPSSLClientCert" is set to "1". 6. Navigate to HKEY_LOCAL_MACHINE >> SOFTWARE >> Wow6432Node >> Tanium >> Tanium Server. 7. Validate the following keys exist and are configured: REG_SZ "ClientCertificateAuthField" For example: X509v3 Subject Alternative Name. REG_SZ "ClientCertificateAuthRegex" For example-DoD: .+?Name:\s*?(\S+@[._a-zA-Z0-9]+).* Note: This regex may vary. REG_SZ "ClientCertificateAuth" For example: C:\Program Files\Tanium\Tanium Server\dod.pem If the value for REG_DWORD "ForceSOAPSSLClientCert" is not set to "1" and the remaining registry values are not configured, this is a finding.

Fix Text

Use the vendor documentation titled "Smart card authentication" to implement correct configuration settings for this requirement. Vendor documentation can be downloaded from https://docs.tanium.com/platform_deployment_reference/platform_deployment_reference/smart_card_authentication.html?Highlight=cac. 1. Access the Tanium Server. 2. Log on to the server with an account that has administrative privileges. 3. Run regedit as Administrator. 4. Navigate to HKEY_LOCAL_MACHINE >> SOFTWARE >> Wow6432Node >> Tanium >> Tanium Server. 5. Validate the value for REG_DWORD "ForceSOAPSSLClientCert" is set to "1". 6. Navigate to HKEY_LOCAL_MACHINE >> SOFTWARE >> Wow6432Node >> Tanium >> Tanium Server. 7. Configure the following keys: REG_SZ "ClientCertificateAuthField" For example: X509v3 Subject Alternative Name. REG_SZ "ClientCertificateAuthRegex" For example-DoD: .+?Name:\s*?(\S+@[._a-zA-Z0-9]+).* Note: This regex may vary. REG_SZ "ClientCertificateAuth" For example: C:\Program Files\Tanium\Tanium Server\dod.pem

Additional Identifiers

Rule ID: SV-253814r997251_rule

Vulnerability ID: V-253814

Group Title: SRG-APP-000002

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000060

Conceal, via the device lock, information previously visible on the display with a publicly viewable image.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AC-11(1)

Pattern-hiding Displays