An error occurred:

Check: TANS-SV-000006

Tanium 7.x STIG: TANS-SV-000006 (in versions v2 r1 through v1 r1)

Title

The Tanium Action Approval feature must be enabled for two-person integrity when deploying actions to endpoints. (Cat II impact)

Discussion

The Tanium Action Approval feature provides a two-person integrity control mechanism designed to achieve a high level of security and reduce the possibility of error for critical operations. When this feature is enabled, an action configured by one Tanium console user will require a second Tanium console user with a role of Action Approver (or higher) to approve the action before it is deployed to targeted computers. While this system slows workflow, the reliability of actions deployed will be greater on the Packaging and Targeting. Satisfies: SRG-APP-000488

Check Content

1. Using a web browser on a system that has connectivity to the Tanium application, access the Tanium application web user interface (UI) and log on with multifactor authentication. 2. Click "Administration" on the top navigation banner. 3. Under "Configuration", select "Platform Settings". 4. In the "Filter items" search box, type "require_action_approval". 5. Click "Enter". If no results are returned, this is a finding. If results are returned for "require_action_approval", but the value is not "1", this is a finding.

Fix Text

1. Using a web browser on a system that has connectivity to the Tanium application, access the Tanium application web UI and log on with multifactor authentication. 2. Click "Administration" on the top navigation banner. 3. Under "Configuration", select "Platform Settings". 4. If "require_action_approval" does not exist: click "Create Setting". 5. Select "Server" box for "Setting Type". 6. In "Create Platform Setting" dialog box, enter "require_action_approval" for "Name". 7. Select "Numeric" radio button from "Value Type". 8. Select "Value" and enter "1". 9. Click "Save".

Additional Identifiers

Rule ID: SV-253841r960792_rule

Vulnerability ID: V-253841

Group Title: SRG-APP-000033

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000213

Enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.
CCI-002460

Enforce organization-defined actions prior to executing mobile code.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AC-3

Access Enforcement
SC-18(4)

Prevent Automatic Execution