An error occurred:

Tanium 7.x STIG Version Comparison

Tanium 7.x Security Technical Implementation Guide

Comparison

There are 10 differences between versions v2 r1 (July 24, 2024) (the "left" version) and v2 r3 (July 2, 2025) (the "right" version).

Check TANS-00-001165 was changed between these two versions. Green, underlined text was added, red, struck-out text was removed.

The regular view of the left check and right check may be easier to read.

Text Differences

Title

The Tanium application must restrict the ability of individuals to use information systems to launch organization-defined denial-of-service (DoS) attacks against other information systems.

Check Content

1. Using a web browser on a system that has connectivity to the Tanium application, access the Tanium application web user interface (UI) and log on with multifactor authentication. 2. Click "Administration" on the top navigation banner. 3. Under "Configuration", select "Platform Settings". 4. "Settings". 4. Click the "Advanced Settings" tab. 5. In the "Filter items" search box, type "require_action_approval". 5. "require_action_approval". 6. Click "Enter". If no results are returned, this is a finding. If results are returned for "require_action_approval", but the value is not "1", this is a finding.

Discussion

The Tanium Action Approval feature provides a two-person integrity control mechanism designed to achieve a high level of security and reduce the possibility of error for critical operations and DoS conditions. When this feature is enabled, an action configured by one Tanium console user will require a second Tanium console user with a role of Action Approver (or higher) to approve the action before it is deployed to targeted computers.

Fix

1. Using a web browser on a system that has connectivity to the Tanium application, access the Tanium application web UI and log on with multifactor authentication. 2. Click "Administration" on the top navigation banner. 3. Under "Configuration", select "Platform Settings". 4. "Settings". 4. Click the "Advanced Settings" tab. 5. Click "Create Setting". 5. Setting". 6. Select "Server" box for "Setting Type". 6. Type". 7. In "Create Platform Setting" dialog box, enter "require_action_approval" does not exist: Flag for "Name". 7. "Name". 8. Select "Numeric" radio button for "Value Type". 8. Type". 9. Enter "1" for "Value". 9. "Value". 10. Click "Save".