An error occurred:

Check: TANS-CN-000003

Tanium 7.0 STIG: TANS-CN-000003 (in versions v1 r2 through v1 r1)

Title

The Tanium Server must be configured to only use Microsoft Active Directory for account management functions. (Cat II impact)

Discussion

By restricting access to the Tanium Server to only Microsoft Active Directory, user accounts and related permissions can be strictly monitored. Account management will be under the operational responsibility of the System Administrator for the Windows Operation System Active Directory.

Check Content

Using a web browser on a system that has connectivity to Tanium, access the Tanium web user interface (UI) and log on with CAC. Click on the navigation button (hamburger menu) on the top left of the console. Click on "Administration". Select the "Users" tab. Consult with the Tanium System Administrator to review the documented list of Tanium users. Compare the list of Tanium users versus the users found in the appropriate Active Directory security groups for the User Roles. If there are any console users who are listed in the Tanium console that are not found in a synced Active Directory security group, this is a finding. Alternatively, the ISSO can document the non-synced Active Directory security group users and accept the risk for the users. If this is the case, this would no longer be a finding.

Fix Text

Consult with the Tanium System Administrator to review the documented list of Tanium users. Compare the list of Tanium users versus the users found in the appropriate Active Directory security groups for the User Roles. Using a web browser on a system that has connectivity to Tanium, access the Tanium web UI and log on with CAC. Click on "Administration". Select the "Users" tab. Any users populated manually, select the user's name, and then click on the "trashcan" icon at the top of the console to delete this user. Note: Consult with the Tanium System Administrator before deleting any user accounts to ensure any scheduled actions or other content is reassigned to another user. This will prevent any potential issues arising from the deletion of a user.

Additional Identifiers

Rule ID: SV-93309r1_rule

Vulnerability ID: V-78603

Group Title: SRG-APP-000023

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000015

The organization employs automated mechanisms to support the information system account management functions.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AC-2 (1)

Automated System Account Management