Check: TANS-SV-000048
Tanium 7.0 STIG:
TANS-SV-000048
(in versions v1 r2 through v1 r1)
Title
The Tanium documentation identifying recognized and trusted folders for IOC Detect Folder streams must be maintained. (Cat II impact)
Discussion
An IOC stream is a series or "stream" of IOCs that are imported from a vendor based on a subscription service or manually downloaded and placed in a folder. IOC Detect can be configured to retrieve the IOC content on a regularly scheduled basis. The items in an IOC stream can be separately manipulated after they are imported.
Check Content
Consult with the Tanium System Administrator to review the documented list of folder maintainers for IOC Detect Folder streams. If the site does not leverage Folder streams to import IOCs, this finding is "Not Applicable". If the site does use Folder streams to import IOCs and the folder maintainers are not documented, this is a finding.
Fix Text
Prepare and maintain documentation identifying the Tanium IOC Folder stream maintainers.
Additional Identifiers
Rule ID: SV-93437r1_rule
Vulnerability ID: V-78731
Group Title: SRG-APP-000039
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001414 |
The information system enforces approved authorizations for controlling the flow of information between interconnected systems based on organization-defined information flow control policies. |
Controls
| Number | Title |
|---|---|
| AC-4 |
Information Flow Enforcement |