An error occurred:

Check: TANS-SV-000067

Tanium 7.0 STIG: TANS-SV-000067 (in versions v1 r2 through v1 r1)

Title

Tanium must set an inactive timeout for sessions. (Cat II impact)

Discussion

Leaving sessions open indefinitely is a major security risk. An attacker can easily use an already authenticated session to access the hosted application as the previously authenticated user. By closing sessions after a set period of inactivity, the web server can make certain that sessions that are not closed through the user logging out of an application are eventually closed. Acceptable values are 5 minutes for high-value applications, 10 minutes for medium-value applications, and 20 minutes for low-value applications.

Check Content

Using a web browser on a system that has connectivity to Tanium, access the Tanium web user interface (UI) and log on with CAC. Click on the navigation button (hamburger menu) on the top left of the console. Click on "Administration". Select the "Global Settings" tab. In the "Show Settings Containing:" search box, type "max_console_idle_seconds". Enter. If no results are returned, this is a finding. If results are returned for "max_console_idle_seconds", but the value is not "900" or less, this is a finding.

Fix Text

Using a web browser on a system that has connectivity to Tanium, access the Tanium web UI and log on with CAC. Click on the navigation button (hamburger menu) on the top left of the console and then click on "Administration". Select the "Global Settings" tab. Click on "New Setting". In "New System Setting" dialog box, enter "max_console_idle_seconds" for "Setting Name:". Enter "900" for "Setting Value:". Select "Server" from the "Affects" drop-down list. Select "Numeric" from the "Value Type" drop-down list. Click "Save". If "max_console_idle_seconds" exists but is not "900" or less, select the box beside the value and click "Edit". Enter "900" or less for "Setting Value:". Click "Save".

Additional Identifiers

Rule ID: SV-93463r1_rule

Vulnerability ID: V-78757

Group Title: SRG-APP-000295

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-002361

The information system automatically terminates a user session after organization-defined conditions or trigger events requiring session disconnect.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AC-12

Session Termination