Check: TANS-SV-000030
Tanium 7.0 STIG:
TANS-SV-000030
(in versions v1 r2 through v1 r1)
Title
File integrity monitoring of critical executables that Tanium uses must be configured. (Cat II impact)
Discussion
Tanium inherently watches files and their respective hash values for change but while Tanium can do file integrity checks of critical executables, it is important to conduct File Integrity Monitoring (FIM) via an outside service such as Host Based Security System (HBSS) or similar security suites with FIM capability. These technologies provide independent monitoring of critical Tanium and system binaries.
Check Content
If the site is using Tanium Integrity Monitor, Tanium Integrity Monitor should be used to monitor the file integrity of Tanium critical files. If Tanium Integrity Monitor is not installed, a third-party file integrity monitoring tool must be used to monitor Tanium critical executables, defined files within the Tanium Server directory path. If the file integrity of Tanium critical executables is not monitored, this is a finding.
Fix Text
Implement a file integrity monitoring system to monitor the Tanium critical executable files.
Additional Identifiers
Rule ID: SV-93411r1_rule
Vulnerability ID: V-78705
Group Title: SRG-APP-000377
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001811 |
The information system alerts organization-defined personnel or roles when the unauthorized installation of software is detected. |
Controls
Number | Title |
---|---|
CM-11 (1) |
Alerts For Unauthorized Installations |