← Back to Tanium 7.x Security Technical Implementation Guide

V-253816

CAT II (Medium)

The Tanium Application Server must be configured to only use LDAP for account management functions.

Rule ID

SV-253816r1099940_rule

STIG

Tanium 7.x Security Technical Implementation Guide

Version

V2R3

CCIs

CCI-000015

Discussion

Enterprise environments make application account management challenging and complex. A manual process for account management functions adds the risk of a potential oversight or other error. To reduce risk, the Tanium application must be configured to allow for LDAP to provide account management functions that immediately enforce the organization's current account policy.

Check Content

1. Using a web browser on a system that has connectivity to the Tanium application, access the Tanium application web user interface (UI) and log on with multifactor authentication.
 
2. Click "Administration" on the top navigation banner.
 
3. Under "Configuration", select "LDAP/AD Sync Configurations".
 
4. Ensure LDAP sync is enabled.
 
If LDAP is not enabled, this is a finding.

Fix Text

1. Using a web browser on a system that has connectivity to the Tanium application, access the Tanium application web UI and log on with multifactor authentication. 

2. Click "Administration" on the top navigation banner. 

3. Under "Configuration", select "LDAP/AD Sync Configurations". 

4. Follow the vendor documentation titled "Integrating with LDAP Servers" to implement correct configuration settings for this requirement.