STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 4 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Tanium 7.x Application on TanOS Security Technical Implementation Guide

V-254927

CAT II (Medium)

The Tanium application must set an inactive timeout for sessions.

Rule ID

SV-254927r1067716_rule

STIG

Tanium 7.x Application on TanOS Security Technical Implementation Guide

Version

V2R2

CCIs

CCI-002361

Discussion

Leaving sessions open indefinitely is a major security risk. An attacker can easily use an already authenticated session to access the hosted application as the previously authenticated user. By closing sessions after a set period of inactivity, the web server can make certain that sessions not closed through the user logging out of an application are eventually closed. Acceptable values are 5 minutes for high-value applications, 10 minutes for medium-value applications, and 20 minutes for low-value applications.

Check Content

1. Using a web browser on a system that has connectivity to the Tanium Application, access the Tanium Application web user interface (UI) and log on with multifactor authentication.

2. Click "Administration" on the top navigation banner.

3. Under "Configuration", select "Settings".

4. Click the "Advanced Settings" tab.

5. In "Filter Items" box, enter "max_console_idle_seconds".

6. Click "Enter".

If no results are returned, this is a finding.

If results are returned for "max_console_idle_seconds", but the value is not "900" or less, this is a finding.

Fix Text

In the event the "max_console_idle_seconds" setting exists, but is not "900" or less: 

1. Using a web browser on a system that has connectivity to the Tanium Application, access the Tanium Application web user interface (UI) and log on with multifactor authentication.

2. Click "Administration" on the top navigation banner.

3. Under "Configuration", select "Settings".

4. Click the "Advanced Settings" tab.

5. In the "Filter Items" box, enter "max_console_idle_seconds".

6. Select the "max_console_idle_seconds" setting.

7. Enter "900" or less for "Value".

8. Click "Save".

In the event the "max_console_idle_seconds" setting does not exist:

1. Using a web browser on a system that has connectivity to the Tanium Application, access the Tanium Application web user interface (UI) and log on with multifactor authentication.

2. Click "Administration" on the top navigation banner.

3. Under "Configuration", select "Settings".

4. Click the "Advanced Settings" tab.

5. Click "Create Setting" in the top right.

6. Select "Server" for "Setting Type".

7. In "Create Platform Setting" dialog box, enter "max_console_idle_seconds" for "Name".

8. Select "Numeric" for the "Value Type".

9. Enter "900" or less for the "Value".

10. Click "Save".