STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Tanium 7.x Application on TanOS Security Technical Implementation Guide

V-254947

CAT II (Medium)

The Tanium Server certificate must be signed by a DOD Certificate Authority.

Rule ID

SV-254947r961596_rule

STIG

Tanium 7.x Application on TanOS Security Technical Implementation Guide

Version

V2R2

CCIs

CCI-002470

Discussion

The Tanium Server has the option to use a "self-signed" certificate or a Trusted Certificate Authority signed certificate for SSL connections. During evaluations of Tanium in Lab settings, customers often conclude that a "self-signed" certificate is an acceptable risk. However, in production environments it is critical that a SSL certificate signed by a Trusted Certificate Authority be used on the Tanium Server in lieu of an untrusted and insecure "self-signed" certificate.

Check Content

1. Using a web browser on a system that has connectivity to the Tanium Application, access the Tanium Application web user interface (UI) and log on with multi-factor authentication.

2. When connected, review the Certificate for the Tanium Server.

3. In the web browser, view the presented Certificate and verify that the Certificate shows as issued by a DOD Root CA. Also verify that the Certification path's top-level is a DOD Root CA.

4. If the certificate authority is not DOD Root CA, this is a finding.

Fix Text

Request or regenerate the certificate from a DOD Root Certificate Authority.