STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Tanium 7.x Security Technical Implementation Guide

V-253851

CAT II (Medium)

The Tanium Server certificates must have Extended Key Usage entries for the serverAuth object TLS Web Server Authentication and the clientAuth object TLS Web Client Authentication.

Rule ID

SV-253851r997273_rule

STIG

Tanium 7.x Security Technical Implementation Guide

Version

V2R3

CCIs

CCI-000185

Discussion

Restricting this setting limits the user's ability to change their password. Passwords must be changed at specific policy-based intervals; however, if the application allows the user to immediately and continually change their password, it could be changed repeatedly in a short period of time to defeat the organization's policy regarding password reuse.

Check Content

1. Access the Tanium application server interactively.

2. Log on to the server with an account that has administrative privileges.

3. Navigate to Program Files >> Tanium >> Tanium Server.

4. Locate the "SOAPServer.crt" file.

5. Double-click the file to open the certificate.

6. Select the "Details" tab.

7. Scroll down through the details to find and select the "Enhanced Key Usage" field.

If there is no "Enhanced Key Usage" field, this is a finding.

In the bottom screen, verify "Server Authentication" and "Client Authentication" are both identified.

If "Server Authentication" and "Client Authentication" are not both identified, this is a finding.

Fix Text

Request or regenerate the certificate being used to include both the "Server Authentication" and "Client Authentication" objects.