STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Tanium 7.x Security Technical Implementation Guide

V-253860

CAT II (Medium)

The Tanium Server certificate must be signed by a DoD certificate authority (CA).

Rule ID

SV-253860r997282_rule

STIG

Tanium 7.x Security Technical Implementation Guide

Version

V2R3

CCIs

CCI-002470

Discussion

The Tanium Server has the option to use a "self-signed" certificate or a trusted CA signed certificate for SSL connections. During evaluations of Tanium in lab settings, customers often conclude that a "self-signed" certificate is an acceptable risk. However, in production environments it is critical that an SSL certificate signed by a trusted CA be used on the Tanium Server in lieu of an untrusted and insecure "self-signed" certificate.

Check Content

1. Using a web browser on a system that has connectivity to the Tanium application, access the Tanium application web user interface (UI) and log on with multifactor authentication.

2. When connected, review the certificate for the Tanium Server as noted below.

3. In the web browser, view the certificate and verify it was issued by a DoD root CA. Also verify the certification path's top level is a DoD root CA.

If the certificate authority is not DoD Root CA, this is a finding.

Fix Text

Request or regenerate the certificate from a DoD root CA.