Rule ID
SV-253814r1099936_rule
Version
V2R3
CCIs
Unattended systems are susceptible to unauthorized use and should be locked when unattended. This protects critical and sensitive data from exposure to unauthorized personnel with physical access to the system.
1. Access the Tanium Server. 2. Log on to the server with an account that has administrative privileges. 3. Run regedit as Administrator. 4. Navigate to HKEY_LOCAL_MACHINE >> SOFTWARE >> Wow6432Node >> Tanium >> Tanium Server. 5. Validate the value for REG_DWORD "ForceSOAPSSLClientCert" is set to "1". 6. Navigate to HKEY_LOCAL_MACHINE >> SOFTWARE >> Wow6432Node >> Tanium >> Tanium Server. 7. Validate the following keys exist and are configured: REG_SZ "ClientCertificateAuthField" For example: X509v3 Subject Alternative Name. REG_SZ "ClientCertificateAuthRegex" For example-DoD: .+?Name:\s*?(\S+@[._a-zA-Z0-9]+).* Note: This regex may vary. REG_SZ "ClientCertificateAuth" For example: C:\Program Files\Tanium\Tanium Server\dod.pem If the value for REG_DWORD "ForceSOAPSSLClientCert" is not set to "1" and the remaining registry values are not configured, this is a finding.
Use the vendor documentation titled "Smart card authentication" to implement correct configuration settings for this requirement. 1. Access the Tanium Server. 2. Log on to the server with an account that has administrative privileges. 3. Run regedit as Administrator. 4. Navigate to HKEY_LOCAL_MACHINE >> SOFTWARE >> Wow6432Node >> Tanium >> Tanium Server. 5. Validate the value for REG_DWORD "ForceSOAPSSLClientCert" is set to "1". 6. Navigate to HKEY_LOCAL_MACHINE >> SOFTWARE >> Wow6432Node >> Tanium >> Tanium Server. 7. Configure the following keys: REG_SZ "ClientCertificateAuthField" For example: X509v3 Subject Alternative Name. REG_SZ "ClientCertificateAuthRegex" For example-DoD: .+?Name:\s*?(\S+@[._a-zA-Z0-9]+).* Note: This regex may vary. REG_SZ "ClientCertificateAuth" For example: C:\Program Files\Tanium\Tanium Server\dod.pem