STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Tanium 7.3 Security Technical Implementation Guide

V-234106

CAT II (Medium)

The Tanium Server certificate must be signed by a DoD Certificate Authority.

Rule ID

SV-234106r961596_rule

STIG

Tanium 7.3 Security Technical Implementation Guide

Version

V2R3

CCIs

CCI-002470

Discussion

The Tanium Server has the option to use a "self-signed" certificate or a Trusted Certificate Authority signed certificate for SSL connections. During evaluations of Tanium in Lab settings, customers often conclude that a "self-signed" certificate is an acceptable risk. However, in production environments it is critical that a SSL certificate signed by a Trusted Certificate Authority be used on the Tanium Server in lieu of an untrusted and insecure "self-signed" certificate.

Check Content

Using a web browser on a system, which has connectivity to the Tanium Application, access the Tanium Application web user interface (UI).

Log on with CAC.

When connected, review the Certificate for the Tanium Server:

In Internet Explorer, right-click on the page.

Select "Properties".

Click on the "Certificates" tab.

On the "General" tab, validate the Certificate shows as issued by a DOD Root CA.

On Certification "Path" tab, validate the path top-level is a DoD Root CA.

If the certificate authority is not DoD Root CA, this is a finding.

Fix Text

Request or regenerate the certificate from a DoD Root Certificate Authority.