STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 4 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← Back to STIGs

Tanium 7.x Operating System on TanOS Security Technical Implementation Guide

Version

V2R2

Release Date

Feb 11, 2025

SCAP Benchmark ID

Tanium_7-x_OS_TanOS_STIG

Total Checks

31

Tags

other

CAT I: 2CAT II: 29CAT III: 0

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKL Export CSV Export JSON Download STIG ZIP

Checks (31)

V-254839MEDIUMThe Tanium Operating System (TanOS) must enforce the limit of three consecutive invalid logon attempts by a user during a 15 minute time period.V-254840MEDIUMThe Tanium Operating System (TanOS) must display the Standard Mandatory DOD Notice and Consent Banner before granting access to the system.V-254841MEDIUMThe Tanium Operating System (TanOS) must limit the number of concurrent sessions to an organization-defined number for all accounts and/or account types.V-254842MEDIUMThe Tanium operating system (TanOS) must alert the ISSO and SA (at a minimum) in the event of an audit processing failure.V-254843MEDIUMThe Tanium Operating System (TanOS) must enforce 24 hours/one day as the maximum password lifetime.V-254844MEDIUMThe Tanium Operating System (TanOS) must enforce a 60-day maximum password lifetime restriction.V-254846MEDIUMThe Tanium Operating System (TanOS) must enforce a minimum 15-character password length.V-254847HIGHThe Tanium Operating System (TanOS) must use multifactor authentication for network access to privileged accounts.V-254848MEDIUMThe Tanium Operating System (TanOS) must use multifactor authentication for network access to nonprivileged accounts.V-254849MEDIUMThe Tanium Operating System (TanOS) must use FIPS-validated SHA-2 or higher hash function to protect the integrity of hash message authentication code (HMAC), Key Derivation Functions (KDFs), Random Bit Generation, and hash-only applications.V-254851MEDIUMThe Tanium Operating System (TanOS) must manage excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of denial-of-service (DoS) attacks.V-254852MEDIUMTanium Operating System (TanOS) must terminate all network connections associated with a communications session at the end of the session, or as follows: For in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity; for user sessions (nonprivileged session), the session must be terminated after 15 minutes of inactivity, except to fulfill documented and validated mission requirements.V-254853MEDIUMThe Tanium Operating System (TanOS) must use FIPS-validated encryption and hashing algorithms to protect the confidentiality and integrity of operating system configuration and user-generated data stored on the host.V-254854MEDIUMThe Tanium Operating System (TanOS) must notify the ISSO and ISSM of failed security verification tests.V-254855MEDIUMThe publicly accessible Tanium Operating System (TanOS) must display the Standard Mandatory DOD Notice and Consent Banner before granting access to the system.V-254856MEDIUMThe Tanium Operating System (TanOS) must notify system administrators (SAs) and information system security officers (ISSOs) when accounts are created.V-254857MEDIUMThe Tanium Operating System (TanOS) must audit and notify system administrators (SAs) and information system security officers (ISSOs) when accounts are modified.V-254858MEDIUMThe Tanium Operating System (TanOS) must notify system administrators (SAs) and information system security officers (ISSOs) when accounts are removed.V-254859MEDIUMTanium Operating System (TanOS) must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.V-254860MEDIUMTanium must audit and notify system administrators (SAs) and information system security officers (ISSOs) when accounts are enabled.V-254861MEDIUMTanium must automatically lock accounts and require them be unlocked by an administrator when three unsuccessful login attempts in 15 minutes are exceeded.V-254862MEDIUMThe Tanium operating system (TanOS) must offload audit records onto a different system or media than the system being audited.V-254863MEDIUMThe Tanium operating system (TanOS) must provide an immediate warning to the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity.V-254864MEDIUMThe Tanium operating system (TanOS) must provide an immediate real-time alert to the SA and ISSO, at a minimum, of all audit failure events requiring real-time alerts.V-254865MEDIUMThe Tanium operating system (TanOS) must, for networked systems, compare internal information system clocks at least every 24 hours with a server synchronized to one of the redundant United States Naval Observatory (USNO) time servers or a time server designated for the appropriate DOD network (NIPRNet/SIPRNet), and/or the Global Positioning System (GPS).V-254866MEDIUMThe Tanium Operating System (TanOS) must synchronize internal information system clocks to the authoritative time source when the time difference is greater than the organization-defined time period.V-254867MEDIUMThe Tanium Operating System (TanOS) must be configured to synchronize internal information system clocks with the primary and secondary time sources located in different geographic regions using redundant authoritative time sources.V-254868MEDIUMThe Tanium operating system (TanOS) must perform data integrity verification on the name/address resolution responses the system receives from authoritative sources.V-254869MEDIUMThe Tanium operating system (TanOS) must perform data origin verification authentication on the name/address resolution responses the system receives from authoritative sources.V-254871MEDIUMThe Tanium operating system (TanOS) must install security-relevant software updates within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).V-254873HIGHThe Tanium Operating System (TanOS) must use a FIPS-validated cryptographic module to provision digital signatures.