The Tanium documentation identifying recognized and trusted indicator of compromise (IOC) streams must be maintained.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-253842 | TANS-SV-000007 | SV-253842r997266_rule | CCI-001414 | medium |
| Description | ||||
| Using trusted and recognized IOC sources may detect compromise and prevent systems from becoming compromised. An IOC stream is a series or stream of IOCs that are imported from a vendor based on a subscription service. An IOC stream can be downloaded manually or on a scheduled basis. The items in an IOC stream can be manipulated separately after they are imported. | ||||
| STIG | Date | |||
| Tanium 7.x Security Technical Implementation Guide | 2025-05-14 | |||
Related Frameworks
3 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
AC-4
1.00
- DISA · V2R3 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1711 mapping
3.1.3
1.00
- DISA · V2R3 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-001414
1.00
- DISA · V2R3 · disa_xccdf · related
Details
Check Text (C-253842r997266_chk)
Consult with the Tanium system administrator to determine if the Threat Response module is being used. If it is not, this is not applicable.
Review the documented list of IOC trusted stream sources.
If the site uses an external source for IOCs and the IOC trusted stream source is not documented, this is a finding.
Fix Text (F-57245r842553_fix)
Prepare and maintain documentation identifying the Threat Response trusted stream sources.