The Tanium documentation identifying recognized and trusted folders for Threat Response Local Directory Source must be maintained.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-254889 | TANS-AP-000140 | SV-254889r960804_rule | CCI-001414 | medium |
| Description | ||||
| Using trusted and recognized IOC sources may detect and prevent systems from becoming compromised. An IOC stream is a series or stream of IOCs that are imported from a vendor based on a subscription service or manually downloaded and placed in a folder. Threat Response can be configured to retrieve the IOC content on a regularly scheduled basis. The items in an IOC stream can be separately manipulated after they are imported. | ||||
| STIG | Date | |||
| Tanium 7.x Application on TanOS Security Technical Implementation Guide | 2025-02-11 | |||
Related Frameworks
3 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
AC-4
1.00
- DISA · V2R2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1711 mapping
3.1.3
1.00
- DISA · V2R2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-001414
1.00
- DISA · V2R2 · disa_xccdf · related
Details
Check Text (C-254889r960804_chk)
Consult with the Tanium System Administrator to review the documented list of folder maintainers for Threat Response Local Directory Source.
If the site does not leverage Local Directory Source to import IOCs, this finding is Not Applicable.
If the site does use Local Directory Source to import IOCs and the folder maintainers are not documented, this is a finding.
Fix Text (F-58446r867566_fix)
Prepare and maintain documentation identifying the Tanium Threat Response Local Directory Source maintainers.