The Tanium application must restrict the ability of individuals to use information systems to launch organization-defined denial-of-service (DoS) attacks against other information systems.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-254919	SRG-APP-000246	TANS-AP-000630	SV-254919r1067705_rule	2025-02-11	2

Description
The Tanium Action Approval feature provides a two-person integrity control mechanism designed to achieve a high-level of security and reduce the possibility of error for critical operations and DoS conditions. When this feature is enabled, an action configured by one Tanium console user will require a second Tanium console user with a role of Action Approver (or higher) to approve the action before it is deployed to targeted computers.

Description

The Tanium Action Approval feature provides a two-person integrity control mechanism designed to achieve a high-level of security and reduce the possibility of error for critical operations and DoS conditions. When this feature is enabled, an action configured by one Tanium console user will require a second Tanium console user with a role of Action Approver (or higher) to approve the action before it is deployed to targeted computers.

ℹ️ Check
1. Using a web browser on a system that has connectivity to the Tanium Application, access the Tanium Application web user interface (UI) and log on with multifactor authentication. 2. Click "Administration" on the top navigation banner. 3. Under "Configuration", select "Settings". 4. Click the "Advanced Settings" tab. 5. In the "Filter items" search box, type "require_action_approval". 6. Click "Enter". If no results are returned, this is a finding. If results are returned for "require_action_approval", but the value is not "1", this is a finding.

ℹ️ Check

1. Using a web browser on a system that has connectivity to the Tanium Application, access the Tanium Application web user interface (UI) and log on with multifactor authentication. 2. Click "Administration" on the top navigation banner. 3. Under "Configuration", select "Settings". 4. Click the "Advanced Settings" tab. 5. In the "Filter items" search box, type "require_action_approval". 6. Click "Enter". If no results are returned, this is a finding. If results are returned for "require_action_approval", but the value is not "1", this is a finding.

✔️ Fix
1. Using a web browser on a system that has connectivity to the Tanium Application, access the Tanium Application web user interface (UI) and log on with multifactor authentication. 2. Click "Administration" on the top navigation banner. 3. Under "Configuration", select "Settings". 4. Click the "Advanced Settings" tab. 5. Click "Create Setting". 6. Select "Server" for "Setting Type". 7. In "Create Platform Setting" dialog box, enter "require_action_approval" does not exist: Flag" for " Name". 8. Select the "Numeric" radio button for "Value Type". 9. Enter "1" for "Value". 10. Click "Save".

✔️ Fix

1. Using a web browser on a system that has connectivity to the Tanium Application, access the Tanium Application web user interface (UI) and log on with multifactor authentication. 2. Click "Administration" on the top navigation banner. 3. Under "Configuration", select "Settings". 4. Click the "Advanced Settings" tab. 5. Click "Create Setting". 6. Select "Server" for "Setting Type". 7. In "Create Platform Setting" dialog box, enter "require_action_approval" does not exist: Flag" for " Name". 8. Select the "Numeric" radio button for "Value Type". 9. Enter "1" for "Value". 10. Click "Save".