The Tanium Action Approval feature must be enabled for two-person integrity when deploying actions to endpoints.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-253841	SRG-APP-000033	TANS-SV-000006	SV-253841r1067661_rule	2025-02-26	2

Description
The Tanium Action Approval feature provides a two-person integrity control mechanism designed to achieve a high level of security and reduce the possibility of error for critical operations. When this feature is enabled, an action configured by one Tanium console user will require a second Tanium console user with a role of Action Approver (or higher) to approve the action before it is deployed to targeted computers. While this system slows workflow, the reliability of actions deployed will be greater on the Packaging and Targeting. Satisfies: SRG-APP-000488

Description

The Tanium Action Approval feature provides a two-person integrity control mechanism designed to achieve a high level of security and reduce the possibility of error for critical operations. When this feature is enabled, an action configured by one Tanium console user will require a second Tanium console user with a role of Action Approver (or higher) to approve the action before it is deployed to targeted computers. While this system slows workflow, the reliability of actions deployed will be greater on the Packaging and Targeting. Satisfies: SRG-APP-000488

ℹ️ Check
1. Using a web browser on a system that has connectivity to the Tanium application, access the Tanium application web user interface (UI) and log on with multifactor authentication. 2. Click "Administration" on the top navigation banner. 3. Under "Configuration", select "Settings". 4. Click the "Advanced Settings" tab. 5. In the "Filter items" search box, type "require_action_approval". 6. Click "Enter". If no results are returned, this is a finding. If results are returned for "require_action_approval", but the value is not "1", this is a finding.

ℹ️ Check

1. Using a web browser on a system that has connectivity to the Tanium application, access the Tanium application web user interface (UI) and log on with multifactor authentication. 2. Click "Administration" on the top navigation banner. 3. Under "Configuration", select "Settings". 4. Click the "Advanced Settings" tab. 5. In the "Filter items" search box, type "require_action_approval". 6. Click "Enter". If no results are returned, this is a finding. If results are returned for "require_action_approval", but the value is not "1", this is a finding.

✔️ Fix
1. Using a web browser on a system that has connectivity to the Tanium application, access the Tanium application web UI and log on with multifactor authentication. 2. Click "Administration" on the top navigation banner. 3. Under "Configuration", select "Settings". 4. Click the "Advanced Settings" tab. 5. If "require_action_approval" does not exist, click "Create Setting". 6. Select "Server" box for "Setting Type". 7. In "Create Platform Setting" dialog box, enter "require_action_approval" for "Name". 8. Select "Numeric" radio button from "Value Type". 9. Select "Value" and enter "1". 10. Click "Save".

✔️ Fix

1. Using a web browser on a system that has connectivity to the Tanium application, access the Tanium application web UI and log on with multifactor authentication. 2. Click "Administration" on the top navigation banner. 3. Under "Configuration", select "Settings". 4. Click the "Advanced Settings" tab. 5. If "require_action_approval" does not exist, click "Create Setting". 6. Select "Server" box for "Setting Type". 7. In "Create Platform Setting" dialog box, enter "require_action_approval" for "Name". 8. Select "Numeric" radio button from "Value Type". 9. Select "Value" and enter "1". 10. Click "Save".