Custom Compliance Reporting - Tech Talks #109

In this Tech Talk, Ashley welcomes Alysson De Almeida Silva, a director on the Technical Account Management team and a compliance and vulnerability management expert. Alysson joins the show to discuss custom audit compliance reporting using Tanium Comply. They cover how to customize CIS benchmarks, create custom checks, and generate assessments and reports.

Introduction to custom compliance reporting

Tanium Comply allows customization of CIS benchmarks to align with specific organizational policies, such as adjusting password length requirements.

Documentation and levels of maturity: Tanium provides documentation to guide users through different levels of compliance maturity, from basic installation to creating custom standards and automated reports.

Creating custom profiles: Users can create custom profiles by modifying existing CIS benchmarks to fit their policy needs, such as changing password length requirements.

Implementing custom checks: Custom checks can be created using scripts to verify configurations not covered by CIS benchmarks, such as ensuring specific software is running.

Running assessments: After creating custom profiles and checks, users can run assessments to verify compliance across their environment, scheduling them as needed.

Reporting and mapping results: Results from assessments can be mapped to other standards or custom policies, and reports can be generated and automated through Tanium Connect.

More resources

• Maturity matrix for Tanium Comply
• Customizing Comply
• Tanium Connect – Tech Talks #61