Other resources

Release Notes

Comply overview

With Comply, you can support your enterprise compliance goals at Tanium speed. Use Comply for operating system-level configuration checks and vulnerability scanning at scale using the Tanium architecture. It features the following benefits:

  • Utilizes benchmarks to evaluate operating systems and applications for configuration of password policies, file permissions, and other components
  • Supports Windows, macOS, Linux, AIX, and Solaris endpoints
  • Supports Center for Internet Security (CIS) and SCAP benchmarks
  • Enables custom checks and result mapping

Security Content Automation Protocol (SCAP)

Comply uses SCAP content to perform compliance checks. These specifications are derived from the input of a community of industry professionals working to advance automation and standardization of technical security operations.

Extensible Configuration Checklist Description Format (XCCDF)

Collection of security configuration rules (primarily composed of OVAL checks) applied against endpoints. XCCDF does not include commands to perform the scan; it is mostly descriptive. Rule evaluation is defined in OVAL. XCCDF files are sometimes called benchmarks or checklists.

Open Vulnerability and Assessment Language (OVAL)

A declarative language that defines how a rule is evaluated. OVAL makes logical assertions about the state of a system and is used to describe security vulnerabilities or desired configuration of systems.

Common Vulnerabilities and Exposures (CVE)

A public database of known vulnerabilities.

Vulnerability source

A path to a local Open Vulnerability and Assessment Language (OVAL) definitions file or a URL to a remote OVAL definitions file.

Custom check

An arbitrary PowerShell, VBScript, or UNIX shell script used to evaluate conditions on an endpoint.

Custom ID mapping

Maps custom check ID or XCCDF rule ID to arbitrary value. Helpful in mapping CIS content to some other policy or associating arbitrary tags with rules.


A package containing a ZIP file of all XCCDF benchmarks, custom check scripts, custom profile definitions, and optional custom ID mapping definition. A report includes the action to distribute to selected computer groups as well as the saved question to retrieve scan results from endpoints.

Tanium™ Connect

You can use Comply vulnerability reports as a connection source.