Installing Comply

You can install Comply from the Tanium Solutions page.

Before you begin

  • Review Comply requirements.
  • If you are upgrading from a previous version, see Upgrade Comply.
  • You must be assigned the Administrator reserved role to import the Tanium Comply solution.

Import solution

Import Comply from the Tanium Solutions page.

  1. From the Main menu, click Tanium Solutions.

  2. Under Tanium Comply, click Import Version.

    Tanium Comply is a licensed solution. If Comply is not on the Tanium Solutions page, contact your Technical Account Manager (TAM).

  3. In the Content Import Preview window, you can expand the package to review the Tanium content that is being installed. Click Proceed with Import.

  4. After the installation process completes, refresh your browser.
  5. From the Main menu, click Comply. The Comply Home page is displayed.

Upgrade Comply

  1. From the Main menu, click Tanium Solutions.
  2. In the Comply section, click Upgrade to <version>.
  3. Click OK.

    The Import Solution window opens with a list of all the changes and import options.

  4. Click Proceed with Import.
  5. Depending on your Tanium Server configuration, either enter your password or click Yes to proceed.
  6. To confirm the upgrade, return to the Tanium Solutions page and check the Installed version for Comply.

    If the new version is not displayed, try refreshing the Tanium Solutions page.

When you upgrade Comply, a red error message will be displayed if a deployment's tools are out of date. To deploy the latest tools to deployments with this error, click Redeploy. This will upgrade the tools on endpoints to the latest version the next time the tools installation action runs.



Set up Comply

The Comply Home page shows statistics, reports, errors, and initial tasks. The Home page guides you through the following tasks you need to complete before using Comply:

  • Configure service account
  • Upload engines
  • Create deployments
  • Create reports

Use the Manage Home Page link at the top right of the page to configure the sections you see on startup. You might not need to see each section once you have completed the initial tasks.

Reports and statistics on the Comply Home page might not be updated immediately with current results since this data is updated every 10 minutes.

Create a service account

A service account is required to run background Comply functions such as populating Home page data. You will see a Required Comply Settings: Set Service Account yellow banner across the top of the Comply Home page if no service account is configured.


This user must have the following roles and access configured:

  1. From the Comply Home page, in the Configuration Progress section, click the Configure Service Account step and click Configure Service Account.
  2. Enter the Tanium credentials and click Save.
  3. Another way to configure the service account is by clicking Configure Now in the yellow banner that displays if the service account is not configured. You also can set or update the service account from the Comply settings. Click Settings and update the service account settings in the Service Account section. Click Save.

Upload scan engines

Scan engines are used to evaluate OVAL or SCAP content and generate configuration compliance and vulnerability reports. At least one scan engine is required to use Comply, but more than one can be uploaded and used if desired. Comply 1.7.4 and later ships with the Joval engine; however, there is no content included with that engine. You can upload other engines if required. See Importing scan engines. CIS-CAT, Joval, and SCC engines are currently supported by Comply. To use CIS-CAT or Joval, a Java Runtime Environment (JRE) must also be provided. CIS-CAT and Joval also require PowerShell and do not work if PowerShell is in the ConstrainedLanguage language mode.

Last updated: 10/15/2019 3:50 PM | Feedback