Comply is licensed for installation as a component of the Tanium Server. To obtain a license, see your Tanium Technical Account Manager (TAM).
- Microsoft Windows 7 or later
- Microsoft Windows Server 2008 or later
- Red Hat Enterprise Linux and CentOS 5 through 7
- Debian 6
- Ubuntu 12.04 and 14.04
- Apple Mac OS X 10.11
Before installing Comply, you need to have a service account with Tanium Administrator credentials. You must also have the Tanium Module server running.
At least one of the following scan engines is required to use Comply:
See Importing scan engines for more information about downloading these scan engines.
Tanium Server 7.0
The following user roles are supported in Comply on Tanium Server 7.0:
Has all privileges in Comply, including installing or uninstalling Comply.
Has all privileges in Comply with the exception of installing or uninstalling Comply.
Can view reports, drill down into reports, and create report exports.
Tanium Server 7.1 and later
Comply 1.4 introduces role-based access control (RBAC) permissions that control access to Comply functions.
Has all privileges in Comply, including collecting support bundles and managing Comply Application Settings.
Comply Deployment Administrator
Can upload engines and distribute them via deployment; can read and write report content.
Comply Report Content Administrator
Can read and write the following:
- Configuration compliance benchmarks
- Vulnerability sources
- All custom compliance and vulnerability content except custom checks
Comply Report Administrator
Can read custom report content including benchmarks, vulnerability sources, and all custom content; can read report results; only role (other than Comply Admin) that can create and delete reports.
Comply Report Reviewer
Can read custom content, reports, and report results.
Comply Custom Check Writer
Only role (other than Comply Admin) that can create and delete custom checks; can read custom content.
|Privilege||Comply Admin||Comply Deployment Administrator||Comply Report Content Administrator||Comply Report Administrator||Comply Report Reviewer||Comply Custom Check Writer|
|Manage custom checks|
|Manage vulnerability sources|
|Manage custom ID mappings|
|Manage custom profiles|
|Read vulnerability sources|
|Read custom check|
|Read custom ID mappings|
|Read custom profiles|
|Review report results|
Tanium Comply assesses endpoints using Center for Internet Security (CIS) benchmarks and the Center for Internet Security Configuration Assessment (CIS-CAT) tool, both of which are available to members of CIS. You will need to download the benchmark bundle from CIS before getting started with Tanium Comply.
Note: Comply does not currently support any checks that require authentication such as database server scans and does not provide its own compliance scanning engine.
Last updated: 7/20/2018 2:38 PM | Feedback