Comply is licensed for installation as a component of the Tanium Server. To obtain a license, see your Tanium Technical Account Manager (TAM).
- Microsoft Windows 7 or later
- Microsoft Windows Server 2008 or later
- Red Hat Enterprise Linux and CentOS 5 through 7
- Debian 6
- Ubuntu 12.04, 14.04, and 16.04
- Apple Mac OS X 10.11 and 10.12
Before installing Comply, you need to have a service account with Tanium Administrator credentials. You must also have the Tanium Module server running.
At least one scan engine is required to use Comply, but more than one can be uploaded and used if desired. Comply 1.7.4 and later ships with the Joval engine; however, there is no content included with that engine. You can upload other engines if required. See Importing scan engines. CIS-CAT, Joval, and SCC engines are currently supported by Comply. To use CIS-CAT or Joval, a JRE (Java Runtime Environment) must also be provided.
Tanium Server 7.0
The following user roles are supported in Comply on Tanium Server 7.0:
Has all privileges in Comply, including installing or uninstalling Comply.
Has all privileges in Comply with the exception of installing or uninstalling Comply.
Can view reports, drill down into reports, and create report exports.
Tanium Server 7.1 and later
Comply 1.4 introduces role-based access control (RBAC) permissions that control access to Comply functions.
Has all privileges in Comply, including collecting support bundles and managing Comply Application Settings.
Comply Deployment Administrator
Can upload engines and distribute them via deployment; can read and write report content.
Comply Report Content Administrator
Can read and write the following:
- Configuration compliance benchmarks
- Vulnerability sources
- All custom compliance and vulnerability content except custom checks
Comply Report Administrator
Can read custom report content including benchmarks, vulnerability sources, and all custom content; can read report results; only role (other than Comply Admin) that can create and delete reports.
Comply Report Reviewer
Can read custom content, reports, and report results.
Comply Custom Check Writer
Only role (other than Comply Admin) that can create and delete custom checks; can read custom content.
|Privilege||Comply Admin||Comply Deployment Administrator||Comply Report Content Administrator||Comply Report Administrator||Comply Report Reviewer||Comply Custom Check Writer|
|Manage custom checks|
|Manage vulnerability sources|
|Manage custom ID mappings|
|Manage custom profiles|
|Read vulnerability sources|
|Read custom check|
|Read custom ID mappings|
|Read custom profiles|
|Review report results|
Last updated: 9/25/2018 1:22 PM | Feedback