Comply is licensed for installation as a component of the Tanium Server. To obtain a license, see your Tanium Technical Account Manager (TAM).

System requirements

  • Microsoft Windows 7 or later
  • Microsoft Windows Server 2008 or later
  • Red Hat Enterprise Linux and CentOS 5 through 7
  • Debian 6
  • Ubuntu 12.04, 14.04, and 16.04
  • Apple Mac OS X 10.11 and 10.12

Installation prerequisites

Before installing Comply, you need to have a service account with Tanium Administrator credentials. You must also have the Tanium Module server running.

At least one scan engine is required to use Comply, but more than one can be uploaded and used if desired. Comply 1.7.4 and later ships with the Joval engine; however, there is no content included with that engine. You can upload other engines if required. See Importing scan engines. CIS-CAT, Joval, and SCC engines are currently supported by Comply. To use CIS-CAT or Joval, a JRE (Java Runtime Environment) must also be provided.

User roles

Tanium Server 7.0

The following user roles are supported in Comply on Tanium Server 7.0:


Has all privileges in Comply, including installing or uninstalling Comply.

Content Administrator

Has all privileges in Comply with the exception of installing or uninstalling Comply.

Question Author

Can view reports, drill down into reports, and create report exports.

Tanium Server 7.1 and later

Comply 1.4 introduces role-based access control (RBAC) permissions that control access to Comply functions.

Comply Admin

Has all privileges in Comply, including collecting support bundles and managing Comply Application Settings.

Comply Deployment Administrator

Can upload engines and distribute them via deployment; can read and write report content.

Comply Report Content Administrator

Can read and write the following:

  • Configuration compliance benchmarks
  • Vulnerability sources
  • All custom compliance and vulnerability content except custom checks

Comply Report Administrator

Can read custom report content including benchmarks, vulnerability sources, and all custom content; can read report results; only role (other than Comply Admin) that can create and delete reports.

Comply Report Reviewer

Can read custom content, reports, and report results.

Comply Custom Check Writer

Only role (other than Comply Admin) that can create and delete custom checks; can read custom content.

Table 1:   Comply User Role Privileges
Privilege Comply Admin Comply Deployment Administrator Comply Report Content Administrator Comply Report Administrator Comply Report Reviewer Comply Custom Check Writer
Manage engines
Manage deployments
Manage custom checks
Manage benchmarks
Manage vulnerability sources
Manage custom ID mappings
Manage custom profiles
Manage reports
Read benchmarks
Read vulnerability sources
Read custom check
Read custom ID mappings
Read custom profiles
Review report results

Last updated: 11/6/2018 4:20 PM | Feedback