CylanceON-PREM must be configured with only one local Role to be used by the account of last resort in the event the authentication server is unavailable.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-272633	SRG-APP-000233	CYLN-OP-000510	SV-272633r1113481_rule	2025-06-11	1

Description
CylanceON-PREM uses a third-party identity provider (IDP) for access. The use of a "break glass" account is a critical failsafe measure for emergency situations where normal administrative access is unavailable.

ℹ️ Check
Verify only Administrator (break-glass user) role is local. 1. Log in to the admin console. 2. Navigate to ACCESS MANAGEMENT >> Role Management. 3. Observe the list of Roles. If any Roles other than break-glass/Admin Role exist, this is a finding.

✔️ Fix
Remove any local Roles except for Administrator (break-glass user role). Administrator privileges are required. 1. Log in to the admin console. 2. Navigate to ACCESS MANAGEMENT >> Role Management. 3. Under "Action", click the trashcan icon. (Note: If users are associated with the Role, the trash can icon will not exist. The user will need to be deleted first. CYLN-OP-000685) 4. Click "Remove Role".

✔️ Fix

Remove any local Roles except for Administrator (break-glass user role). Administrator privileges are required. 1. Log in to the admin console. 2. Navigate to ACCESS MANAGEMENT >> Role Management. 3. Under "Action", click the trashcan icon. (Note: If users are associated with the Role, the trash can icon will not exist. The user will need to be deleted first. CYLN-OP-000685) 4. Click "Remove Role".