CylanceON-PREM must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-272636 | SRG-APP-000340 | CYLN-OP-000685 | SV-272636r1113520_rule | 2025-06-11 | 1 |
Description
there must not be local users/roles within CylanceON-PREM. Manually verifying local users and roles ensures that unauthorized users do not gain access to sensitive resources.
ℹ️ Check
Verify that only admin break-glass user is local.
1. Log in to the admin console.
2. Navigate to ACCESS MANAGEMENT >> User Management.
3. Observe the list of users.
If any users other than break-glass/Admin user exist, this is a finding.
If the break-glass/Admin user is using the default name or password, this is a finding.
✔️ Fix
Remove any local users except for the break-glass/Admin user. Administrator privileges are required.
1. Log in to the admin console.
2. Navigate to ACCESS MANAGEMENT >> User Management.
3. Under "Action", click the kebab icon.
4. Select "Delete".
5. Click "Remove User".
Edit the break-glass/Admin user to not use a default name or password. Protect these credentials in accordance with internal policies.