CylanceON-PREM must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-272636	SRG-APP-000340	CYLN-OP-000685	SV-272636r1113520_rule	2025-06-11	1

Description
there must not be local users/roles within CylanceON-PREM. Manually verifying local users and roles ensures that unauthorized users do not gain access to sensitive resources.

ℹ️ Check
Verify that only admin break-glass user is local. 1. Log in to the admin console. 2. Navigate to ACCESS MANAGEMENT >> User Management. 3. Observe the list of users. If any users other than break-glass/Admin user exist, this is a finding. If the break-glass/Admin user is using the default name or password, this is a finding.

✔️ Fix
Remove any local users except for the break-glass/Admin user. Administrator privileges are required. 1. Log in to the admin console. 2. Navigate to ACCESS MANAGEMENT >> User Management. 3. Under "Action", click the kebab icon. 4. Select "Delete". 5. Click "Remove User". Edit the break-glass/Admin user to not use a default name or password. Protect these credentials in accordance with internal policies.

✔️ Fix

Remove any local users except for the break-glass/Admin user. Administrator privileges are required. 1. Log in to the admin console. 2. Navigate to ACCESS MANAGEMENT >> User Management. 3. Under "Action", click the kebab icon. 4. Select "Delete". 5. Click "Remove User". Edit the break-glass/Admin user to not use a default name or password. Protect these credentials in accordance with internal policies.