ISEC7 SPHERE must disable or delete local account created during application installation and configuration.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| high | V-224767 | SRG-APP-000148 | ISEC-06-000660 | SV-224767r1013815_rule | 2024-08-20 | 3 |
Description
The ISEC7 local account password complexity controls do not meet DOD requirements; therefore, admins have the capability to configure the account out of compliance, which could allow attacker to gain unauthorized access to the server and access to command MDM servers.
ℹ️ Check
Log in to the ISEC7 SPHERE console.
Navigate to Administration >> Configuration >> Account Management >> Users.
Select "Edit" next to the local account Admin.
Verify "Log in disabled" has been selected.
If "Log in disabled" has not been selected, this is a finding.
✔️ Fix
Log in to the ISEC7 SPHERE console.
Navigate to Administration >> Configuration >> Account Management >> Users.
Select "Edit" next to the local account Admin.
Check "Log in disabled" for the account.
Click "Save".