Title

CylanceON-PREM must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable. (Cat II impact)

Discussion

there must not be local users/roles within CylanceON-PREM. Manually verifying local users and roles ensures that unauthorized users do not gain access to sensitive resources.

Check Content

Verify that only admin break-glass user is local. 1. Log in to the admin console. 2. Navigate to ACCESS MANAGEMENT >> User Management. 3. Observe the list of users. If any users other than break-glass/Admin user exist, this is a finding. If the break-glass/Admin user is using the default name or password, this is a finding.

Fix Text

Remove any local users except for the break-glass/Admin user. Administrator privileges are required. 1. Log in to the admin console. 2. Navigate to ACCESS MANAGEMENT >> User Management. 3. Under "Action", click the kebab icon. 4. Select "Delete". 5. Click "Remove User". Edit the break-glass/Admin user to not use a default name or password. Protect these credentials in accordance with internal policies.

Additional Identifiers

Rule ID: SV-272636r1113520_rule

Vulnerability ID: V-272636

Group Title: SRG-APP-000340

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.