Title

CylanceON-PREM must be configured with only one local Role to be used by the account of last resort in the event the authentication server is unavailable. (Cat II impact)

Discussion

CylanceON-PREM uses a third-party identity provider (IDP) for access. The use of a "break glass" account is a critical failsafe measure for emergency situations where normal administrative access is unavailable.

Check Content

Verify only Administrator (break-glass user) role is local. 1. Log in to the admin console. 2. Navigate to ACCESS MANAGEMENT >> Role Management. 3. Observe the list of Roles. If any Roles other than break-glass/Admin Role exist, this is a finding.

Fix Text

Remove any local Roles except for Administrator (break-glass user role). Administrator privileges are required. 1. Log in to the admin console. 2. Navigate to ACCESS MANAGEMENT >> Role Management. 3. Under "Action", click the trashcan icon. (Note: If users are associated with the Role, the trash can icon will not exist. The user will need to be deleted first. CYLN-OP-000685) 4. Click "Remove Role".

Additional Identifiers

Rule ID: SV-272633r1113481_rule

Vulnerability ID: V-272633

Group Title: SRG-APP-000233

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.