CylanceON-PREM must be configured with only one local Role to be used by the account of last resort in the event the authentication server is unavailable.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-272633 | CYLN-OP-000510 | SV-272633r1113481_rule | Medium |
| Description |
| CylanceON-PREM uses a third-party identity provider (IDP) for access. The use of a "break glass" account is a critical failsafe measure for emergency situations where normal administrative access is unavailable. |
| STIG | Date |
| Arctic Wolf CylanceON-PREM Security Technical Implementation Guide | 2025-06-11 |
Details
| Check Text (C-76714r1112747_chk) |
| Verify only Administrator (break-glass user) role is local. 1. Log in to the admin console. 2. Navigate to ACCESS MANAGEMENT >> Role Management. 3. Observe the list of Roles. If any Roles other than break-glass/Admin Role exist, this is a finding. |
| Fix Text (F-76619r1113480_fix) |
| Remove any local Roles except for Administrator (break-glass user role). Administrator privileges are required. 1. Log in to the admin console. 2. Navigate to ACCESS MANAGEMENT >> Role Management. 3. Under "Action", click the trashcan icon. (Note: If users are associated with the Role, the trash can icon will not exist. The user will need to be deleted first. CYLN-OP-000685) 4. Click "Remove Role". |