CylanceON-PREM must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-272636 | CYLN-OP-000685 | SV-272636r1113520_rule | Medium |
| Description |
| there must not be local users/roles within CylanceON-PREM. Manually verifying local users and roles ensures that unauthorized users do not gain access to sensitive resources. |
| STIG | Date |
| Arctic Wolf CylanceON-PREM Security Technical Implementation Guide | 2025-06-11 |
Details
| Check Text (C-76717r1112756_chk) |
| Verify that only admin break-glass user is local. 1. Log in to the admin console. 2. Navigate to ACCESS MANAGEMENT >> User Management. 3. Observe the list of users. If any users other than break-glass/Admin user exist, this is a finding. If the break-glass/Admin user is using the default name or password, this is a finding. |
| Fix Text (F-76622r1113519_fix) |
| Remove any local users except for the break-glass/Admin user. Administrator privileges are required. 1. Log in to the admin console. 2. Navigate to ACCESS MANAGEMENT >> User Management. 3. Under "Action", click the kebab icon. 4. Select "Delete". 5. Click "Remove User". Edit the break-glass/Admin user to not use a default name or password. Protect these credentials in accordance with internal policies. |