CylanceON-PREM must be configured with only one local Role to be used by the account of last resort in the event the authentication server is unavailable.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-272633 | CYLN-OP-000510 | SV-272633r1113481_rule | CCI-001084 | medium |
| Description | ||||
| CylanceON-PREM uses a third-party identity provider (IDP) for access. The use of a "break glass" account is a critical failsafe measure for emergency situations where normal administrative access is unavailable. | ||||
| STIG | Date | |||
| Arctic Wolf CylanceON-PREM Security Technical Implementation Guide | 2025-06-11 | |||
Details
Check Text (C-272633r1113481_chk)
Verify only Administrator (break-glass user) role is local.
1. Log in to the admin console.
2. Navigate to ACCESS MANAGEMENT >> Role Management.
3. Observe the list of Roles.
If any Roles other than break-glass/Admin Role exist, this is a finding.
Fix Text (F-76619r1113480_fix)
Remove any local Roles except for Administrator (break-glass user role). Administrator privileges are required.
1. Log in to the admin console.
2. Navigate to ACCESS MANAGEMENT >> Role Management.
3. Under "Action", click the trashcan icon.
(Note: If users are associated with the Role, the trash can icon will not exist. The user will need to be deleted first. CYLN-OP-000685)
4. Click "Remove Role".