CylanceON-PREM must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-272636 | CYLN-OP-000685 | SV-272636r1113520_rule | CCI-002235 | medium |
| Description | ||||
| there must not be local users/roles within CylanceON-PREM. Manually verifying local users and roles ensures that unauthorized users do not gain access to sensitive resources. | ||||
| STIG | Date | |||
| Arctic Wolf CylanceON-PREM Security Technical Implementation Guide | 2025-06-11 | |||
Details
Check Text (C-272636r1113520_chk)
Verify that only admin break-glass user is local.
1. Log in to the admin console.
2. Navigate to ACCESS MANAGEMENT >> User Management.
3. Observe the list of users.
If any users other than break-glass/Admin user exist, this is a finding.
If the break-glass/Admin user is using the default name or password, this is a finding.
Fix Text (F-76622r1113519_fix)
Remove any local users except for the break-glass/Admin user. Administrator privileges are required.
1. Log in to the admin console.
2. Navigate to ACCESS MANAGEMENT >> User Management.
3. Under "Action", click the kebab icon.
4. Select "Delete".
5. Click "Remove User".
Edit the break-glass/Admin user to not use a default name or password. Protect these credentials in accordance with internal policies.