Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Dragos Platform 2.x Security Technical Implementation Guide
DRAG-OT-000240
DRAG-OT-000240
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
DRAG-OT-000240
1 Rule
<GroupDescription></GroupDescription>
The Dragos Platform must only allow local administrative and service user accounts.
Medium Severity
<VulnDiscussion>Only two default accounts facilitate the initial setup and configuration of the Platform. These accounts provide immediate access to the system, allowing administrators to quickly get the system up and running without needing to create new user accounts during the initial installation phase. During maintenance, updates, or support operations, default accounts allow vendor support teams to access the system without needing to manage a variety of customer-specific accounts. This can streamline support activities and reduce downtime. Default accounts passwords need to be protected so they cannot be exploited by attackers to gain unauthorized access to the system. Satisfies: SRG-APP-000080, SRG-APP-000234 </VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>