ISEC7 SPHERE must disable or delete local account created during application installation and configuration.
An XCCDF Rule
Description
The ISEC7 local account password complexity controls do not meet DOD requirements; therefore, admins have the capability to configure the account out of compliance, which could allow attacker to gain unauthorized access to the server and access to command MDM servers.
- ID
- SV-224767r1013815_rule
- Version
- ISEC-06-000660
- Severity
- High
- References
- Updated
Remediation Templates
A Manual Procedure
Log in to the ISEC7 SPHERE console.
Navigate to Administration >> Configuration >> Account Management >> Users.
Select "Edit" next to the local account Admin.
Check "Log in disabled" for the account.
Click "Save".