Splunk Enterprise must have all local user accounts removed after implementing organizational level user management system, except for one emergency account of last resort.

Description

<VulnDiscussion>User accounts should use an organizational level authentication mechanism such as SAML, LDAP, AD, etc., to provide centralized management. The use of local accounts should be discouraged, except for an emergency account of last resort. The use of local accounts instead of organizational level accounts creates a risk where accounts are not properly disabled or deleted when users depart or their roles change.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>