STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to ISEC7 Sphere Security Technical Implementation Guide

V-224767

CAT I (High)

ISEC7 SPHERE must disable or delete local account created during application installation and configuration.

Rule ID

SV-224767r1013815_rule

STIG

ISEC7 Sphere Security Technical Implementation Guide

Version

V3R1

CCIs

CCI-000764

Discussion

The ISEC7 local account password complexity controls do not meet DOD requirements; therefore, admins have the capability to configure the account out of compliance, which could allow attacker to gain unauthorized access to the server and access to command MDM servers.

Check Content

Log in to the ISEC7 SPHERE console.
Navigate to Administration >> Configuration >> Account Management >> Users.
Select "Edit" next to the local account Admin.
Verify "Log in disabled" has been selected.

If "Log in disabled" has not been selected, this is a finding.

Fix Text

Log in to the ISEC7 SPHERE console.
Navigate to Administration >> Configuration  >> Account Management >> Users.
Select "Edit" next to the local account Admin.
Check "Log in disabled" for the account.
Click "Save".