STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to ISEC7 Sphere Security Technical Implementation Guide

V-224767

CAT I (High)

ISEC7 SPHERE must disable or delete local account created during application installation and configuration.

Rule ID

SV-224767r1013815_rule

STIG

ISEC7 Sphere Security Technical Implementation Guide

Version

V3R1

CCIs

CCI-000764

Discussion

The ISEC7 local account password complexity controls do not meet DOD requirements; therefore, admins have the capability to configure the account out of compliance, which could allow attacker to gain unauthorized access to the server and access to command MDM servers.

Check Content

Log in to the ISEC7 SPHERE console.
Navigate to Administration >> Configuration >> Account Management >> Users.
Select "Edit" next to the local account Admin.
Verify "Log in disabled" has been selected.

If "Log in disabled" has not been selected, this is a finding.

Fix Text

Log in to the ISEC7 SPHERE console.
Navigate to Administration >> Configuration  >> Account Management >> Users.
Select "Edit" next to the local account Admin.
Check "Log in disabled" for the account.
Click "Save".