STIG ID: APAS-AT-000050 | SRG: SRG-APP-000153-AS-000104 | Severity: medium | CCI: | Vulnerability Id: V-256906
Default superuser accounts, such as "root", are considered group authenticators. In the case of Automation Controller this is the "admin" account.
Log in to the Automation Controller web console as an administrator and navigate to Access >> Users.
Click the Username to be removed.
Select "Delete" and confirm.
Log in to the Automation Controller web console as an administrator and navigate to Access >> Users.
The only local user allowed is the default/breakglass "admin". All other users need to come from an external authentication source. If any other local users exist, this is a finding.