Skip to content
Log In

Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-APP-000148-CTR-000335

    Group
    Show

  • All Prisma Cloud Compute users must have a unique, individual account.

    Prisma Cloud Compute does not have a default account. During installation, the installer creates an administrator. This account can be removed once other accounts have been added. To ensure account...
    Rule Medium Severity
    Show

  • SRG-APP-000148-CTR-000345

    Group
    Show

  • Prisma Cloud Compute Console must run as nonroot user (uid 2674).

    Containers not requiring root-level permissions must run as a unique user account. To ensure accountability and prevent unauthenticated access to containers, the user the container is using to exec...
    Rule Medium Severity
    Show

  • SRG-APP-000153-CTR-000375

    Group
    Show

  • SRG-APP-000164-CTR-000400

    Group
    Show

  • SRG-APP-000177-CTR-000465

    Group
    Show

  • Prisma Cloud Compute must be configured to require local user accounts to use x.509 multifactor authentication.

    Without the use of multifactor authentication, the ease of access to privileged functions is greatly increased. Multifactor authentication requires using two or more factors to achieve authenticat...
    Rule Medium Severity
    Show

  • SRG-APP-000243-CTR-000595

    Group
    Show

  • Prisma Cloud Compute must prevent unauthorized and unintended information transfer.

    Prisma Cloud Compute Compliance policies must be enabled to ensure running containers do not access privileged resources. Satisfies: SRG-APP-000243-CTR-000595, SRG-APP-000243-CTR-000600, SRG-APP-0...
    Rule Medium Severity
    Show

  • SRG-APP-000266-CTR-000625

    Group
    Show

  • SRG-APP-000357-CTR-000800

    Group
    Show

  • SRG-APP-000384-CTR-000915

    Group
    Show

  • SRG-APP-000384-CTR-000915

    Group
    Show

  • Prisma Cloud Compute must be configured to scan images that have not been instantiated as containers.

    Prisma Cloud Compute ships with "only scan images with running containers" set to "on". To meet the requirements, "only scan images with running containers" must be set to "off" to disable or remov...
    Rule High Severity
    Show

  • SRG-APP-000390-CTR-000930

    Group
    Show

  • Prisma Cloud Compute Defender must reestablish communication to the Console via mutual TLS v1.2 WebSocket session.

    When the secure WebSocket session between the Prisma Cloud Compute Console and Defenders is disconnected, the Defender will continually attempt to reestablish the session. Without reauthentication,...
    Rule Medium Severity
    Show

  • SRG-APP-000414-CTR-001010

    Group
    Show

  • Prisma Cloud Compute Defender containers must run as root.

    In certain situations, the nature of the vulnerability scanning may be more intrusive, or the container platform component that is the subject of the scanning may contain highly sensitive informati...
    Rule Medium Severity
    Show

  • SRG-APP-000431-CTR-001065

    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules