Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Prisma Cloud Compute must run within a defined/separate namespace (e.g., Twistlock).
Namespaces are a key boundary for network policies, orchestrator access control restrictions, and other important security controls. Prisma Cloud Compute containers running within a separate and ex...Rule Medium Severity -
SRG-APP-000439-CTR-001080
Group -
SRG-APP-000454-CTR-001110
Group -
SRG-APP-000456-CTR-001130
Group -
Prisma Cloud Compute's Intelligence Stream must be kept up to date.
The Prisma Cloud Compute Console pulls the latest vulnerability and threat information from the Intelligence Stream (intelligence.twistlock.com). The Prisma Cloud Intelligence Stream provides timel...Rule Medium Severity -
SRG-APP-000473-CTR-001175
Group -
SRG-APP-000610-CTR-001385
Group -
Prisma Cloud Compute Console must use TLS 1.2 for user interface and API access. Communication TCP ports must adhere to the Ports, Protocols, and Services Management Category Assurance Levels (PSSM CAL).
Communication to Prisma Cloud Compute Console's User Interface (UI) and API is protected by TLS v1.2+ (HTTPS). By default, only HTTPS communication to the Console's UI and API endpoints is enabled....Rule High Severity -
Prisma Cloud Compute Collections must be used to partition views and enforce organizational-defined need-to-know access.
Prisma Cloud Compute Collections are used to scope rules to target specific resources in an environment, partition views, and enforce which views specific users and groups can access. Collections c...Rule Medium Severity -
Prisma Cloud Compute Cloud Native Network Firewall (CNNF) automatically monitors layer 4 (TCP) intercontainer communications. Enforcement policies must be created.
Network segmentation and compartmentalization are important parts of a comprehensive defense-in-depth strategy. CNNF works as an east-west firewall for containers. It limits damage by preventing at...Rule High Severity -
Prisma Cloud Compute must be configured for forensic data collection.
Prisma Cloud Compute correlates raw audit data to actionable security intelligence, enabling a more rapid and effective response to incidents. This reduces the manual, time-consuming task of correl...Rule Medium Severity -
The configuration integrity of the container platform must be ensured and compliance policies must be configured.
Consistent application of Prisma Cloud Compute compliance policies ensures the continual application of policies and the associated effects. Prisma Cloud Compute's configurations must be monitored ...Rule High Severity -
Images stored within the container registry must contain only images to be run as containers within the container platform.
The Prisma Cloud Compute Trusted Images feature allows the declaration, by policy, of which registries, repositories, and images to trust and how to respond when untrusted images are started in the...Rule Medium Severity -
Prisma Cloud Compute must be configured with unique user accounts.
Sharing accounts, such as group accounts, reduces the accountability and integrity of Prisma Cloud Compute.Rule Medium Severity -
Prisma Cloud Compute local accounts must enforce strong password requirements.
Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resistin...Rule Medium Severity -
Prisma Cloud Compute must not write sensitive data to event logs.
The determination of what is sensitive data varies from organization to organization. The organization must ensure the recipients for the event log information have a need to know and the log is sa...Rule Medium Severity -
The node that runs Prisma Cloud Compute containers must have sufficient disk space to allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.
To ensure sufficient storage capacity in which to write the audit logs, Prisma Cloud compute must be able to allocate audit record storage capacity.Rule Medium Severity -
The configuration integrity of the container platform must be ensured and vulnerabilities policies must be configured.
Prisma Cloud Compute's vulnerabilities defense is the set of features that provides both predictive and threat-based active protection for running containers. Consistent application of Prisma Clou...Rule High Severity -
Prisma Cloud Compute must protect the confidentiality and integrity of transmitted information.
Without protection of the transmitted information, confidentiality and integrity may be compromised since unprotected communications can be intercepted and either read or altered. Communication p...Rule High Severity -
Prisma Cloud Compute must be running the latest release.
Prisma Cloud Compute releases are distributed as Docker images. Each release updates or removes components as needed based on the vulnerabilities associated with the component or the functional nee...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.