Skip to content
Log In

Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Prisma Cloud Compute must run within a defined/separate namespace (e.g., Twistlock).

    Namespaces are a key boundary for network policies, orchestrator access control restrictions, and other important security controls. Prisma Cloud Compute containers running within a separate and ex...
    Rule Medium Severity
    Show

  • SRG-APP-000439-CTR-001080

    Group
    Show

  • SRG-APP-000454-CTR-001110

    Group
    Show

  • SRG-APP-000456-CTR-001130

    Group
    Show

  • Prisma Cloud Compute's Intelligence Stream must be kept up to date.

    The Prisma Cloud Compute Console pulls the latest vulnerability and threat information from the Intelligence Stream (intelligence.twistlock.com). The Prisma Cloud Intelligence Stream provides timel...
    Rule Medium Severity
    Show

  • SRG-APP-000473-CTR-001175

    Group
    Show

  • SRG-APP-000610-CTR-001385

    Group
    Show

  • Prisma Cloud Compute Console must use TLS 1.2 for user interface and API access. Communication TCP ports must adhere to the Ports, Protocols, and Services Management Category Assurance Levels (PSSM CAL).

    Communication to Prisma Cloud Compute Console's User Interface (UI) and API is protected by TLS v1.2+ (HTTPS). By default, only HTTPS communication to the Console's UI and API endpoints is enabled....
    Rule High Severity
    Show

  • Prisma Cloud Compute Collections must be used to partition views and enforce organizational-defined need-to-know access.

    Prisma Cloud Compute Collections are used to scope rules to target specific resources in an environment, partition views, and enforce which views specific users and groups can access. Collections c...
    Rule Medium Severity
    Show

  • Prisma Cloud Compute Cloud Native Network Firewall (CNNF) automatically monitors layer 4 (TCP) intercontainer communications. Enforcement policies must be created.

    Network segmentation and compartmentalization are important parts of a comprehensive defense-in-depth strategy. CNNF works as an east-west firewall for containers. It limits damage by preventing at...
    Rule High Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules