Skip to content
Log In

Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-APP-000014-CTR-000040

    Group
    Show

  • SRG-APP-000023-CTR-000055

    Group
    Show

  • Access to Prisma Cloud Compute must be managed based on user need and least privileged using external identity providers for authentication and grouping to role-based assignments when possible.

    Integration with an organization's existing identity management policies technologies reduces the threat of account compromise and misuse. Centralized authentication services provide additional fu...
    Rule Medium Severity
    Show

  • SRG-APP-000033-CTR-000100

    Group
    Show

  • Users requiring access to Prisma Cloud Compute's Credential Store must be assigned and accessed by the appropriate role holders.

    The container platform keystore is used to store credentials that are used to build a trust between the container platform and an external source. This trust relationship is authorized by the organ...
    Rule Medium Severity
    Show

  • SRG-APP-000038-CTR-000105

    Group
    Show

  • SRG-APP-000039-CTR-000110

    Group
    Show

  • SRG-APP-000097-CTR-000180

    Group
    Show

  • Prisma Cloud Compute Defender must be deployed to containerization nodes that are to be monitored.

    Container platforms distribute workloads across several nodes. The ability to uniquely identify an event within an environment is critical. Prisma Cloud Compute Container Runtime audits record the ...
    Rule Medium Severity
    Show

  • SRG-APP-000099-CTR-000190

    Group
    Show

  • SRG-APP-000101-CTR-000205

    Group
    Show

  • The configuration integrity of the container platform must be ensured and runtime policies must be configured.

    Prisma Cloud Compute's runtime defense is the set of features that provides both predictive and threat-based active protection for running containers. Consistent application of Prisma Cloud Comput...
    Rule High Severity
    Show

  • SRG-APP-000111-CTR-000220

    Group
    Show

  • Prisma Cloud Compute must be configured to send events to the hosts' syslog.

    Event log collection is critical in ensuring the security of a containerized environment due to the ephemeral nature of the workloads. In an environment that is continually in flux, audit logs must...
    Rule Medium Severity
    Show

  • SRG-APP-000133-CTR-000295

    Group
    Show

  • Prisma Cloud Compute host compliance baseline policies must be set.

    Consistent application of Prisma Cloud Compute compliance policies ensures the continual application of policies and the associated effects. Satisfies: SRG-APP-000133-CTR-000295, SRG-APP-000133-CT...
    Rule High Severity
    Show

  • SRG-APP-000133-CTR-000305

    Group
    Show

  • SRG-APP-000141-CTR-000320

    Group
    Show

  • SRG-APP-000142-CTR-000330

    Group
    Show

  • Prisma Cloud Compute must use TCP ports above 1024.

    Privileged ports are ports below 1024 that require system privileges for their use. If containers are able to use these ports, the container must be run as a privileged user. The container platform...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules