Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Prisma Cloud Compute must be configured with unique user accounts.
<VulnDiscussion>Sharing accounts, such as group accounts, reduces the accountability and integrity of Prisma Cloud Compute.</VulnDiscussio...Rule Medium Severity -
SRG-APP-000164-CTR-000400
<GroupDescription></GroupDescription>Group -
All Prisma Cloud Compute users must have a unique, individual account.
<VulnDiscussion>Prisma Cloud Compute does not have a default account. During installation, the installer creates an administrator. This accou...Rule Medium Severity -
SRG-APP-000148-CTR-000345
<GroupDescription></GroupDescription>Group -
Prisma Cloud Compute must be configured to scan images that have not been instantiated as containers.
<VulnDiscussion>Prisma Cloud Compute ships with "only scan images with running containers" set to "on". To meet the requirements, "only scan ...Rule High Severity -
SRG-APP-000023-CTR-000055
<GroupDescription></GroupDescription>Group -
SRG-APP-000390-CTR-000930
<GroupDescription></GroupDescription>Group -
Configuration of Prisma Cloud Compute must be continuously verified.
<VulnDiscussion>Prisma Cloud Compute's configuration of Defender deployment must be monitored to ensure monitoring and protection of the envi...Rule Medium Severity -
SRG-APP-000610-CTR-001385
<GroupDescription></GroupDescription>Group -
Prisma Cloud Compute Console must run as nonroot user (uid 2674).
<VulnDiscussion>Containers not requiring root-level permissions must run as a unique user account. To ensure accountability and prevent unaut...Rule Medium Severity -
SRG-APP-000153-CTR-000375
<GroupDescription></GroupDescription>Group -
Prisma Cloud Compute must be configured for forensic data collection.
<VulnDiscussion>Prisma Cloud Compute correlates raw audit data to actionable security intelligence, enabling a more rapid and effective respo...Rule Medium Severity -
SRG-APP-000101-CTR-000205
<GroupDescription></GroupDescription>Group -
SRG-APP-000033-CTR-000100
<GroupDescription></GroupDescription>Group -
Users requiring access to Prisma Cloud Compute's Credential Store must be assigned and accessed by the appropriate role holders.
<VulnDiscussion>The container platform keystore is used to store credentials that are used to build a trust between the container platform an...Rule Medium Severity -
SRG-APP-000038-CTR-000105
<GroupDescription></GroupDescription>Group -
Prisma Cloud Compute Collections must be used to partition views and enforce organizational-defined need-to-know access.
<VulnDiscussion>Prisma Cloud Compute Collections are used to scope rules to target specific resources in an environment, partition views, and...Rule Medium Severity -
SRG-APP-000039-CTR-000110
<GroupDescription></GroupDescription>Group -
Prisma Cloud Compute Cloud Native Network Firewall (CNNF) automatically monitors layer 4 (TCP) intercontainer communications. Enforcement policies must be created.
<VulnDiscussion>Network segmentation and compartmentalization are important parts of a comprehensive defense-in-depth strategy. CNNF works as...Rule High Severity -
SRG-APP-000097-CTR-000180
<GroupDescription></GroupDescription>Group -
Prisma Cloud Compute Defender must be deployed to containerization nodes that are to be monitored.
<VulnDiscussion>Container platforms distribute workloads across several nodes. The ability to uniquely identify an event within an environmen...Rule Medium Severity -
SRG-APP-000099-CTR-000190
<GroupDescription></GroupDescription>Group -
The configuration integrity of the container platform must be ensured and runtime policies must be configured.
<VulnDiscussion>Prisma Cloud Compute's runtime defense is the set of features that provides both predictive and threat-based active protectio...Rule High Severity -
SRG-APP-000111-CTR-000220
<GroupDescription></GroupDescription>Group -
Prisma Cloud Compute must be configured to send events to the hosts' syslog.
<VulnDiscussion>Event log collection is critical in ensuring the security of a containerized environment due to the ephemeral nature of the w...Rule Medium Severity -
SRG-APP-000133-CTR-000295
<GroupDescription></GroupDescription>Group -
Prisma Cloud Compute host compliance baseline policies must be set.
<VulnDiscussion>Consistent application of Prisma Cloud Compute compliance policies ensures the continual application of policies and the asso...Rule High Severity -
SRG-APP-000133-CTR-000305
<GroupDescription></GroupDescription>Group -
The configuration integrity of the container platform must be ensured and compliance policies must be configured.
<VulnDiscussion>Consistent application of Prisma Cloud Compute compliance policies ensures the continual application of policies and the asso...Rule High Severity -
SRG-APP-000141-CTR-000320
<GroupDescription></GroupDescription>Group -
Images stored within the container registry must contain only images to be run as containers within the container platform.
<VulnDiscussion>The Prisma Cloud Compute Trusted Images feature allows the declaration, by policy, of which registries, repositories, and ima...Rule Medium Severity -
SRG-APP-000142-CTR-000330
<GroupDescription></GroupDescription>Group -
Prisma Cloud Compute must use TCP ports above 1024.
<VulnDiscussion>Privileged ports are ports below 1024 that require system privileges for their use. If containers are able to use these ports...Rule Medium Severity -
SRG-APP-000148-CTR-000335
<GroupDescription></GroupDescription>Group -
Prisma Cloud Compute release tar distributions must have an associated SHA-256 digest.
<VulnDiscussion>Each Prisma Cloud Compute release's tar file has an associated SHA-256 digest hash value to ensure the components have not be...Rule Medium Severity -
Prisma Cloud Compute local accounts must enforce strong password requirements.
<VulnDiscussion>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, ...Rule Medium Severity -
SRG-APP-000177-CTR-000465
<GroupDescription></GroupDescription>Group -
Prisma Cloud Compute must be configured to require local user accounts to use x.509 multifactor authentication.
<VulnDiscussion>Without the use of multifactor authentication, the ease of access to privileged functions is greatly increased. Multifactor ...Rule Medium Severity -
SRG-APP-000243-CTR-000595
<GroupDescription></GroupDescription>Group -
Prisma Cloud Compute must prevent unauthorized and unintended information transfer.
<VulnDiscussion>Prisma Cloud Compute Compliance policies must be enabled to ensure running containers do not access privileged resources. Sa...Rule Medium Severity -
SRG-APP-000266-CTR-000625
<GroupDescription></GroupDescription>Group -
Prisma Cloud Compute must not write sensitive data to event logs.
<VulnDiscussion>The determination of what is sensitive data varies from organization to organization. The organization must ensure the recipi...Rule Medium Severity -
SRG-APP-000357-CTR-000800
<GroupDescription></GroupDescription>Group -
The node that runs Prisma Cloud Compute containers must have sufficient disk space to allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.
<VulnDiscussion>To ensure sufficient storage capacity in which to write the audit logs, Prisma Cloud compute must be able to allocate audit r...Rule Medium Severity -
SRG-APP-000384-CTR-000915
<GroupDescription></GroupDescription>Group -
The configuration integrity of the container platform must be ensured and vulnerabilities policies must be configured.
<VulnDiscussion>Prisma Cloud Compute's vulnerabilities defense is the set of features that provides both predictive and threat-based active p...Rule High Severity -
SRG-APP-000384-CTR-000915
<GroupDescription></GroupDescription>Group -
Prisma Cloud Compute Defender must reestablish communication to the Console via mutual TLS v1.2 WebSocket session.
<VulnDiscussion>When the secure WebSocket session between the Prisma Cloud Compute Console and Defenders is disconnected, the Defender will c...Rule Medium Severity -
SRG-APP-000414-CTR-001010
<GroupDescription></GroupDescription>Group -
Prisma Cloud Compute Defender containers must run as root.
<VulnDiscussion>In certain situations, the nature of the vulnerability scanning may be more intrusive, or the container platform component th...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.