Users requiring access to Prisma Cloud Compute's Credential Store must be assigned and accessed by the appropriate role holders.
An XCCDF Rule
Description
<VulnDiscussion>The container platform keystore is used to store credentials that are used to build a trust between the container platform and an external source. This trust relationship is authorized by the organization. If a malicious user were to have access to the container platform keystore, two negative scenarios could develop: 1. Keys not approved could be introduced. 2. Approved keys could be deleted, leading to the introduction of container images from sources the organization never approved. To thwart this threat, it is important to protect the container platform keystore and give access to only individuals and roles approved by the organization. Satisfies: SRG-APP-000033-CTR-000100, SRG-APP-000118-CTR-000240, SRG-APP-000121-CTR-000255, SRG-APP-000133-CTR-000300, SRG-APP-000211-CTR-000530, SRG-APP-000233-CTR-000585, SRG-APP-000340-CTR-000770, SRG-APP-000380-CTR-000900</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-253524r960792_rule
- Severity
- Medium
- Updated
Remediation - Manual Procedure
Navigate to Prisma Cloud Compute Console's >> Manage >> Authentication >> Users tab.
- Set the users' role assignments to the ones who have the authority to review the audit data.
- Assign roles to all users and groups.
- Assign administrator and operator roles only to the users requiring the rights to modify the Prisma Cloud Compute's Credential Store.
- Remove the Administrator or Operator role for users who do not require access.