Prisma Cloud Compute must be configured to require local user accounts to use x.509 multifactor authentication.

An XCCDF Rule

Description

Without the use of multifactor authentication, the ease of access to privileged functions is greatly increased. Multifactor authentication requires using two or more factors to achieve authentication. Factors include: (i) something a user knows (e.g., password/PIN); (ii) something a user has (e.g., cryptographic identification device, token); or (iii) something a user is (e.g., biometric). User access to Prisma Cloud Compute must use multifactor (x.509 based) authentication. Satisfies: SRG-APP-000177-CTR-000465, SRG-APP-000391-CTR-000935, SRG-APP-000401-CTR-000965, SRG-APP-000402-CTR-000970, SRG-APP-000605-CTR-001380

ID: SV-253539r1015787_rule
Version: CNTR-PC-000750
Severity: Medium
References: CCI-000187 CCI-001857 CCI-001953 CCI-001991 CCI-002009 CCI-004068
Updated: about 2 months ago

Remediation Templates

Navigate to Prisma Cloud Compute Console's >> Manage >> Authentication >> System Certificate tab.

Revocation block: Set "Enable certificate revocation checking" to "On" and click "Save".

In the "Certificate-based authentication to Console" block, import the smart card's issuing CA's chain of trust to the Console CA certificate(s) field. Click "Save".
Click the "Users" tab. (Accounts cannot be edited. They must be removed and recreated correctly.)

Delete account:
- Click the three-dot menu. 
- Click "Delete" and confirm "Delete User".

Create a local user account where the local user account name matches the user's x.509 certificate's subjectName or subject alternative name's PrincipalName value:
- Click "+Add user".
  Authentication Source = Local
  Username = subject alternative name's PrincipalName value
  Password = random password that is not given to the user
- Assign Role.
- Click "Save".

Prisma Cloud Compute must be configured to require local user accounts to use x.509 multifactor authentication.

Description

Remediation Templates

A Manual Procedure