Skip to content

III - Administrative Classified

Rules and Groups employed by this XCCDF Profile

  • SRG-APP-000141-CTR-000320

    <GroupDescription></GroupDescription>
    Group
  • Images stored within the container registry must contain only images to be run as containers within the container platform.

    &lt;VulnDiscussion&gt;The Prisma Cloud Compute Trusted Images feature allows the declaration, by policy, of which registries, repositories, and ima...
    Rule Medium Severity
  • SRG-APP-000142-CTR-000330

    <GroupDescription></GroupDescription>
    Group
  • Prisma Cloud Compute must use TCP ports above 1024.

    &lt;VulnDiscussion&gt;Privileged ports are ports below 1024 that require system privileges for their use. If containers are able to use these ports...
    Rule Medium Severity
  • SRG-APP-000148-CTR-000335

    <GroupDescription></GroupDescription>
    Group
  • All Prisma Cloud Compute users must have a unique, individual account.

    &lt;VulnDiscussion&gt;Prisma Cloud Compute does not have a default account. During installation, the installer creates an administrator. This accou...
    Rule Medium Severity
  • SRG-APP-000148-CTR-000345

    <GroupDescription></GroupDescription>
    Group
  • Prisma Cloud Compute Console must run as nonroot user (uid 2674).

    &lt;VulnDiscussion&gt;Containers not requiring root-level permissions must run as a unique user account. To ensure accountability and prevent unaut...
    Rule Medium Severity
  • SRG-APP-000153-CTR-000375

    <GroupDescription></GroupDescription>
    Group
  • Prisma Cloud Compute must be configured with unique user accounts.

    &lt;VulnDiscussion&gt;Sharing accounts, such as group accounts, reduces the accountability and integrity of Prisma Cloud Compute.&lt;/VulnDiscussio...
    Rule Medium Severity
  • SRG-APP-000164-CTR-000400

    <GroupDescription></GroupDescription>
    Group
  • Prisma Cloud Compute local accounts must enforce strong password requirements.

    &lt;VulnDiscussion&gt;Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, ...
    Rule Medium Severity
  • SRG-APP-000177-CTR-000465

    <GroupDescription></GroupDescription>
    Group
  • Prisma Cloud Compute must be configured to require local user accounts to use x.509 multifactor authentication.

    &lt;VulnDiscussion&gt;Without the use of multifactor authentication, the ease of access to privileged functions is greatly increased. Multifactor ...
    Rule Medium Severity
  • SRG-APP-000243-CTR-000595

    <GroupDescription></GroupDescription>
    Group
  • Prisma Cloud Compute must prevent unauthorized and unintended information transfer.

    &lt;VulnDiscussion&gt;Prisma Cloud Compute Compliance policies must be enabled to ensure running containers do not access privileged resources. Sa...
    Rule Medium Severity
  • SRG-APP-000266-CTR-000625

    <GroupDescription></GroupDescription>
    Group
  • Prisma Cloud Compute must not write sensitive data to event logs.

    &lt;VulnDiscussion&gt;The determination of what is sensitive data varies from organization to organization. The organization must ensure the recipi...
    Rule Medium Severity
  • SRG-APP-000357-CTR-000800

    <GroupDescription></GroupDescription>
    Group
  • The node that runs Prisma Cloud Compute containers must have sufficient disk space to allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.

    &lt;VulnDiscussion&gt;To ensure sufficient storage capacity in which to write the audit logs, Prisma Cloud compute must be able to allocate audit r...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules