III - Administrative Sensitive
Rules and Groups employed by this XCCDF Profile
-
SRG-APP-000133-CTR-000305
Group -
The configuration integrity of the container platform must be ensured and compliance policies must be configured.
Consistent application of Prisma Cloud Compute compliance policies ensures the continual application of policies and the associated effects. Prisma Cloud Compute's configurations must be monitored ...Rule High Severity -
SRG-APP-000141-CTR-000320
Group -
Images stored within the container registry must contain only images to be run as containers within the container platform.
The Prisma Cloud Compute Trusted Images feature allows the declaration, by policy, of which registries, repositories, and images to trust and how to respond when untrusted images are started in the...Rule Medium Severity -
SRG-APP-000142-CTR-000330
Group -
Prisma Cloud Compute must use TCP ports above 1024.
Privileged ports are ports below 1024 that require system privileges for their use. If containers are able to use these ports, the container must be run as a privileged user. The container platform...Rule Medium Severity -
SRG-APP-000148-CTR-000335
Group -
All Prisma Cloud Compute users must have a unique, individual account.
Prisma Cloud Compute does not have a default account. During installation, the installer creates an administrator. This account can be removed once other accounts have been added. To ensure account...Rule Medium Severity -
SRG-APP-000148-CTR-000345
Group -
Prisma Cloud Compute Console must run as nonroot user (uid 2674).
Containers not requiring root-level permissions must run as a unique user account. To ensure accountability and prevent unauthenticated access to containers, the user the container is using to exec...Rule Medium Severity -
SRG-APP-000153-CTR-000375
Group -
Prisma Cloud Compute must be configured with unique user accounts.
Sharing accounts, such as group accounts, reduces the accountability and integrity of Prisma Cloud Compute.Rule Medium Severity -
SRG-APP-000164-CTR-000400
Group -
Prisma Cloud Compute local accounts must enforce strong password requirements.
Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resistin...Rule Medium Severity -
SRG-APP-000177-CTR-000465
Group -
Prisma Cloud Compute must be configured to require local user accounts to use x.509 multifactor authentication.
Without the use of multifactor authentication, the ease of access to privileged functions is greatly increased. Multifactor authentication requires using two or more factors to achieve authenticat...Rule Medium Severity -
SRG-APP-000243-CTR-000595
Group -
Prisma Cloud Compute must prevent unauthorized and unintended information transfer.
Prisma Cloud Compute Compliance policies must be enabled to ensure running containers do not access privileged resources. Satisfies: SRG-APP-000243-CTR-000595, SRG-APP-000243-CTR-000600, SRG-APP-0...Rule Medium Severity -
SRG-APP-000266-CTR-000625
Group -
Prisma Cloud Compute must not write sensitive data to event logs.
The determination of what is sensitive data varies from organization to organization. The organization must ensure the recipients for the event log information have a need to know and the log is sa...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.