Check: CNTR-PC-000510
Palo Alto Networks Prisma Cloud Compute STIG:
CNTR-PC-000510
(in versions v1 r3 through v1 r1)
Title
All Prisma Cloud Compute users must have a unique, individual account. (Cat II impact)
Discussion
Prisma Cloud Compute does not have a default account. During installation, the installer creates an administrator. This account can be removed once other accounts have been added. To ensure accountability and prevent unauthenticated access, users must be identified and authenticated to prevent potential misuse and compromise of the system.
Check Content
Confirm there is only one "break glass" local administrative account. Navigate to Prisma Cloud Compute Console's Manage >> Authentication >> Users tab. Only the administrative break glass account is allowed to have Authentication Method = Local. For all other accounts, Authentication Method = SAML. If any local account, except the administrative break glass account, has Authentication Method set to other than "SAML", this is a finding.
Fix Text
Navigate to Prisma Cloud Compute Console's >> Manage >> Authentication >> Users tab. Ensure only the break glass administrator account is a "local" account. Delete all other local accounts and use the SAML identity provider for all authentication and authorization to the Prisma Cloud Compute Console.
Additional Identifiers
Rule ID: SV-253535r879589_rule
Vulnerability ID: V-253535
Group Title: SRG-APP-000148-CTR-000335
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000764 |
The information system uniquely identifies and authenticates organizational users (or processes acting on behalf of organizational users). |
Controls
Number | Title |
---|---|
IA-2 |
Identification And Authentication (Organizational Users) |