Check: CNTR-PC-000130
Palo Alto Networks Prisma Cloud Compute STIG:
CNTR-PC-000130
(in versions v1 r3 through v1 r1)
Title
Prisma Cloud Compute Collections must be used to partition views and enforce organizational-defined need-to-know access. (Cat II impact)
Discussion
Prisma Cloud Compute Collections are used to scope rules to target specific resources in an environment, partition views, and enforce which views specific users and groups can access. Collections can control access to data on a need-to-know basis.
Check Content
Navigate to Prisma Cloud Compute Console's >> Manage >> Collections and Tags >> Collections tab. Review the Collections according to organizational policy. If no organizational-specific Collections are defined, this is a finding.
Fix Text
Navigate to Prisma Cloud Compute Console's >> Manage >> Collections and Tags >> Collections tab. Create a collection: - Click "Add Collection". - Enter a name and description and then specify a filter to target specific resources. - Click "Save".
Additional Identifiers
Rule ID: SV-253525r879533_rule
Vulnerability ID: V-253525
Group Title: SRG-APP-000038-CTR-000105
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001368 |
The information system enforces approved authorizations for controlling the flow of information within the system based on organization-defined information flow control policies. |
Controls
Number | Title |
---|---|
AC-4 |
Information Flow Enforcement |