Check: CNTR-PC-001220
Palo Alto Networks Prisma Cloud Compute STIG:
CNTR-PC-001220
(in versions v1 r3 through v1 r1)
Title
Prisma Cloud Compute must be configured to scan images that have not been instantiated as containers. (Cat I impact)
Discussion
Prisma Cloud Compute ships with "only scan images with running containers" set to "on". To meet the requirements, "only scan images with running containers" must be set to "off" to disable or remove components that are not required.
Check Content
Navigate to Prisma Cloud Compute Console's >> Manage >> System >> Scan tab. Verify that for Running images, For Running images, "Only scan images with running containers" is set to "Off". If "Only scan images with running containers" is set to "On", this is a finding.
Fix Text
Navigate to Prisma Cloud Compute Console's >> Manage >> System >> Scan tab. For Running images: - Set "Only scan images with running containers" = "Off". - Click "Save".
Additional Identifiers
Rule ID: SV-253544r879757_rule
Vulnerability ID: V-253544
Group Title: SRG-APP-000384-CTR-000915
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000381 |
The organization configures the information system to provide only essential capabilities. |
Controls
Number | Title |
---|---|
CM-7 |
Least Functionality |