Check: CNTR-PC-001250
Palo Alto Networks Prisma Cloud Compute STIG:
CNTR-PC-001250
(in versions v1 r3 through v1 r1)
Title
Prisma Cloud Compute Defender must reestablish communication to the Console via mutual TLS v1.2 WebSocket session. (Cat II impact)
Discussion
When the secure WebSocket session between the Prisma Cloud Compute Console and Defenders is disconnected, the Defender will continually attempt to reestablish the session. Without reauthentication, unidentified or unknown devices may be introduced; thereby facilitating malicious activity. The Console must be configured to remove a Defender that has not established a connection in a specified period of days.
Check Content
Navigate to Prisma Cloud Compute Console's >> Manage >> Defenders. Select the "Manage" tab. Select the "Defenders" tab. Click "Advanced Settings". If "Automatically remove disconnected Defenders after (days)" is not configured to the organization's policies, this is a finding.
Fix Text
Navigate to Prisma Cloud Compute's Manage >> Defenders. Select the "Manage" tab. Select the "Defenders" tab. Click "Advanced Settings". Set the "Automatically remove disconnected Defenders after (days)" value to the organization's defined period.
Additional Identifiers
Rule ID: SV-253545r879763_rule
Vulnerability ID: V-253545
Group Title: SRG-APP-000390-CTR-000930
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-002009 |
The information system accepts Personal Identity Verification (PIV) credentials from other federal agencies. |
CCI-002039 |
The organization requires devices to reauthenticate upon organization-defined circumstances or situations requiring reauthentication. |