The configuration integrity of the container platform must be ensured and compliance policies must be configured.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-253532	CNTR-PC-000450	SV-253532r840434_rule		High

Description
Consistent application of Prisma Cloud Compute compliance policies ensures the continual application of policies and the associated effects. Prisma Cloud Compute's configurations must be monitored for configuration drift and addressed according to organizational policy. Satisfies: SRG-APP-000133-CTR-000305, SRG-APP-000384-CTR-000915, SRG-APP-000435-CTR-001070, SRG-APP-000472-CTR-001170

STIG	Date
Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide	2022-08-24

Details

Check Text ( C-56984r840432_chk )
Verify compliance policies are enabled. Navigate to Prisma Cloud Compute Console's Defend >> Compliance. Select the "Code repositories" tab. Select the "Repositories" and "CI" tab. - If "Default – alert all components" does not exist, this is a finding. - Click the three dots in the "Actions" column for rule "Default - alert all components". - If the policy is disabled, this is a finding. - Click the "Default – alert all components" policy row. - If the "Default - alert on critical and high" policy is not scoped to "All", this is a finding. Select the "Containers and images" tab. For the "Deployed" and "CI" tab: - If the "Default - alert on critical and high" does not exist, this is a finding. - Click the three dots in the "Actions" column for rule "Default - alert on critical and high". - If the policy is disabled, this is a finding. - Click the "Default - alert on critical and high" policy row. - If the "Default - alert on critical and high" policy is not scoped to "All", this is a finding. Select the "Hosts" tab. For the "Running hosts" and "VM images" tab: - If the "Default - alert on critical and high" does not exist, this is a finding. - Click the three dots in the "Actions" column for rule "Default - alert on critical and high". - If the policy is disabled, this is a finding. - Click the "Default - alert on critical and high" policy row. - If the "Default - alert on critical and high" policy is not scoped to "All", this is a finding. Select the "Functions" tab. For the "Functions" and "CI" tab: - If the "Default – alert all components" does not exist, this is a finding. - Click the three dots in the "Actions" column for rule "Default -alert all components". - If the policy is disabled, this is a finding. - Click the "Default - alert all components" policy row. - If the "Default - alert on critical and high" policy is not scoped to "All", this is a finding.

Check Text ( C-56984r840432_chk )

Verify compliance policies are enabled.

Navigate to Prisma Cloud Compute Console's Defend >> Compliance.

Select the "Code repositories" tab.
Select the "Repositories" and "CI" tab.
- If "Default – alert all components" does not exist, this is a finding.
- Click the three dots in the "Actions" column for rule "Default - alert all components".
- If the policy is disabled, this is a finding.
- Click the "Default – alert all components" policy row.
- If the "Default - alert on critical and high" policy is not scoped to "All", this is a finding.

Select the "Containers and images" tab.
For the "Deployed" and "CI" tab:
- If the "Default - alert on critical and high" does not exist, this is a finding.
- Click the three dots in the "Actions" column for rule "Default - alert on critical and high".
- If the policy is disabled, this is a finding.
- Click the "Default - alert on critical and high" policy row.
- If the "Default - alert on critical and high" policy is not scoped to "All", this is a finding.

Select the "Hosts" tab.
For the "Running hosts" and "VM images" tab:
- If the "Default - alert on critical and high" does not exist, this is a finding.
- Click the three dots in the "Actions" column for rule "Default - alert on critical and high".
- If the policy is disabled, this is a finding.
- Click the "Default - alert on critical and high" policy row.
- If the "Default - alert on critical and high" policy is not scoped to "All", this is a finding.

Select the "Functions" tab.
For the "Functions" and "CI" tab:
- If the "Default – alert all components" does not exist, this is a finding.
- Click the three dots in the "Actions" column for rule "Default -alert all components".
- If the policy is disabled, this is a finding.
- Click the "Default - alert all components" policy row.
- If the "Default - alert on critical and high" policy is not scoped to "All", this is a finding.

Fix Text (F-56935r840433_fix)
Enable compliance policies. Navigate to Prisma Cloud Compute Console's Defend >> Compliance and click tab to be edited. To add rule: - Click "Add rule." - Enter rule name. Scope = All - Accept the defaults and click "Save". Click the rule's three-dot menu. Set to "Enable". Click the rule row. - Change the policy scope to "All". - Click "Save".