UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Prisma Cloud Compute release tar distributions must have an associated SHA-256 digest.


Overview

Finding ID Version Rule ID IA Controls Severity
V-253552 CNTR-PC-001770 SV-253552r879898_rule Medium
Description
Each Prisma Cloud Compute release's tar file has an associated SHA-256 digest hash value to ensure the components have not been modified.
STIG Date
Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide 2023-06-05

Details

Check Text ( C-57004r840492_chk )
Offline Intelligence Stream:

If using Iron Bank distribution of Prisma Cloud Compute Console and Defenders, verify the Console and Defender imageID SHA256 values match the Palo Alto Networks published release values.

For the Console and Defender images, perform the following command:
$ docker inspect twistlock/private:console_22_01_839 | grep '"Image":'
"Image": "sha256:dcd881fe9c796ed08867c242389737c4f2e8ab463377a90deddc0add4c3e8524",

If the imageID values do not match the published release SHA256 for the version of the image release, this is a finding.

Note: Image tag will be the release number, e.g., console_22_01_839. Published release image sha values are published here: https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-compute-edition-public-sector/isolated_upgrades/releases.html
Fix Text (F-56955r840493_fix)
Deploy the latest version from https://support.paloaltonetworks.com.