UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Access to Prisma Cloud Compute must be managed based on user need and least privileged using external identity providers for authentication and grouping to role-based assignments when possible.


Overview

Finding ID Version Rule ID IA Controls Severity
V-253523 CNTR-PC-000030 SV-253523r986173_rule Medium
Description
Integration with an organization's existing identity management policies technologies reduces the threat of account compromise and misuse. Centralized authentication services provide additional functionality to fulfill security requirements: - Multifactor authentication. - Disabling users after a period of time. - Encrypted storage and transmission of secure information. - Secure authentication protocols such as LDAP over TLS or LDAPS using FIPS 140-2 approved encryption modules. - PKI-based authentication. Satisfies: SRG-APP-000023-CTR-000055, SRG-APP-000024-CTR-000060, SRG-APP-000025-CTR-000065, SRG-APP-000033-CTR-000095, SRG-APP-000065-CTR-000115, SRG-APP-000068-CTR-000120, SRG-APP-000069-CTR-000125, SRG-APP-000149-CTR-000355, SRG-APP-000150-CTR-000360, SRG-APP-000151-CTR-000365, SRG-APP-000152-CTR-000370, SRG-APP-000163-CTR-000395, SRG-APP-000165-CTR-000405, SRG-APP-000170-CTR-000430, SRG-APP-000173-CTR-000445, SRG-APP-000174-CTR-000450, SRG-APP-000291-CTR-000675, SRG-APP-000292-CTR-000680, SRG-APP-000293-CTR-000685, SRG-APP-000294-CTR-000690, SRG-APP-000317-CTR-000735, SRG-APP-000318-CTR-000740, SRG-APP-000345-CTR-000785, SRG-APP-000397-CTR-000955
STIG Date
Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide 2024-06-10

Details

Check Text ( C-56975r840405_chk )
Confirm the Prisma Cloud Console has been configured from SAML-based authentication.

Navigate to Prisma Cloud Compute Console's Manage >> Authentication >> Identity Providers tab.

Verify SAML settings are "Enabled" and an identity provider has been configured.

If SAML settings are not enabled and an identity provider has not been configured, this is a finding.
Fix Text (F-56926r840406_fix)
Configure Prisma Cloud Console for SAML-based authentication in which the SAML IdP enforces multifactor authentication (e.g., x509/smartcard authentication).

Navigate to Prisma Cloud Compute Console's Manage >> Authentication >> Identity Providers:
- Click "Add provider".
- For Protocol, select "SAML".
- For Identity provider, select provider.
- Configure the settings and click "Save".
SAML settings = Enabled
 
Configure an SAML identity provider that enforces privileged account multifactor authentication for the Prisma Cloud Compute service provider.