Defense Information Systems Agency (DISA) STIG Support for Prisma Cloud Compute Edition

Security Technical Implementation Guides (STIGs) contain technical guidance on how to lock down systems that might otherwise be vulnerable to attack. This document provides the different options for deploying and operating Prisma Cloud Compute Edition (self-hosted) within environments that adhere to public-sector and Department of Defense guidance.

DISA STIG: Application Security and Development Findings

The findings based upon the vulnerability severity category codes can be found here.

DISA STIG Scan Findings and Justifications for Software Releases

Every release of Prisma Cloud Compute Edition we perform an SCAP scan of the Console and Defender images. The scan is performed with OpenSCAP using the Compliance as Code benchmark checks:
  • Benchmark URL: scap-security-guide-<latest>/ssg-rhel8-ds.xml
  • Benchmark ID: xccdf_org.ssgproject.content_benchmark_RHEL-8
  • Profile ID: xccdf_org.ssgproject.content_profile_stig
All Prisma Cloud Compute findings are posted here.

DISA STIG Compliance Template

Release v21_04_412 include the Docker Enterprise 2.x Linux/UNIX STIG compliance checks into the “DISA STIG” compliance template. When you create a new compliance policy and select the DISA STIG compliance template, you will automatically receive alerts based on the checks aligned with the STIG. The mapping of the STIG_ID to Prisma Cloud Compute Compliance Check ID can be found here.

DISA STIG for Prisma Cloud Compute Edition Configuration

Palo Alto Networks is in the process of developing a DISA STIG for the configuration of your Prisma Cloud Compute implementation. For details, see here.

Recommended For You