DISA STIG Compliance Template

Prisma Cloud offers a compliance template for DISA STIGs. In many cases, DISA STIG checks map to checks already supported in the product. In some cases, we’ve implemented checks specifically to support STIGs.
Release v21_04_412 include the Docker Enterprise 2.x Linux/UNIX STIG compliance checks into the “DISA STIG” compliance template. When you create a new compliance policy and select the DISA STIG compliance template, you will automatically receive alerts based on the checks aligned with the STIG. The mapping of the STIG_ID to Prisma Cloud Compute Compliance Check ID can be found here.

Release STIG findings

Every release of Prisma Cloud Compute we perform an SCAP scan of the Console and Defender images. The scan is performed with OpenSCAP using the Compliance as Code benchmark checks:
  • Benchmark URL: scap-security-guide-<latest>/ssg-rhel8-ds.xml
  • Benchmark ID: xccdf_org.ssgproject.content_benchmark_RHEL-8
  • Profile ID: xccdf_org.ssgproject.content_profile_stig
All Prisma Cloud Compute findings are posted here.

Isolated upgrades

Some deployments of Prisma Cloud Compute are only provided the updated container images. The supported and documented upgrade process requires the generation of new Console Deployment and Defender daemonSet yamls. The tools to perform the required upgrade tasks are posted here.

Recommended For You