Prisma Cloud Compute must be configured to scan images that have not been instantiated as containers.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-253544 | CNTR-PC-001220 | SV-253544r961473_rule | CCI-000381 | high |
| Description | ||||
| Prisma Cloud Compute ships with "only scan images with running containers" set to "on". To meet the requirements, "only scan images with running containers" must be set to "off" to disable or remove components that are not required. | ||||
| STIG | Date | |||
| Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide | 2024-12-06 | |||
Related Frameworks
3 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
CM-7
1.00
- DISA · 2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1711 mapping
3.4.6
1.00
- DISA · 2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000381
1.00
- DISA · 2 · disa_xccdf · related
Details
Check Text (C-253544r961473_chk)
Navigate to Prisma Cloud Compute Console's >> Manage >> System >> Scan tab.
Verify that for Running images, For Running images, "Only scan images with running containers" is set to "Off".
If "Only scan images with running containers" is set to "On", this is a finding.
Fix Text (F-56947r840469_fix)
Navigate to Prisma Cloud Compute Console's >> Manage >> System >> Scan tab.
For Running images:
- Set "Only scan images with running containers" = "Off".
- Click "Save".