← Back to Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide

V-253535

CAT II (Medium)

All Prisma Cloud Compute users must have a unique, individual account.

Rule ID

SV-253535r1051115_rule

STIG

Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide

Version

V2R3

CCIs

CCI-000764

Discussion

Prisma Cloud Compute does not have a default account. During installation, the installer creates an administrator. This account can be removed once other accounts have been added. To ensure accountability and prevent unauthenticated access, users must be identified and authenticated to prevent potential misuse and compromise of the system.

Check Content

Confirm there is only one "break glass" local administrative account. 

Navigate to Prisma Cloud Compute Console's Manage >> Authentication >> Users tab. 

Only the administrative break glass account is allowed to have Authentication Method = Local. 

For all other accounts, Authentication Method = SAML.

If any local account, except the administrative break glass account, has Authentication Method set to other than "SAML", this is a finding.

Fix Text

Navigate to Prisma Cloud Compute Console's >> Manage >> Authentication >> Users tab.

Ensure only the break glass administrator account is a "local" account. 

Delete all other local accounts and use the SAML identity provider for all authentication and authorization to the Prisma Cloud Compute Console.