STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 5 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide

V-253547

CAT II (Medium)

Prisma Cloud Compute must run within a defined/separate namespace (e.g., Twistlock).

Rule ID

SV-253547r1137646_rule

STIG

Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide

Version

V2R3

CCIs

CCI-002530

Discussion

Namespaces are a key boundary for network policies, orchestrator access control restrictions, and other important security controls. Prisma Cloud Compute containers running within a separate and exclusive namespace will inherit the namespace's security features. Separating workloads into namespaces can help contain attacks and limit the impact of mistakes or destructive actions by authorized users.

Check Content

Inspect the Kubernetes namespace in which Prisma Cloud Compute is deployed:

$ kubectl get pods -n twistlock
NAME                                                           READY   STATUS    RESTARTS   AGE
twistlock-console-855744b66b-xs9cm     1/1       Running          0           4d6h
twistlock-defender-ds-99zj7                       1/1       Running          0           58d
twistlock-defender-ds-drsh8                      1/1       Running          0           58d

Inspect the list of pods.

If a non-Prisma Cloud Compute (does not start with "twistlock") pod is running in the same namespace, this is a finding.

Fix Text

Deploy the Prisma Cloud Compute Console and Defender containers within a distinct namespace.