STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 5 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide

V-253546

CAT II (Medium)

Prisma Cloud Compute Defender containers must run as root.

Rule ID

SV-253546r1050656_rule

STIG

Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide

Version

V2R3

CCIs

CCI-001067

Discussion

In certain situations, the nature of the vulnerability scanning may be more intrusive, or the container platform component that is the subject of the scanning may contain highly sensitive information. To protect the sensitive nature of such scanning, Prisma Cloud Compute Defenders perform the vulnerability scanning function. The Defender container must run as root and not privileged.

Check Content

Verify that when deploying the Defender via daemonSet, "Run Defenders as privileged" is set to "On".

Verify the Defender containers were deployed using the daemonSet.yaml in which the securityContext is privileged (privileged = "on").

If "Run Defenders as privileged" is not set to "On" or the Defender containers were not deployed using the daemonSet.yaml in which the securityContext - privileged = "on", this is a finding.

Fix Text

Redeploy the Defender with appropriate rights by setting "Run Defenders as privileged" to "On".

Delete the old twistlock-defender-ds daemonSet and redeploy daemonSet with the new yaml in which the securityContext - privileged = "on".