Rule ID
SV-253533r960963_rule
Version
V2R3
CCIs
CCI-000381, CCI-001774
The Prisma Cloud Compute Trusted Images feature allows the declaration, by policy, of which registries, repositories, and images to trust and how to respond when untrusted images are started in the organization's environment. Satisfies: SRG-APP-000141-CTR-000320, SRG-APP-000386-CTR-000920
Navigate to Prisma Cloud Compute Console's >> Defend >> Compliance Trusted Images tab. Select the "Trust groups" tab. If there is no Group, this is a finding. Select the "Policy" tab. If the Trusted Images Rules is set to "off", this is a finding. If a rule does not exist, this is a finding. Click the three dots in the "Actions" column for rule. If the policy is disabled, this is a finding. Click the policy row. If the policy is not scoped to "All", this is a finding.
Navigate to Prisma Cloud Compute Console's >> Defend >> Compliance >> Trusted Images tab. Select the "Trust groups" tab. Create a trusted group: - Click "Add Group". Name: "IronBank" - Specify a registry or repository: https://ironbank.dso.mil - Click "Add to group". - Specify a registry or repository: https://registry1.dso.mil/ (There are two group images total.) - Click "Save". Select the "Policy" tab. Set the Trusted Images Rules to "on". If a rule does not exist: - Click "Add rule". Rule name = "IronBank" Scope = "All" Allowed: - Click "Select groups". - Select "IronBank". - Click "Apply". - Keep all defaults and click "Save". Enable policy: - Click the "Default - alert all components" policy three-dot menu. - Set to "Enable". Policy row scope: - Click the policy rows. - Change the policy scope to all images and containers within the intended monitored environment. - Click "Save".