STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 5 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide

V-253544

CAT I (High)

Prisma Cloud Compute must be configured to scan images that have not been instantiated as containers.

Rule ID

SV-253544r961473_rule

STIG

Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide

Version

V2R3

CCIs

CCI-000381

Discussion

Prisma Cloud Compute ships with "only scan images with running containers" set to "on". To meet the requirements, "only scan images with running containers" must be set to "off" to disable or remove components that are not required.

Check Content

Navigate to Prisma Cloud Compute Console's >> Manage >> System >> Scan tab. 

Verify that for Running images, For Running images, "Only scan images with running containers" is set to "Off".

If "Only scan images with running containers" is set to "On", this is a finding.

Fix Text

Navigate to Prisma Cloud Compute Console's >> Manage >> System >> Scan tab. 

For Running images:
- Set "Only scan images with running containers" = "Off".
- Click "Save".