This section contains guidance for the implementation of Prisma Cloud Compute in public-sector organizations. Please check up on this site as guidance may change over time.

Prisma Cloud Enterprise Edition is in process for FedRAMP Moderate certification. The Prisma Cloud Compute module is not within the boundaries of this certification and is not available within the FedRAMPed Prisma Cloud Console. Customers requiring FedRAMP certification should use the self-hosted version, Prisma Cloud Compute Edition. For customers offering their own FedRAMP services that use Prisma Cloud Compute to facilitate in their service’s FedRAMP certification, GSA has drafted guidance for the FedRAMP Vulnerability Scanning Requirements for the Deployment and use of Containers.

The configuration settings for Prisma Cloud Compute’s features and functions to support an organization’s FedRAMP certification can be found here.

Prisma Cloud Compute has been assessed to the Application Security and Development Security Technical Implementation Guide Version 4, Release: 11 Benchmark Date: 24 Jul 2020.

The findings based upon the vulnerability severity category codes can be found here.

Every release of Prisma Cloud Compute we perform an SCAP scan of the Console and Defender images. The scan is performed using OpenSCAP using:

from the Compliance as Code GitHub repository. All Prisma Cloud Compute findings are posted here.