Product Versions Supported: PAN-OS 9.0/9.1 based on the benchmark version support
The CIS benchmark v9.0.0 provides a description, rationale, audit, and remediation steps for a multitude of NGFW configuration benchmarks. Manually assessing the complete set of benchmarks can be highly time consuming.
This quickplay allows the user to leverage the NGFW API to query configuration and system state information, assess the various benchmarks, and then present the user with an online report showing pass/fail conditions. Not intended for an official audit, the quick preview allows for remediations ahead of a full audit or to provide periodic checks.
Note: This CIS quickplay does not replace a recommended Palo Alto Networks Best Practice Assessment (BPA). For more information, please visit the BPA Live Community
The output report provides a complete set of contextual information based on the CIS benchmark document:
summary of total test with pass/fail/action required counts
each benchmark grouped by section as found in the report
Level and Scored attributes for each benchmark
documentation links for each benchmark to assist with manual remediation steps
contextual pop-up insights showing why a benchmark failed
The Action Required Result
Some of the benchmark results are flagged as 'action required'. This denotes one of two outcomes:
The test hasn't been implemented due to technical limitations such as 'off-box' benchmarks or volumetric type checks that are deployment specific
The test hasn't been implemented and is marked as a 'roadmap item' for a future release