To make sure that your Panorama Managed Prisma Access is compliant with FedRAMP, use
these guidelines and requirements when installing, activating, setting up for the first
time, and configuring Prisma Access.
To ensure that Prisma Access stays in compliance with FedRAMP Moderate
requirements, make sure that your Panorama Managed Prisma Access deployment uses the
following Panorama, Cloud Services plugin, and GlobalProtect versions.
Component
Required Version
Panorama PAN-OS version
10.2.8-h3 or a later 10.2.8 hotfix PAN-OS version
10.2.9-h1 or a later 10.2.9 hotfix PAN-OS version
Enabling the Processing Standard and Common Criteria (FIPS-CC) on the Panorama
that manages Prisma Access is the recommended best practice aligned
with FedRAMP controls. Enabling FIPS-CC support on Panorama requires
accessing the Maintenance Recovery Tool
(MRT).
To simplify the installation and activation process, you can
select an existing Panorama you have already configured in FIPS
mode, if you have registered Panorama, installed the licenses,
and activated the support license on the Customer Support Portal
(CSP). If you have added the Panorama serial number
to the same CSP account on which you want to deploy Prisma
Access, you can select the serial number of this Panorama
appliance during installation.
You cannot use a Panorama that has been used to manage another Prisma
Access or Strata Logging Service deployment.
