: IoT Security and FedRAMP
Focus
Focus

IoT Security and FedRAMP

Table of Contents

IoT Security
and FedRAMP

IoT Security
is authorized for FedRAMP Moderate.
Federal Risk and Authorization Management Program (FedRAMP) is a U.S. government program that promotes the use of secure cloud services by the federal government. Cloud computing systems categorized at the Moderate security impact level in accordance with the FIPS Publication 199 security categorization are authorized to store and process government data. The Palo Alto Networks
IoT Security
cloud is FedRAMP Moderate authorized.
The
IoT Security
FedRAMP Moderate solution is intended for use by U.S. government agencies requiring a standardized approach to the security assessment, authorization, and continuous monitoring of cloud products and services. It is also intended for use by commercial entities that do business with the U.S. government. The
IoT Security
FedRAMP Moderate solution operates as a separate and distinct entity.
The
IoT Security
commercial solution and the
IoT Security
FedRAMP Moderate solution have the following differences:
  • You must purchase an additional SKU to get an
    IoT Security
    FedRAMP Moderate solution: PAN-IOT-FEDRAMP-MOD.
  • The
    IoT Security
    FedRAMP Moderate solution permits only FedRAMP-authorized personnel access to data.
  • Because Palo Alto Networks enforces strict incoming security policy rules for FedRAMP tenants, you must provide Palo Alto Networks customer services with a list of IP addresses for the administrative users who will be accessing your
    IoT Security
    portal. When user traffic to the portal passes through a NAT device on a perimeter firewall, edge router, or VPN gateway, provide the IP address to which NAT translates the users’ original IP addresses. After you submit a support ticket with these addresses, customer services will create an allow list for the addresses you provided, which will let users log in from these addresses and access the portal.
  • When integrating with third-party products, use a full on-premises Cortex XSOAR server. FedRAMP recommends running on-premises components of the solution using a vendor-approved FIPS version that complies with the FIPS 140-2 standard.
    Using an on-premises
    Cortex XSOAR
    server for
    IoT Security
    third-party integrations does not require the purchase of an
    IoT Security
    Third-party Integration Add-on license.
When using next-generation firewalls in FIPS mode,
IoT Security
policy rule recommendations and enforcement based on Device-ID are not currently supported. In fact, because the primary purpose of the
IoT Security
FedRAMP Moderate solution is the discovery and identification of devices on the network and not the enforcement of Security policy rules,
IoT Security
does not even send firewalls the IP address-to-device mappings that are essential for Device-ID to work.
For more information about Palo Alto Networks
IoT Security
FedRAMP authorization, visit these websites:

Recommended For You