IoT Security and FedRAMP
Table of Contents
Expand all | Collapse all
-
- Firewall and PAN-OS Support of IoT Security
- IoT Security Prerequisites
- Onboard IoT Security
- Onboard IoT Security on VM-Series with Software NGFW Credits
-
- DHCP Data Collection by Traffic Type
- Firewall Deployment Options for IoT Security
- Configure a Pre-PAN-OS 10.0 Firewall with a DHCP Server
- Configure a Pre-PAN-OS 10.0 Firewall for a Local DHCP Server
- Use a Tap Interface for DHCP Visibility
- Use a Virtual Wire Interface for DHCP Visibility
- Use SNMP Network Discovery to Learn about Devices from Switches
- Use Network Discovery Polling to Discover Devices
- Use ERSPAN to Send Mirrored Traffic through GRE Tunnels
- Use DHCP Server Logs to Increase Device Visibility
- Plan for Scaling when Your Firewall Serves DHCP
- Prepare Your Firewall for IoT Security
- Configure Policies for Log Forwarding
- Control Allowed Traffic for Onboarding Devices
- Support Isolated Network Segments
- IoT Security Integration with Prisma Access
- IoT Security Licenses
- Offboard IoT Security Subscriptions
-
- Introduction to IoT Security
- IoT Security Integration with Next-generation Firewalls
- IoT Security Portal
- Vertical-themed Portals
- Device-to-Site Mapping
- Sites and Site Groups
- Networks
- Network Segments Configuration
- Reports
- IoT Security Integration Status with Firewalls
- IoT Security Integration Status with Prisma Access
- Data Quality Diagnostics
- Authorize On-demand PCAP
- IoT Security Integrations with Third-party Products
- IoT Security and FedRAMP
IoT Security and FedRAMP
IoT Security is authorized for FedRAMP Moderate.
The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. government program that
promotes the use of secure cloud services by the federal government. Cloud computing
systems categorized at the Moderate security impact level in accordance with the FIPS
Publication 199 security categorization are authorized to store and process government
data. The Palo Alto Networks IoT Security cloud is FedRAMP Moderate authorized.
The IoT Security FedRAMP Moderate solution is intended for use by U.S. government agencies
requiring a standardized approach to the security assessment, authorization, and
continuous monitoring of cloud products and services. It is also intended for use by
commercial entities that do business with the U.S. government. The IoT Security
FedRAMP Moderate solution operates as a separate and distinct entity.
The IoT Security commercial solution and the IoT Security FedRAMP Moderate solution
have the following differences:
- You must purchase an additional SKU to get an IoT Security FedRAMP Moderate solution.
- The IoT Security FedRAMP Moderate solution permits only FedRAMP-authorized personnel access to data.
- Because Palo Alto Networks enforces strict incoming security policy rules for FedRAMP tenants, you must provide Palo Alto Networks customer services with a list of IP addresses for the administrative users who will be accessing your IoT Security portal. When user traffic to the portal passes through a NAT device on a perimeter firewall, edge router, or VPN gateway, provide the IP address to which NAT translates the users’ original IP addresses. After you submit a support ticket with these addresses, customer services will create an allow list for the addresses you provided, which will let users log in from these addresses and access the portal.
- When integrating with third-party products, use a full on-premises Cortex XSOAR server. FedRAMP recommends running on-premises components of the solution using a vendor-approved FIPS version that complies with the FIPS 140-2 standard.Using an on-premises Cortex XSOAR server for IoT Security third-party integrations does not require the purchase of an IoT Security Third-party Integration Add-on license.
IoT Security supports Security policy rule recommendations and Device-ID based automated Zero Trust enforcement for
Prisma Access and for next-generation firewalls in
FIPS mode.
Configure PAN-OS Edge Services to retrieve Device-ID verdicts and IoT Security Policy Recommendations
using the CLI.
fw> configure fw# set deviceconfig setting iot edge address \ iot.services-edge.pubsec-cloud.paloaltonetworks.com fw# commit fw# quit fw> debug software restart process icd
For more information about Palo Alto Networks IoT Security FedRAMP authorization, visit these websites:
- Official website for FedRAMP
- Palo Alto Networks solutions on FedRAMP Marketplace
- Palo Alto Networks website for FedRAMP Authorized Services