IoT Security and FedRAMP

IoT Security is authorized for FedRAMP Moderate.
Federal Risk and Authorization Management Program (FedRAMP) is a U.S. government program that promotes the use of secure cloud services by the federal government. Cloud computing systems categorized at the Moderate security impact level in accordance with the FIPS Publication 199 security categorization are authorized to store and process government data. The Palo Alto Networks IoT Security cloud is FedRAMP Moderate authorized.
The IoT Security FedRAMP Moderate solution is intended for use by U.S. government agencies requiring a standardized approach to the security assessment, authorization, and continuous monitoring of cloud products and services. It is also intended for use by commercial entities that do business with the U.S. government. The IoT Security FedRAMP Moderate solution operates as a separate and distinct entity.
The IoT Security commercial solution and the IoT Security FedRAMP Moderate solution have the following differences:
  • You must purchase an additional SKU to get an IoT Security FedRAMP Moderate solution: PAN-IOT-FEDRAMP-MOD.
  • The IoT Security FedRAMP Moderate solution permits only FedRAMP-authorized personnel access to data.
  • When integrating with third-party products, use a full on-premises Cortex XSOAR server. FedRAMP recommends running on-premises components of the solution using a vendor-approved FIPS version that complies with the FIPS 140-2 standard.
    Using an on-premises Cortex XSOAR server for IoT Security third-party integrations does not require the purchase of an IoT Security third-party add-on license.
When using next-generation firewalls in FIPS mode, IoT Security policy rule recommendations and enforcement based on Device-ID are not currently supported.
For more information about Palo Alto Networks IoT Security FedRAMP authorization, visit these websites:

Recommended For You