* [Blog](https://www.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com/blog/corporate/)
* [Government](https://www.paloaltonetworks.com/blog/category/government/)
* Navigating Federal Data P...

# Navigating Federal Data Protection Compliance Requirements in the Cloud

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2020%2F01%2Fcloud-federal-data-protection%2F)  
[](https://twitter.com/share?text=Navigating+Federal+Data+Protection+Compliance+Requirements+in+the+Cloud&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2020%2F01%2Fcloud-federal-data-protection%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2020%2F01%2Fcloud-federal-data-protection%2F&title=Navigating+Federal+Data+Protection+Compliance+Requirements+in+the+Cloud&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/2020/01/cloud-federal-data-protection/&ts=markdown)  
\[\](mailto:?subject=Navigating Federal Data Protection Compliance Requirements in the Cloud)  
Link copied  
By [Matthew Chiodi](https://www.paloaltonetworks.com/blog/author/matthew-chiodi/?ts=markdown "Posts by Matthew Chiodi")  
Jan 29, 2020  
4 minutes  
[Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown)  
[Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)  
[Cloud compliance](https://www.paloaltonetworks.com/blog/tag/cloud-compliance/?ts=markdown)  
[Compliance](https://www.paloaltonetworks.com/blog/tag/compliance/?ts=markdown)  
[Government](https://www.paloaltonetworks.com/blog/tag/government2/?ts=markdown)  
[Prisma Cloud](https://www.paloaltonetworks.com/blog/tag/prisma-cloud/?ts=markdown)

Government contractors and military suppliers are increasingly utilizing cloud services in the execution of their contracts. Many assume that if the cloud service provider's (CSP) underlying infrastructure is compliant then their work is complete.

**However,** **while the CSP's underlying infrastructure and services may meet Federal requirements, government contractors and suppliers must** ***establish*** **that** ***they*** **have cloud services configured in compliance with** [**NIST 800-171**](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171r1.pdf)**.** The challenge typically lies in the cloud's infamous [shared responsibility model](https://www.paloaltonetworks.com/cyberpedia/cloud-security-is-a-shared-responsibility?ts=markdown).

When using cloud services to process, store or transmit data related to work with the Federal government, contractors and vendors must ensure they are Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012 compliant. Doing this in the cloud across multiple accounts and service providers can be a challenge without the proper processes and tools in place.

**History**

In 2010, the White House issued Executive Order (EO) 13556 to address the hodgepodge of controls and processes surrounding the protection of [Controlled Unclassified Information](https://www.archives.gov/cui/about) (CUI). Following this Order, the Department of Defense (DoD) published its Final Rule in 2013, revising DFARS 252.204-7012. Originally relying upon NIST 800-53 r4 as the standard set of controls, this was later revised to use NIST 800-171. NIST 800-171 provides a list of controls through 14 control families. It also addresses cyber incident reporting. All of this is squarely directed at government contractors whose systems process, store or transmit CUI.

**Cloud Impact**

NIST 800-171 compliance is challenging for many in the Federal community for two primary reasons. Suppliers often use multiple public clouds across their various business units, and contractors regularly use multiple subcontractors in the execution of their contracts. Regardless of size, many are increasingly using cloud services to process, store or transmit CUI. In these cases, each and every cloud environment must be NIST 800-171 compliant for each of the 14 control families.

Continually monitoring compliance with NIST 800-171 is challenging, but this is made increasingly complex by the dynamic nature of cloud environments. **Consider that in the on-premises world, the lifespan of an application could often be measured in years. In the cloud, this lifespan drops to an average of just two hours!** This means that for many cloud resources if you are not continually monitoring compliance with NIST 800-171, it's highly likely you will miss key changes that could create potential compliance challenges. **While each of the cloud vendors offer some native security services within their platforms, this has proven to be insufficient for compliance and security across multiple cloud accounts and vendors.** When it comes to anything outside their ecosystem, the cloud vendors have little incentive to provide the visibility and compliance government contractors need with a multi-cloud strategy.

**Multi-cloud Continuous Compliance Monitoring**

When looking to ensure their multi-cloud strategy is compliant with NIST 800-171 and other Federal standards, it is important that security leaders and their teams keep visibility, compliance and security in clear focus. This is where cloud-agnostic security tools such as [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) by Palo Alto Networks can help.

![Prisma Cloud shows real-time compliance status of NIST 800-171](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/01/image1-8.png)

*Figure 1 - Prisma Cloud shows real-time compliance status of NIST 800-171*

Prisma Cloud is a comprehensive cloud-native security platform with broad security and compliance coverage---for applications, data and the entire cloud-native technology stack---throughout the development lifecycle and across multi- and hybrid cloud deployments. The Prisma Cloud integrated approach enables security operations and DevOps teams to stay agile, collaborate effectively and accelerate secure, cloud native application development and deployment.

Prisma Cloud also simplifies compliance by utilizing a comprehensive library of industry compliance standards and policies, including NIST 800-53, ISO 27000, SOC 2, NIST CSF and many others. **If your organization is subject to DFARS 252.204-7012 and NIST 800-171, Prisma Cloud is a powerful tool to help you navigate your regulatory obligations.** For those who require Federal Risk and Authorization Management Program (FedRAMP) security controls, [Prisma Cloud is part of Palo Alto Networks Government Cloud Services, which is currently In Process](https://www.paloaltonetworks.com/blog/2020/01/cloud-federal-clouds/?ts=markdown) with FedRAMP. This important milestone indicates progress for Prisma Cloud toward a FedRAMP Moderate Agency Authorization.

Learn more about how Palo Alto Networks and its cloud products, including Prisma Cloud, can help[secure federal networks](https://www.paloaltonetworks.com/security-for/government/federal?ts=markdown).

*** ** * ** ***

## Related Blogs

### [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown)

[#### Palo Alto Networks Extends ISO 27001 Certifications](https://www.paloaltonetworks.com/blog/2020/09/policy-iso-27001-certifications/)

### [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### Zero Trust for Cloud Users and Environments](https://www.paloaltonetworks.com/blog/2020/07/cloud-zero-trust-for-cloud/)

### [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### Cloud Native Security: Intention vs. Practice](https://www.paloaltonetworks.com/blog/cloud-security/cloud-native-security-intention-practice/)

### [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/sase/category/use-cases/?ts=markdown)

[#### Securing US Federal Agency Remote Workers and Branch Offices](https://www.paloaltonetworks.com/blog/2020/04/network-federal-agency-remote-workers/)

### [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### Securing the Software Development Supply Chain](https://www.paloaltonetworks.com/blog/cloud-security/cloud-software-development-supply-chain/)

### [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### Getting Cloud Smart: Security for Hybrid and Public Federal Clouds](https://www.paloaltonetworks.com/blog/2020/01/cloud-federal-clouds/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language