* [Blog](https://www.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com/blog/corporate/)
* [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/)
* Palo Alto Networks Confor...

# Palo Alto Networks Conformance to the NCSC Cloud Security Principles

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2023%2F01%2Fconformance-to-the-ncsc-cloud-security-principles%2F)  
[](https://twitter.com/share?text=Palo+Alto+Networks+Conformance+to+the+NCSC+Cloud+Security+Principles&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2023%2F01%2Fconformance-to-the-ncsc-cloud-security-principles%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2023%2F01%2Fconformance-to-the-ncsc-cloud-security-principles%2F&title=Palo+Alto+Networks+Conformance+to+the+NCSC+Cloud+Security+Principles&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/2023/01/conformance-to-the-ncsc-cloud-security-principles/&ts=markdown)  
\[\](mailto:?subject=Palo Alto Networks Conformance to the NCSC Cloud Security Principles)  
Link copied  
By [Viv Danks](https://www.paloaltonetworks.com/blog/author/viv-danks/?ts=markdown "Posts by Viv Danks") and [Carla Baker](https://www.paloaltonetworks.com/blog/author/carla-baker/?ts=markdown "Posts by Carla Baker")  
Jan 05, 2023  
3 minutes  
[Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown)  
[Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown)  
[Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown)  
[Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)  
[Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)  
[Cloud Security](https://www.paloaltonetworks.com/blog/tag/cloud-security/?ts=markdown)  
[NCSC](https://www.paloaltonetworks.com/blog/tag/ncsc/?ts=markdown)  
[SLED](https://www.paloaltonetworks.com/blog/tag/sled/?ts=markdown)

In recent years, cloud has gone from being a small part of most companies' IT strategies to a critical business capability as organisations increasingly take a cloud-centric approach. Remote work, driven by Covid, has led to an explosion of deployed, cloud-based services. One of the advantages of cloud computing is that it has given organisations more choice in the types of technology and services they deploy. However, this proliferation of cloud adoption has made it harder for organisations to understand and assess what good services look like and how to differentiate among suppliers.

Coupled with the growth in the deployment of cloud services, there has been an exponential rise in the cyber attacks targeting the cloud. According to the [Palo Alto Networks 2022 Cortex Xpanse Attack Surface Threat Report](https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/reports/cortex_xpanse-attack-surface-threat-report.pdf?utm_source=marketo&utm_medium=email&utm_campaign=Global-DA-EN-22-03-23-7014u000001hMKrAAM-P3-Cortex-2022-asm-threat-report&ts=markdown), cloud continues to be a substantial and increasing target. In the data gathered from December 2021 to June 2022, cloud infrastructure issues rose from 80% to 91% of all observed cybersecurity issues. This is not surprising, given the speed at which organisations are deploying cloud services, and this is precisely why cloud service providers need to demonstrate to their customers that they take security seriously in the face of this threat landscape.

Fortunately, the UK National Cyber Security Centre (NCSC) recognised the challenging predicament many face and developed the NCSC Cloud Security Principles to help cloud consumers become better informed and enable them to ask the right questions of their cloud service providers. At Palo Alto Networks, we recently published our [conformance statement](https://www.paloaltonetworks.com/resources/whitepapers/palo-alto-networks-ncsc-vendor-response?ts=markdown) to the NCSC Cloud Security Principles.

### NCSC Guidance

The [14 NCSC Cloud Security Principles](https://www.ncsc.gov.uk/collection/cloud/the-cloud-security-principles) help organisations navigate the various challenges from a compliance, conformance and operational perspective, so they can choose cloud service providers in an informed, secure and trustworthy manner. This is key when those services are likely to come from multiple providers hosted on multiple cloud environments. Leveraging these principles can result in a more effective service with lower overall costs, including decreased risk and security exposure.

The Cloud Security Principles can be grouped into five overarching themes, set out as follows:

* Standards \& Protocols -- Principles 1-3 identify the key characteristics to ensure the service provides the necessary level of protection and separation for the users and their data.
* Fit for Purpose -- Principles 4-6 set out how the provider should have a transparent and trustworthy approach to ensuring the service is and remains safe and fit for purposes in the future.
* Supply Chain Trust -- Principles 7 and 8 focus on the need for provenance of the service.
* Secure in Operation -- Principles 9-13 focus on the need for the service to remain secure in operations and that the consumer achieves the correct level of access, visibility and granularity of control required to manage the risks.
* Secure by Design -- Principle 14 focuses on the need for the service provider (the expert on that service) to help the consumer maintain a secure service.

### Palo Alto Networks Commitment

At Palo Alto Networks, our most important responsibility is helping to ensure the security of our customers. To demonstrate this commitment to security, as well as transparency, the [Palo Alto Networks conformance statement](https://www.paloaltonetworks.com/resources/whitepapers/palo-alto-networks-ncsc-vendor-response?ts=markdown) to the NCSC Cloud Security Principles illustrates our compliance and transparency of alignment with all of the principles.

Our approach to the NCSC Principles is indicative of the position we have taken generally and internally with our [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown), where we have established a "trust but verify" model to our security controls. This global approach to transparent security allows our customers to continually evaluate our program and understand all of the security, compliance and privacy controls that are in place to protect our customers' most sensitive data.

*** ** * ** ***

## Related Blogs

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Predictions](https://www.paloaltonetworks.com/blog/category/predictions/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### 2026 Public Sector Cyber Outlook: Identity, AI and the Fight for Trust](https://www.paloaltonetworks.com/blog/2026/01/public-sector-cyber-outlook/)

### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### Bridging Cybersecurity and AI](https://www.paloaltonetworks.com/blog/2026/01/bridging-cybersecurity-and-ai/)

### [AI Governance](https://www.paloaltonetworks.com/blog/category/ai-governance/?ts=markdown), [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### A Secure Vision for Our AI-Driven Future](https://www.paloaltonetworks.com/blog/2025/07/secure-vision-ai-driven-future/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Education](https://www.paloaltonetworks.com/blog/category/education/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### CISA K-12 Report Blog](https://www.paloaltonetworks.com/blog/2023/02/cisa-k-12-report-blog/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### New Grant Program Is a Game-Changer for State and Local Governments](https://www.paloaltonetworks.com/blog/2022/09/new-cybersecurity-grant-program-is-a-game-changer/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### Palo Alto Networks Alignment to the UK NCSC Cyber Assessment Framework](https://www.paloaltonetworks.com/blog/2022/05/ncsc-cyber-assessment-framework/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language