[](https://www.paloaltonetworks.com/?ts=markdown) * Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/?ts=markdown) * Products ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [AI Security](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) [![](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberark/Seamless_IDs_small.jpg) Identity Security](https://www.paloaltonetworks.com/identity-security?ts=markdown) * Solutions ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions Secure AI by Design * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) Network Security * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown) * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown) * [OT Security](https://www.paloaltonetworks.com/network-security/ot-security-solution?ts=markdown) * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown) * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown) * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown) * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown) * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown) * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) Cloud Security * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown) * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown) * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown) * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown) * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown) * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown) * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown) * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown) Security Operations * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown) * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown) * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown) * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown) * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown) * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown) * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown) * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown) * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown) * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown) Endpoint Security * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown) * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown) * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown) [Industries](https://www.paloaltonetworks.com/industry?ts=markdown) * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown) * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown) * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown) * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown) * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown) [![](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberark/Seamless_IDs_small.jpg) Identity Security](https://www.paloaltonetworks.com/identity-security?ts=markdown) * Services ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown) * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown) * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown) * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown) * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown) * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown) * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown) * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown) * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown) * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown) * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown) * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown) * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown) * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown) * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown) * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown) * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown) * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown) * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown) [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown) * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown) * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown) * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown) * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown) * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown) [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg) UNIT 42 RETAINER Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial. Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * Partners ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners NextWave Partners * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown) * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown) * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown) * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown) * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown) * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown) * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown) Take Action * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown) * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown) * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner) * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess) * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator) [CYBERFORCE CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise. Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown) * Company ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company Palo Alto Networks * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com) * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Military \& Veterans](https://jobs.paloaltonetworks.com/military) [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown) * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown) * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown) * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown) * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown) * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown) * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown) Careers * [Overview](https://jobs.paloaltonetworks.com/) * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/) [A Newsweek Most Loved Workplace "Businesses that do right by their employees" Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown) * More ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More Resources * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Tech Insider](https://techinsider.paloaltonetworks.com/) * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/) * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/) * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown) * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown) * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown) * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown) Connect * [LIVE community](https://live.paloaltonetworks.com/) * [Events](https://events.paloaltonetworks.com/) * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown) * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown) * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) [Blog Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity Learn more](https://www.paloaltonetworks.com/blog/) * Sign In ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) * [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown) Search All * [Tech Docs](https://docs.paloaltonetworks.com/search) Close search modal [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.paloaltonetworks.com/deploybravely?ts=markdown) [](https://www.paloaltonetworks.com/?ts=markdown) 1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) 2. [Identity Security](https://www.paloaltonetworks.com/cyberpedia/identity-security?ts=markdown) 3. [Identity Governance and Administration](https://www.paloaltonetworks.com/cyberpedia/what-is-modern-identity-governance-administration-iga?ts=markdown) 4. [Access Certification](https://www.paloaltonetworks.com/cyberpedia/what-is-access-certification?ts=markdown) Table of Contents * [What Is Modern IGA? Identity Governance Guide](https://www.paloaltonetworks.com/cyberpedia/what-is-modern-identity-governance-administration-iga?ts=markdown) * [Modern IGA Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-modern-identity-governance-administration-iga#explained?ts=markdown) * [The Evolution of Identity Governance: From Legacy to Modern](https://www.paloaltonetworks.com/cyberpedia/what-is-modern-identity-governance-administration-iga#evolution?ts=markdown) * [Core Mechanisms: How Modern IGA Functions](https://www.paloaltonetworks.com/cyberpedia/what-is-modern-identity-governance-administration-iga#core?ts=markdown) * [Key Benefits for the Modern Security Stack](https://www.paloaltonetworks.com/cyberpedia/what-is-modern-identity-governance-administration-iga#key?ts=markdown) * [Addressing the Non-Human Identity (NHI) Challenge](https://www.paloaltonetworks.com/cyberpedia/what-is-modern-identity-governance-administration-iga#challenge?ts=markdown) * [Modern IGA Challenges and Practical Solutions](https://www.paloaltonetworks.com/cyberpedia/what-is-modern-identity-governance-administration-iga#solutions?ts=markdown) * [Modern IGA FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-modern-identity-governance-administration-iga#faqs?ts=markdown) * What Is Access Certification? Benefits and Best Practices * [Why Access Certification Matters](https://www.paloaltonetworks.com/cyberpedia/what-is-access-certification#why?ts=markdown) * [How Access Certification Works](https://www.paloaltonetworks.com/cyberpedia/what-is-access-certification#how?ts=markdown) * [Types of Access Certification](https://www.paloaltonetworks.com/cyberpedia/what-is-access-certification#types?ts=markdown) * [What Access Certification Reviews](https://www.paloaltonetworks.com/cyberpedia/what-is-access-certification#access?ts=markdown) * [Use Cases \& Real-World Examples](https://www.paloaltonetworks.com/cyberpedia/what-is-access-certification#real-world?ts=markdown) * [Access Certification vs. Access Review](https://www.paloaltonetworks.com/cyberpedia/what-is-access-certification#certification?ts=markdown) * [Access Certification vs. Provisioning](https://www.paloaltonetworks.com/cyberpedia/what-is-access-certification#provisioning?ts=markdown) * [Access Certification and Least Privilege](https://www.paloaltonetworks.com/cyberpedia/what-is-access-certification#least?ts=markdown) * [Common Access Certification Challenges](https://www.paloaltonetworks.com/cyberpedia/what-is-access-certification#common?ts=markdown) * [Access Certification Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-access-certification#best?ts=markdown) * [Access Certification and Compliance](https://www.paloaltonetworks.com/cyberpedia/what-is-access-certification#access-certification?ts=markdown) * [How Access Certification Supports Identity Security](https://www.paloaltonetworks.com/cyberpedia/what-is-access-certification#how-access?ts=markdown) * [Signs Your Access Certification Process Needs Improvement](https://www.paloaltonetworks.com/cyberpedia/what-is-access-certification#signs?ts=markdown) * [The Future of Access Certification](https://www.paloaltonetworks.com/cyberpedia/what-is-access-certification#the-future?ts=markdown) * [Access Certification FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-access-certification#faqs?ts=markdown) * [What Is the DORA Act? Digital Operational Resilience Guide](https://www.paloaltonetworks.com/cyberpedia/what-is-the-dora-act?ts=markdown) * [DORA Act Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-the-dora-act#dora?ts=markdown) * [Who Must Comply with DORA Regulations?](https://www.paloaltonetworks.com/cyberpedia/what-is-the-dora-act#regulations?ts=markdown) * [The Five Pillars of Digital Operational Resilience](https://www.paloaltonetworks.com/cyberpedia/what-is-the-dora-act#operational?ts=markdown) * [The DORA Mandate: Integrating Governance with Systemic Resilience](https://www.paloaltonetworks.com/cyberpedia/what-is-the-dora-act#mandate?ts=markdown) * [DORA Readiness Checklist](https://www.paloaltonetworks.com/cyberpedia/what-is-the-dora-act#checklist?ts=markdown) * [Advanced Strategies for DORA Implementation](https://www.paloaltonetworks.com/cyberpedia/what-is-the-dora-act#advanced?ts=markdown) * [DORA vs. NIS2 and EBA: Navigating the Regulatory Overlap](https://www.paloaltonetworks.com/cyberpedia/what-is-the-dora-act#navigating?ts=markdown) * [Common Compliance Challenges and Pitfalls](https://www.paloaltonetworks.com/cyberpedia/what-is-the-dora-act#compliance?ts=markdown) * [DORA Act FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-the-dora-act#faq?ts=markdown) * [What Is NIST CSF 2.0? Core Functions \& Implementation](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-csf?ts=markdown) * [NIST CSF 2.0 Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-csf#csf?ts=markdown) * [Why NIST CSF 2.0 Matters](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-csf#why?ts=markdown) * [Six Core Functions of NIST CSF 2.0](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-csf#core?ts=markdown) * [Use Cases \& Real-World Examples](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-csf#cases?ts=markdown) * ["Compliance" With NIST CSF 2.0 (What People Usually Mean)](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-csf#compliance?ts=markdown) * [Identity Security in NIST CSF 2.0](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-csf#identity?ts=markdown) * [How to Implement NIST CSF 2.0](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-csf#implement?ts=markdown) * [NIST CSF 2.0 FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-csf#faq?ts=markdown) * [What Is Identity Governance and Administration?](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-governance-and-administration-iga?ts=markdown) * [Identity Governance and Administration (IGA) Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-governance-and-administration-iga#identity?ts=markdown) * [Core Pillars of Identity Governance and Administration](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-governance-and-administration-iga#core?ts=markdown) * [Why IGA Is Critical for Modern Enterprises](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-governance-and-administration-iga#why?ts=markdown) * [Business-Level Outcomes of IGA](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-governance-and-administration-iga#business?ts=markdown) * [Implementation Steps for an IGA Program](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-governance-and-administration-iga#implementation?ts=markdown) * [IGA and the Zero Trust Security Model](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-governance-and-administration-iga#model?ts=markdown) * [Operational Challenges and Attack Containment Behavior](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-governance-and-administration-iga#operaitonal?ts=markdown) * [Identity Governance and Administration (IGA) FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-governance-and-administration-iga#faqs?ts=markdown) * [What Is NIST SP 800-207? zero trust Architecture Framework](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207?ts=markdown) * [What Does NIST SP 800-207 Compliance Mean?](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207#what?ts=markdown) * [Why NIST SP 800-207 Matters Today](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207#why?ts=markdown) * [NIST Zero Trust Tenets](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207#nist?ts=markdown) * [Zero Trust Architecture Components](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207#components?ts=markdown) * [What Signals Inform A Trust Decision?](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207#decision?ts=markdown) * [How Trust Decisions Typically Work](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207#how?ts=markdown) * [Common Zero Trust Deployment Models](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207#models?ts=markdown) * [Benefits And Challenges](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207#benefits?ts=markdown) * [Practical Implementation Checklist](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207#practical?ts=markdown) * [NIST SP 800-207 FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207#faqs?ts=markdown) * [What Is Identity Lifecycle Management?](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management?ts=markdown) * [Identity Lifecycle Management Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management#explained?ts=markdown) * [The Four Pillars of Identity Lifecycle Management](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management#pillars?ts=markdown) * [Strategic Benefits: Why ILM Is a Cybersecurity Necessity](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management#benefits?ts=markdown) * [Real-World Use Cases for Identity Lifecycle Management](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management#use-cases?ts=markdown) * [Disrupting Attackers](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management#disrupting-attackers?ts=markdown) * [Modernizing ILM: Just-in-Time Access and Non-Standing](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management#modernizing-ilm?ts=markdown) * [Privilege](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management#privilege?ts=markdown) * [Critical Challenges and Solutions in Modern ILM Implementation](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management#challenges?ts=markdown) * [ILM vs. IAM](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management#ilm-vs-iam?ts=markdown) * [Identity Lifecycle Management FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management#faqs?ts=markdown) # What Is Access Certification? 5 min. read [Secure Every Identity](https://www.paloaltonetworks.com/identity-security?ts=markdown) Table of Contents * * [Why Access Certification Matters](https://www.paloaltonetworks.com/cyberpedia/what-is-access-certification#why?ts=markdown) * [How Access Certification Works](https://www.paloaltonetworks.com/cyberpedia/what-is-access-certification#how?ts=markdown) * [Types of Access Certification](https://www.paloaltonetworks.com/cyberpedia/what-is-access-certification#types?ts=markdown) * [What Access Certification Reviews](https://www.paloaltonetworks.com/cyberpedia/what-is-access-certification#access?ts=markdown) * [Use Cases \& Real-World Examples](https://www.paloaltonetworks.com/cyberpedia/what-is-access-certification#real-world?ts=markdown) * [Access Certification vs. Access Review](https://www.paloaltonetworks.com/cyberpedia/what-is-access-certification#certification?ts=markdown) * [Access Certification vs. Provisioning](https://www.paloaltonetworks.com/cyberpedia/what-is-access-certification#provisioning?ts=markdown) * [Access Certification and Least Privilege](https://www.paloaltonetworks.com/cyberpedia/what-is-access-certification#least?ts=markdown) * [Common Access Certification Challenges](https://www.paloaltonetworks.com/cyberpedia/what-is-access-certification#common?ts=markdown) * [Access Certification Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-access-certification#best?ts=markdown) * [Access Certification and Compliance](https://www.paloaltonetworks.com/cyberpedia/what-is-access-certification#access-certification?ts=markdown) * [How Access Certification Supports Identity Security](https://www.paloaltonetworks.com/cyberpedia/what-is-access-certification#how-access?ts=markdown) * [Signs Your Access Certification Process Needs Improvement](https://www.paloaltonetworks.com/cyberpedia/what-is-access-certification#signs?ts=markdown) * [The Future of Access Certification](https://www.paloaltonetworks.com/cyberpedia/what-is-access-certification#the-future?ts=markdown) * [Access Certification FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-access-certification#faqs?ts=markdown) 1. Why Access Certification Matters * * [Why Access Certification Matters](https://www.paloaltonetworks.com/cyberpedia/what-is-access-certification#why?ts=markdown) * [How Access Certification Works](https://www.paloaltonetworks.com/cyberpedia/what-is-access-certification#how?ts=markdown) * [Types of Access Certification](https://www.paloaltonetworks.com/cyberpedia/what-is-access-certification#types?ts=markdown) * [What Access Certification Reviews](https://www.paloaltonetworks.com/cyberpedia/what-is-access-certification#access?ts=markdown) * [Use Cases \& Real-World Examples](https://www.paloaltonetworks.com/cyberpedia/what-is-access-certification#real-world?ts=markdown) * [Access Certification vs. Access Review](https://www.paloaltonetworks.com/cyberpedia/what-is-access-certification#certification?ts=markdown) * [Access Certification vs. Provisioning](https://www.paloaltonetworks.com/cyberpedia/what-is-access-certification#provisioning?ts=markdown) * [Access Certification and Least Privilege](https://www.paloaltonetworks.com/cyberpedia/what-is-access-certification#least?ts=markdown) * [Common Access Certification Challenges](https://www.paloaltonetworks.com/cyberpedia/what-is-access-certification#common?ts=markdown) * [Access Certification Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-access-certification#best?ts=markdown) * [Access Certification and Compliance](https://www.paloaltonetworks.com/cyberpedia/what-is-access-certification#access-certification?ts=markdown) * [How Access Certification Supports Identity Security](https://www.paloaltonetworks.com/cyberpedia/what-is-access-certification#how-access?ts=markdown) * [Signs Your Access Certification Process Needs Improvement](https://www.paloaltonetworks.com/cyberpedia/what-is-access-certification#signs?ts=markdown) * [The Future of Access Certification](https://www.paloaltonetworks.com/cyberpedia/what-is-access-certification#the-future?ts=markdown) * [Access Certification FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-access-certification#faqs?ts=markdown) Access certification is a formal process within [identity governance](https://www.paloaltonetworks.com/cyberpedia/what-is-modern-identity-governance-administration-iga?ts=markdown) where designated reviewers validate and confirm user access rights to enterprise systems and data. This routine verification ensures that permissions align with current roles, effectively enforcing the [principle of least privilege](https://www.paloaltonetworks.com/cyberpedia/what-is-the-principle-of-least-privilege?ts=markdown) and mitigating risks like privilege creep. Key Points * **Privilege Creep Prevention:** Regular reviews eliminate unnecessary permissions accumulated as users change roles. \* **Regulatory Compliance Support:** Certification provides the audit trails required by mandates such as GDPR, NIST, SOC 2, HIPAA, NYDFS, DORA, and SOX. \* **Insider Threat Mitigation:** Periodic validation reduces the risk of unauthorized access from orphaned or over-permissioned accounts. \* **Operational Efficiency Gains:** Automated certification campaigns replace resource-intensive manual tracking, reducing administrative overhead. \* **Data Security Enhancement:** Restricting access to critical assets significantly lowers the probability of a successful data breach. ![A technical flowchart illustrating the access certification lifecycle: defining scope, launching campaigns, reviewer decision (approve/revoke), and automated de-provisioning.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-access-certification.png "A technical flowchart illustrating the access certification lifecycle: defining scope, launching campaigns, reviewer decision (approve/revoke), and automated de-provisioning.") ***Figure 1: Conceptual Workflow of a Modern Access Certification Cycle*** ## Why Access Certification Matters Access is one of the most common paths to compromise. Attackers do not always need to break in if they can log in using valid credentials, hijack an overprivileged account, or abuse standing permissions that were never removed. That makes access certification a practical [identity security](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-security?ts=markdown) control, not just an administrative exercise. When access certification is weak or inconsistent, organizations often face familiar problems: * Former employees retain access after departure * Users keep privileges from prior roles * Contractors retain access long after projects end * Sensitive applications accumulate too many approved users * Privileged access is granted broadly and rarely reviewed * Service accounts operate with little visibility or ownership * Toxic combinations of access create segregation-of-duties risk A strong certification program helps organizations reduce these issues before they turn into incidents, audit findings, or operational failures. ## How Access Certification Works At a high level, access certification is a structured review cycle. The organization identifies a set of users, roles, systems, or entitlements to review, assigns reviewers, and requires them to approve, revoke, or modify access based on current business needs. A typical access certification process includes the following steps: ### 1. Define the Scope The organization determines what will be reviewed. This may include: * User accounts * Group memberships * Application entitlements * Privileged roles * Shared accounts * Service accounts * Third-party access * Cloud permissions * Sensitive data access Some reviews focus on a single application. Others span departments, roles, or enterprise-wide privileged access. ### 2. Assign Reviewers Reviews are typically performed by managers, application owners, data owners, or system owners. In some cases, reviewers may be responsible for certifying access for: * Their direct reports * Users of a specific system * Access to regulated data * Privileged administrators * External vendors and partners The right reviewer is the person best positioned to decide whether access is still justified. ### 3. Present Access Data Reviewers receive a list of users and their current permissions. The quality of this step matters. If the access data is incomplete, unclear, or filled with technical jargon, reviewers may approve access blindly. Effective certification campaigns present: * The user's name and role * The application or system * The specific entitlement or privilege * The business context for the access * Risk indicators, where available * Last-used data, where available * Ownership and justification details Good certification depends on understandable data. Otherwise, the review becomes theater. ### 4. Review and Decide The reviewer evaluates whether each access right should remain in place. Common outcomes include: * **Approve:** Access is still needed * **Revoke:** Access is no longer needed * **Modify:** Access should remain, but at a different level * **Reassign:** The reviewer cannot determine the appropriate action and routes it elsewhere This stage should be based on business necessity, role alignment, and risk, not habit or convenience. ### 5. Remediate Changes Once decisions are made, revocations and changes must be carried out. This is where many programs fall short. A review that identifies unnecessary access but never removes it is not much of a control. Mature programs connect certification outcomes to automated remediation workflows, so approved changes are enforced consistently. ### 6. Record Results for Auditability Organizations need evidence that reviews occurred, who completed them, what decisions were made, and when remediation was performed. This creates an auditable trail and helps demonstrate [compliance](https://www.paloaltonetworks.com/cyberpedia/cybersecurity-compliance-and-regulations?ts=markdown). ## Types of Access Certification Not every certification campaign looks the same. Organizations usually combine several review types depending on risk, system criticality, and compliance needs. ### Manager Certification Managers review the access held by their direct reports. This is one of the most common certification methods because managers usually understand whether an employee still needs access to perform their job. ### Application Owner Certification Application owners review who has access to a particular application or platform. This works well for business-critical systems like ERP, CRM, finance, HR, or security tools. ### Role-Based Certification The organization reviews role definitions and the entitlements assigned to each role. This helps ensure that roles remain aligned with real job functions and do not accumulate unnecessary privileges over time. ### Privileged Access Certification High-risk accounts with administrative or elevated privileges receive focused review. Because privileged accounts have a disproportionate impact, these reviews are often more frequent and more tightly controlled. ### Event-Driven Certification Certification is triggered by a specific event, such as: * Role change * Department transfer * Termination * Merger or acquisition * New application onboarding * Policy violation * Risk detection This is often more effective than relying only on annual campaigns. ### Compliance-Driven Certification Some reviews are scheduled specifically to support regulatory or internal control requirements for access to financial systems, customer data, health data, or critical infrastructure. ## What Access Certification Reviews Access certification can cover a wide range of identities and permissions, including: | **Review Area** | **What Is Evaluated** | **Common Risk** | | Employee access | Access to business apps, systems, and shared resources | Users keep access after role changes | | Privileged access | Admin rights, root access, domain privileges, cloud admin roles | Excessive control and high-impact misuse | | Third-party access | Vendor, partner, and contractor access | Persistent external access with weak oversight | | Service accounts | Non-human accounts used by apps and automation | Unowned accounts with broad permissions | | SaaS entitlements | Access inside cloud apps such as CRM, HR, file sharing, and collaboration tools | Overexposure of sensitive data | | Cloud permissions | IAM roles, policies, and privilege assignments across cloud platforms | Excessive entitlements and lateral movement | | Sensitive data access | Access to regulated or business-critical information | Data exposure and compliance failures | |-----------------------|---------------------------------------------------------------------------------|------------------------------------------------| ## Use Cases \& Real-World Examples [Unit 42 research](https://www.paloaltonetworks.com/prisma/unit42-cloud-threat-research?ts=markdown) highlights that nearly half of all successful intrusions involve compromised credentials. Attackers frequently exploit "orphaned" accounts belonging to former employees to gain a foothold. Access certification acts as a proactive defense by ensuring these accounts are revoked immediately upon termination. In cloud environments, [machine identities](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity?ts=markdown) outnumber human identities by 82 to 1. Unit 42 investigators found that identity misconfigurations played a material role in almost 90% of investigations in 2025. Regular access certification helps security teams detect these "invisible" over-permissioned service accounts before they are exploited for large-scale data exfiltration. ## Access Certification vs. Access Review The terms are closely related and sometimes used interchangeably, but they are not always identical. An access review is the broader act of examining permissions. An access certification usually refers to a more formal, governed review process with documented attestation and auditable outcomes. In practice: * An access review can be informal or operational * An access certification is typically structured, recurring, and auditable That formal element is what makes certification especially important in governance and compliance programs. ## Access Certification vs. Provisioning Provisioning grants access. Certification validates whether that access should continue. These processes are related but serve different purposes: | Process | Primary Goal | | Provisioning | Grant users the access they need | | Deprovisioning | Remove access when it is no longer needed | | Access certification | Periodically verify that granted access is still appropriate | |----------------------|--------------------------------------------------------------| Without certification, provisioning tends to move in one direction: more access, more exceptions, more risk. ## Access Certification and Least Privilege Least privilege means giving identities only the minimum access required to perform approved tasks. Access certification is one of the primary ways organizations maintain least privilege over time. That matters because access environments change constantly. People change jobs. Applications evolve. Teams inherit responsibilities. Emergency access becomes permanent. A permission that made sense six months ago may be completely unjustified today. Certification helps correct those mismatches by forcing periodic revalidation of access decisions. In that sense, access certification is not separate from least privilege. It is one of the mechanisms that help ensure least privilege is not just a slogan but a reality. ## Common Access Certification Challenges Many organizations claim to perform access certification. Far fewer do it well. The usual obstacles are not mysterious. ### Poor Data Quality If reviewers cannot understand what an entitlement means, they cannot make a sound decision. Ambiguous group names, missing ownership, and incomplete context lead to rubber-stamp approvals. ### Too Many Manual Reviews Large enterprises may have thousands of applications and millions of entitlements. Manual spreadsheets and email-based campaigns do not scale. ### Review Fatigue When reviewers are asked to approve large volumes of access with little context, they often click through the process as quickly as possible. That creates the appearance of control without the substance. ### No Risk Prioritization Not all access is equally important. Reviewing low-risk access with the same urgency as domain admin privileges does not waste time or attention. ### Weak Remediation Identifying inappropriate access is only half the job. If revocation is slow, inconsistent, or disconnected from the review process, risk remains in place. ### Limited Visibility into Non-Human Identities Service accounts, API keys, machine identities, and application-to-application permissions are often underreviewed even though they can carry significant privilege. ## Access Certification Best Practices Implementing a resilient access certification program requires a strategic shift from manual, "check-the-box" exercises to automated, risk-based workflows. Effective certification ensures that user permissions remain strictly aligned with current job functions while minimizing the burden on business managers. By following these industry best practices, organizations can strengthen their security posture, simplify regulatory audits, and eliminate the hidden risks associated with privilege creep. **Access Certification Best Practices** | Implementation Step | Technical Description | Business Value | | Enforce Least Privilege | Limit user permissions to the absolute minimum required for their current role. | Reduces the attack surface and potential blast radius of a breach. | | Automate Workflows | Use IGA platforms to schedule periodic or event-based certification campaigns. | Increases accuracy and reduces manual effort for IT and business managers. | | Contextual Reviews | Provide reviewers with data on last login, role changes, and resource sensitivity. | Enables more informed decision-making and reduces "rubber-stamping" of access. | | Maintain Audit Logs | Every certification action must be logged in a tamper-proof audit trail. | Streamlines compliance audits for HIPAA, SOX, and ISO 27001. | |-------------------------|------------------------------------------------------------------------------------|--------------------------------------------------------------------------------| ## Access Certification and Compliance Access certification plays a major role in many compliance and audit programs because organizations must demonstrate that access to sensitive systems is reviewed and controlled. Depending on the environment, certification can help support requirements related to: * Financial controls * Privacy and data protection * Healthcare data access * Internal governance standards * Segregation of duties * Privileged access oversight * Audit readiness Auditors often want evidence that access is granted appropriately, reviewed regularly, and removed when no longer needed. Certification helps provide that proof. Still, compliance is not the whole story. A program built solely to satisfy auditors often becomes a paperwork exercise. A good program supports both compliance and actual risk reduction. ## How Access Certification Supports Identity Security Identity has become a primary control plane in enterprise security. That means access certification now sits closer to [security operations](https://www.paloaltonetworks.com/cyberpedia/what-is-security-operations?ts=markdown) than many organizations once assumed. Certification supports identity security by helping organizations: * Reduce standing access * Detect overprivileged identities * Limit lateral movement opportunities * Govern privileged and third-party access * Strengthen [zero trust](https://www.paloaltonetworks.com/cyberpedia/what-is-zero-trust?ts=markdown) principles * Improve visibility across human and [non-human identities](https://www.paloaltonetworks.com/cyberpedia/what-is-a-non-human-identity?ts=markdown) In mature security models, access certification is not isolated inside HR or compliance workflows. It connects with broader controls such as [privileged access management](https://www.paloaltonetworks.com/cyberpedia/what-is-privileged-access-management?ts=markdown) (PAM), [identity threat detection and response](https://www.paloaltonetworks.com/cyberpedia/identity-threat-detection-and-response-itdr?ts=markdown) (ITDR), role governance, and lifecycle management. ## Signs Your Access Certification Process Needs Improvement A certification process likely needs work if any of the following are true: * Reviews are done mainly in spreadsheets * Managers approve everything by default * Revocations take weeks or months * Service accounts are not reviewed * Third-party access is poorly tracked * Entitlement names are confusing or meaningless * Reviews happen only once a year * Audit evidence is difficult to produce * Users retain access after internal transfers * Privileged access is broadly approved without challenge That is not governance. That is drift with paperwork attached. ## The Future of Access Certification Access certification is moving away from static, periodic review cycles toward more continuous and risk-aware models. That shift includes: * Greater use of automation and AI * More event-driven reviews * Better visibility into SaaS and cloud entitlements * Better visibility into AI agent identities * Integration with identity security platforms * Stronger focus on machine identities and service accounts * Risk-based decision support for reviewers * Tighter connection to least privilege and Zero Trust programs The old model of annual blanket review campaigns is increasingly inadequate for environments shaped by cloud, SaaS, APIs, contractors, automation, and distributed workforces. Organizations need certification that is timely, contextual, and enforceable. ## Access Certification FAQs ### What is the difference between an access review and access certification? Access certification is a formal, periodic process involving a designated certifier who signs off on access rights for compliance. Access reviews are often less formal and may occur ad hoc, with less rigorous documentation and audit requirements. ### How often should access certification be performed? The frequency depends on the data's sensitivity and regulatory requirements. Organizations typically review privileged accounts monthly or quarterly, while standard user access may be reviewed biannually or annually. ### What is privilege creep? Privilege creep occurs when users accumulate access rights over time as they move between projects or departments without losing their old permissions. Regular access certification identifies and removes these unnecessary legacy grants. ### Can AI improve the access certification process? AI can automate the identification of high-risk access patterns and recommend remediation for anomalous permissions. This helps human reviewers focus on the most critical access decisions rather than bulk approvals. ### What happens when access is revoked during certification? When a reviewer identifies inappropriate or unnecessary access, the IGA system automatically revokes the privilege via automated workflow. This ensures that the user's effective permissions immediately align with the principle of least privilege. ![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=What%20Is%20Access%20Certification%3F%20Benefits%20and%20Best%20Practices&body=Learn%20how%20access%20certification%20prevents%20privilege%20creep%2C%20ensures%20regulatory%20compliance%2C%20and%20secures%20high-value%20assets%20within%20an%20identity%20security%20framework.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/what-is-access-certification) Back to Top [Previous](https://www.paloaltonetworks.com/cyberpedia/what-is-modern-identity-governance-administration-iga?ts=markdown) What Is Modern IGA? Identity Governance Guide [Next](https://www.paloaltonetworks.com/cyberpedia/what-is-the-dora-act?ts=markdown) What Is the DORA Act? Digital Operational Resilience Guide {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language