Palo Alto Networks achieves FedRAMP
High Authorization across network,
cloud and security operations.

The Security, Trust, Assurance, and Risk (STAR) Registry is a publicly accessible registry that documents the security and privacy controls provided by popular cloud computing offerings.

The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. federal government-wide program that provides a standardized approach to the security assessment, authorization and continuous monitoring of cloud products and services.

The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. federal government-wide program that provides a standardized approach to the security assessment, authorization and continuous monitoring of cloud products and services.

ISO certification(s) demonstrates to customers that Palo Alto Networks has been independently assessed to have appropriate processes in place to help ensure the security and reliability of sensitive customer data.

The Payment Card Industry Data Security Standard (PCI DSS) is a global information security standard designed to prevent fraud through increased control of credit card data.

The Service Organization Control Type 2+ (SOC 2+) report evaluates a service provider's controls over security, availability, processing integrity, confidentiality and privacy, and includes additional criteria to ensure robust data protection and compliance with industry-specific requirements, fostering client trust.

GovRAMP brings SLED customers together to develop standards for cloud security, educate on best practices and recognize a common method for verifying the cloud security of service providers.

GovRAMP brings SLED customers together to develop standards for cloud security, educate on best practices and recognize a common method for verifying the cloud security of service providers.

Common Criteria for Information Technology Security Evaluation (Common Criteria or CC) is an international standard (ISO-IEC 15408) for evaluating IT products and systems. This certification framework provides assurance that the process of specification, implementation and evaluation of security measures has been conducted in a rigorous, standardized and repeatable manner. The National Information Assurance Partnership (NIAP) serves as the U.S. representative to the Common Criteria Recognition Arrangement (CCRA), which is composed of over 30 member nations.

The Commercial Solutions for Classified (CSfC) Program has been established by the U.S. National Security Agency (NSA). It enables organizations to transmit classified information using commercially available technology, including mobile and cloud systems. The program is primarily for U.S. government departments and contractors who handle classified information.

The Department of Defense Information Network Approved Products List (DODIN APL) is a U.S. military compliance framework. It includes a list of products that have completed cybersecurity and interoperability requirements. This framework applies to vendors intending to sell information technology products to the U.S. Department of Defense.

The Federal Information Processing Standard (FIPS) 140 is a U.S. government standard that defines the security requirements for cryptographic modules protecting sensitive information.

The Federal Information Processing Standard (FIPS) 140 is a U.S. government standard that defines the security requirements for cryptographic modules protecting sensitive information.

The U.S. government IPv6 (USGv6) is a technical standards profile for IPv6 for the procurement and deployment of IPv6-capable products and services within the U.S. federal government. This profile includes technical standards, testing and purchasing requirements to enable and expedite the deployment of IPv6 in the federal government's infrastructure and services. This framework aims to advance the adoption of IPv6 in government systems and ensure its successful integration.