Prisma Cloud takes the next step in working toward Federal Risk and Authorization Management Program (FedRAMP) High authorization and has achieved the "in process" milestone on the FedRAMP Marketplace.
In its commitment to be the government's cybersecurity partner of choice, Palo Alto Networks provides unparalleled support for federal organizations with dedicated investment in providing tools for a safer and more secure digital world.
Government Cloud Adoption
The modernization of tech stacks across the U.S. government presents agencies and departments with opportunities to increase speed and agility. Gartner reports, “Approximately 1,358 of the 7,772 projects in the U.S. federal government’s IT portfolio were using cloud services, with another 1,800 projects migrating or considering the use of cloud services.”1 This trend highlights the growing significance of cloud adoption within the government sector.
Transitioning to cloud-delivered services brings new security challenges. Government agencies, such as law enforcement, emergency services systems, financial systems and health systems have stringent security requirements. In the event of a breach, sensitive data could be exposed.
Operationalizing cloud security presents challenges, particularly blind spots for organizations adopting siloed tools that don’t integrate. Ultimately, powerful insights are left on the table. Consider cloud security posture management (CSPM), cloud infrastructure and entitlement management (CIEM), and data security. Lacking the capacity to cross-correlate risk factors such as misconfigurations, overly permissive identities and sensitive data creates gaps that lead to ineffective threat analysis and poor risk prioritization. Weaknesses can’ be traced to their source, which leaves potential attack paths undiscovered and organizations at risk.
In contrast to siloed security, CNAPPs enable organizations to consistently apply security best practices throughout the entire cloud-native application lifecycle. With a CNAPP, teams can begin implementing security checks during code development, gain comprehensive visibility into cloud resources in their environment, and actively block attacks as they occur. By connecting powerful insights, identifying attack paths and tracing security weaknesses back to their origin, CNAPPs provide unmatched security.
Advancing Toward FedRAMP High Authorization
Palo Alto Networks has had a long relationship with the FedRAMP program. In 2020, Prisma Cloud achieved Moderate ATO for our CSPM and CIEM capabilities.
In March 2023, Palo Alto Networks announced that it had been selected by the Joint Advisory Board (JAB) and was pursuing FedRAMP High authorization for Prisma Cloud. Palo Alto Networks has since been undergoing the JAB authorization process to uplevel Prisma Cloud from FedRAMP Moderate to FedRAMP High and expand the number of supported capabilities from 2 to 10.
In January 2024, Palo Alto Networks achieved in-process status for FedRAMP impact level High for Prisma Cloud services, as illustrated in Table 1.
Prisma Cloud Module | FedRAMP
Moderate |
FedRAMP High |
Visibility, Compliance and Governance (CSPM) | Authorized | In Process |
IAM Security (CIEM) | Authorized | In Process |
Threat Detection | N/A | In Process |
Host Security | N/A | In Process |
Container Security | N/A | In Process |
Serverless Security | N/A | In Process |
Web Application and API Security | N/A | In Process |
Infrastructure as Code Security | N/A | In Process |
Software Composition Analysis | N/A | In Process |
Secrets Security | N/A | In Process |
Table 1: Prisma Cloud’s current FedRAMP status by capability
Why Prisma Cloud for Federal?
Prisma Cloud is a single, integrated platform that protects applications from code to cloud, preventing breaches and reducing risks in near real time across the application lifecycle. Unlike fragmented point products, Prisma Cloud delivers comprehensive Code to CloudTM security by combining insights from each application stage and from the multiple security capabilities seamlessly embedded in the cloud application journey.
Reduce security risks without impacting developer productivity. Many development teams spend a significant portion of their time, sometimes up to one-third, addressing security issues. Prisma Cloud integrates with tools developers commonly use, enabling early detection, remediation and prevention of security flaws throughout the development lifecycle.
Prevent security breaches. Detect and block exploits such as container escapes and OWASP Top 10 security risks in runtime to prevent potential breaches. Prisma Cloud delivers protection across workloads, web applications and APIs.
Improve compliance and security posture. Enhance adherence to regulatory requirements and strengthen overall code and cloud security defenses. Prisma Cloud baselines your cloud environments against controls defined by regulatory standards and industry best practices (FedRAMP, CIS and more).
Reduce operational burden. Spend less time combing through alerts and effortlessly prioritize impactful issues. Prisma Cloud automatically detects and correlates related risks that pose the greatest potential for attack.
DevSec collaboration. Foster effective collaboration between developer and security teams to reduce mean time to remediate (MTTR) risks. With Prisma Cloud, security teams hand off fewer issues to application owners and leverage app context for stronger, efficient communication.
With Prisma Cloud, Palo Alto Networks is uniquely positioned to provide the public sector with the security foundations and workforce enablement outlined in the Federal CIOs Council’s Federal Cloud Computing Cloud Smart strategy.
Learn More
Palo Alto Networks currently helps U.S. government agencies under FedRAMP Moderate regulation secure their applications with Prisma Cloud. We look forward to partnering with FedRAMP High organizations. If you’d like to put Prisma Cloud to the test and discover hidden threats in your cloud environment, take advantage of our complimentary cloud security risk assessment, including a 10-day Prisma Cloud trial.
Resources
- Brown, Michael and Daniel Snyder. "Predicts 2023: Does Reach Exceed Grasp for U.S. Federal Government?" Gartner, Inc., February 28, 2023. G00778626.