Palo Alto Networks Cortex Cloud™ — Unified Efficiency, Now with Dual FedRAMP Authority

Posted on by Eric Trexler

In a testament to its commitment to secured and streamlined cloud security, Palo Alto Networks Cortex Cloud™ has already achieved FedRAMP High and Moderate authorizations since launching in February 2025. This significant milestone positions Cortex Cloud as the only CNAPP in the FedRAMP Marketplace holding both High and Moderate designations, underscoring its unique ability to cater to the diverse security needs of the U.S. Government.

The Federal Risk and Authorization Management Program (FedRAMP) is the Government’s rigorous standard for assessing, authorizing and continuously monitoring cloud services. By achieving both High and Moderate authorizations, Cortex Cloud demonstrates its adherence to stringent security controls, paving the way for Federal agencies to confidently adopt its innovative platform.

Unlocking Efficiency Through a Unified Security Platform

At a time when Government agencies are prioritizing modernization and efficiency, Cortex Cloud offers a powerful, unified solution. As the next generation of Prisma® Cloud, it transcends traditional, siloed security tools by integrating best-in-class cloud detection and response (CDR) with industry-leading, cloud-native application protection platform (CNAPP) capabilities.

This platform-centric approach delivers measurable benefits:

Streamlined Procurement – By choosing Cortex Cloud with FedRAMP High authorization to secure your environment, agencies can bypass the complexities and delays of redundant security assessments.
Reduced Complexity and Risk – By integrating security across the entire cloud lifecycle (from code to cloud to SOC) Cortex Cloud eliminates the operational overhead and potential vulnerabilities associated with managing disparate security tools.
Enhanced Operational Efficiency – The unified platform provides comprehensive visibility and context, enabling security teams to prioritize risks effectively, automate responses and reduce the mean time to respond (MTTR) to threats.
Intelligent Risk Reduction – Cortex Cloud’s cloud posture security capabilities offer agentless visibility and intelligently group-related issues, empowering security teams to focus on the most critical risks with minimal effort.
Proactive Threat Prevention – Stop attacks in real time with cloud detection and response (CDR), maintaining the integrity and availability of Government systems, as breaches are prevented before impacting mission-critical operations.
Securing the Application Lifecycle – Cortex Cloud’s application security features enable agencies to identify and remediate vulnerabilities in the software supply chain, preventing risks from ever reaching production.

Meeting Diverse Government Needs with a Single, Powerful Platform

The dual FedRAMP High and Moderate authorizations empower Cortex Cloud to address a wide spectrum of Government requirements:

FedRAMP High – For the most sensitive, unclassified data where compromise could severely impact national security, economic stability or public safety. Cortex Cloud meets over 400 rigorous security controls for mission-critical applications.
FedRAMP Moderate – For Federal information where loss of confidentiality, integrity or availability would have serious adverse effects. Cortex Cloud adheres to over 300 security controls, suitable for a broad range of data, including PII.

Furthermore, Cortex Cloud’s GovRAMP High and Moderate certifications highlight its commitment to serving State and Local Governments with equally robust and efficient cloud security solutions.

Driving Productivity and Cost Savings

The U.S. Government’s focus on maximizing efficiency and productivity aligns perfectly with the benefits offered by Cortex Cloud’s unified platform.

By consolidating security functions and providing intelligent insights, Cortex Cloud helps agencies:

Optimize Resources – Security teams can operate more efficiently, focusing on strategic initiatives rather than managing a complex web of point solutions.
Improve Security Outcomes – Comprehensive visibility and integrated threat intelligence lead to a stronger security posture and reduced risk of costly breaches.
Accelerate Cloud Adoption – Agencies can confidently embrace the scalability and flexibility of the cloud while maintaining the highest security standards.

Cortex Cloud’s FedRAMP High and Moderate authorizations are more than just certifications; they represent a commitment to providing Government agencies with an efficient, unified and highly secure cloud security platform. By streamlining operations, reducing complexity and delivering comprehensive protection, Cortex Cloud empowers the U.S. Government to achieve its modernization goals while safeguarding its most critical assets.

Secured in America. Built for Government.

Headquartered in California, Palo Alto Networks proudly celebrates two decades of cybersecurity innovation and leadership. Across the United States, we employ more than 8,800 people in 49 states with physical offices in California, New York, Texas and Virginia. Championing American production excellence, we assemble all of our hardware firewalls in the United States, with our primary assembly and fulfillment center located in Texas. With over $1.8 billion in annual R&D, Palo Alto Networks is driving continuous innovation to maintain American technological leadership and excellence.

Learn more about our commitment to serve Federal organizations as the Government’s cybersecurity partner of choice.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Palo Alto Networks, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

From Concept to Implementation: Operationalizing Zero Trust Architecture in Government Environments

Posted on by Norman Wong

Zero Trust has evolved over the last 15 years into a cornerstone of Federal cybersecurity strategy, influencing enterprises as well as State and Local Governments. While the principles of continuous authentication and least privilege are widely accepted, many organizations still need the industry’s support with implementation.

The National Institute of Standards and Technology’s (NIST) National Cyber Center of Excellence (NCCoE) has bridged this gap by offering practical guidance for applying Zero Trust concepts in real-world solutions.

Understanding Zero Trust Principles

Zero Trust is a cybersecurity strategy built on the assumption that networks are already compromised, making it the most resilient approach for securing today’s hybrid environments. Rather than relying on network perimeters, Zero Trust focuses on continuous authentication and verification of every access request, regardless of where those resources are located.

This approach requires organizations to secure all communications through encryption and authentication, grant access on a per-session basis with least privileges, implement dynamic policies, continuously monitor resource integrity and authenticate before allowing access. The objective is to reduce implicit trust between enterprise systems to minimize lateral movement by potential attackers.

Organizations must also collect and analyze as much contextual information as possible to create more granular access policies and strengthen current controls for an enhanced Zero Trust Architecture (ZTA).

NIST’s Role and Guidance

NIST has been instrumental in defining and operationalizing Zero Trust through guidance documents and practical demonstrations like Special Publication (SP) 800-207, published in 2020, which established the foundation for ZTA. Building on this framework, NIST’s NCCoE worked with industry, Government and academia to launch a project to show how these concepts could be implemented in real-world environments.

Initially focused on three example implementations, the project expanded to 19 different ZTA implementations using technologies from 24 industry collaborators, including Palo Alto Networks.

These implementations were built around three primary deployment approaches:

Enhanced Identity Governance: Emphasizes identity and attribute-based access control, ensuring access decisions are linked to user identity, roles and context.
Microsegmentation: Uses smart devices such as firewalls, smart switches or specialized gateways to isolate and protect specific resources.
Software-Defined Perimeter (SDP): Creates a software overlay to protect infrastructure—like servers and routers—by concealing it from unauthorized users.

Although not included in SP 800-207, the project also recognized Secure Access Service Edge (SASE) as an emerging deployment model that integrates network and security functions into a unified, cloud-delivered service.

Practical Implementation Strategies

Palo Alto Networks - Operationalizing Zero Trust - Blog - Embedded Image - 2025

The NCCoE project tackled the critical question: where should organizations start on their Zero Trust journey? By adopting an agile, incremental approach with “crawl, walk and run” stages, the project phased its implementation based on deployment approaches. This allowed gradual, manageable builds while addressing real-world complexities.

Technologies such as firewalls, SASE with Software-Defined Wide Area Network (SD-WAN) and Endpoint Detection and Response (EDR) using Palo Alto Networks Cortex XDR® were utilized, with remote worker scenarios reflecting modern hybrid environments. NIST SP 1800-35 outlines the phased approach and provides a practice guide, including technologies, reference architectures, use cases, tested scenarios and security controls built into each implementation.

One of the most significant challenges addressed was interoperability between different security solutions. Rather than overhauling infrastructure, organizations can leverage existing technologies while gradually introducing new solutions to enhance security and move toward a mature ZTA.

Integrating Technology Solutions

The NCCoE highlighted how comprehensive security platforms enable Zero Trust principles across hybrid environments. Palo Alto Networks presented a comprehensive ZTA built with artificial intelligence (AI) and machine learning (ML), leveraging capabilities including Cloud Identity Engine for federated identity management, next-generation firewalls for microsegmentation, cloud-delivered security services and SASE for remote access and EDR.

The approach focused on three key objectives:

Continuous trust verification and threat prevention
Single policy enforcement across all environments
Interoperability with other security solutions

AI was embedded throughout the platform—from policy creation to user and device analysis—ensuring that Zero Trust policies are enforced consistently and adapted automatically in response to evolving threats. This intelligent strategy provides a scalable and resilient foundation for securing modern, hybrid environments.

Community Collaboration and A Holistic Approach

The success of the NCCoE project underscored the importance of collaboration between Government and industry to develop practical Zero Trust solutions. This partnership enabled the development of a holistic security monitoring system that can track user behavior across on-premises, cloud and remote environments. The integration of AI and ML streamlined incident response, reducing mean time to detection and resolution.

Experts recommend that organizations begin their Zero Trust journey with fundamental capabilities such as identity and access management (ICAM), endpoint security and compliance and data security. Implementing multi-factor authentication (MFA), integrated with existing Active Directory (AD) systems or identity providers, is an effective first step in strengthening access security. Monitoring network traffic and endpoint behavior using threat intelligence, user behavior analytics and AI allows organizations to proactively detect and respond to threats, providing a solid foundation for a resilient ZTA.

The journey to operationalizing Zero Trust continues to evolve, with NIST planning updates to their guidance documents to address emerging technologies like SASE and special considerations for operational technology (OT) environments. By adopting the principles, frameworks and practical implementation approaches demonstrated through the NCCoE project, Government agencies can develop more resilient security architectures that protect resources across diverse environments.

To learn more about implementing ZTAs in Government environments, watch the full webinar “Operationalizing Zero Trust: NIST and End-to-End Zero Trust Architectures,” presented by Palo Alto Networks, NIST and Carahsoft.

Higher Education All-In on Cloud-First

Posted on by Tim Boltz

Is digital transformation in higher education possible without the cloud? Not likely. When that transformation is viewed as a journey, not a destination, the essential role of cloud-based resources as enabling and empowering infrastructure comes sharply into focus. Institutional performance, operational efficiencies, student success — the primary goals of digital transformation in higher education today — are only possible with the agility and scalability of cloud-based computing and resources.

Without a clear strategy in place, digital transformation and cloud migration can start to look like a game of whack-a-mole. As teams weigh where cloud solutions will take them next, understanding and articulating the need to include data-intensive computing, security, reporting, and analysis is imperative. That’s all the more true as students increasingly demand a level of personalization and engagement that can only be delivered through a robust analytics and data infrastructure. Download the guide to learn how to grow beyond today’s analytics programs and to mature them for endemic management and strategy.

Cloud Budgets Keep Growing

“‘As higher education institutions continue to pivot toward continuous modernization practices, the SaaS segment of the cloud is likely to see the most investment,’ noted Damien Eversmann, Chief Architect for Education at Red Hat. ‘Cloud resources provide the agility and flexibility needed to support the culture of change that continuous modernization demands. As long as security practices are properly maintained, cloud adoption is one of the best tools for academic institutions to stay ahead of the curve.’ All cloud categories are expected to see growth in 2023, according to Gartner, with the most significant anticipated growth in Cloud Management and Security Services and Cloud Application Infrastructure Services (PaaS).”

Read more insights from Damien Eversmann, Chief Architect for Education at Red Hat.

Accelerate Agility and Integrate Data

“Today, higher education IT professionals refer to “the new normal” when discussing the many modes of learning, research, and other day-to-day hybrid work now possible thanks to cloud computing. The monumental movement and general acceptance of the cloud within higher education happened nearly overnight, after years of hesitance and reluctance on the part of higher ed leaders who sought greater on-site control over data and operations. That reluctance transformed to trust as cloud-based operations proved their mettle, and institutions by and large today embrace a new way of working through the ongoing and continuous change of digital transformation. “That’s probably the biggest change — that change is the constant,” said Bill Greeves, an industry advisor for SAP who supports the organization’s education customers. As a former CIO and deputy county manager for Wake County, N.C., Greeves saw firsthand the overnight transformation to cloud-based workloads to keep government and citizen services up and running at the onset and throughout the pandemic.”

Read more insights from Bill Greeves, Industry Advisor for SAP.

Essentials for Navigating Cloud Implementations

“While the mission of higher education has never changed, the means of fulfilling that mission continue to swiftly evolve, particularly as a result of cloud computing technology and the migration of workloads, applications, storage — pretty much everything — to the cloud. Higher education research, in particular, enjoys many benefits from the cloud, including rapid provisioning of data and applications, or abstraction, which ensures non-technical users can readily deploy cloud resources and quickly get back to the real task at hand: research. Cloud is at the heart of institutions’ ongoing march to digital transformation, but that’s not all: Prompted by the pandemic, many colleges and universities have also embraced the rapid adoption of cloud capabilities in support of remote work and collaboration.”

Read more insights from Hunter Ely, Security Strategist at Palo Alto Networks, and Mathew Lamb, Manager, Pre-Sales Cloud Native Solutions at Palo Alto Networks.

Download the full report for more insights from these from these higher ed Cloud leaders as well as additional perspectives and industry research.

| Carahsoft

Tag Archives: Palo Alto Networks