>
    Strata Copilot
    Panorama-Managed Prisma Access FedRAMP Moderate and High Plugin and Dataplane Requirements Through Common Services
    Focus
    Download PDF
    Focus
    1. Home
    2. FedRAMP
    3. Prisma SASE FedRAMP Moderate and High Requirements
    4. Panorama-Managed Prisma Access FedRAMP Moderate and High Plugin and Dataplane Requirements Through Common Services
    Download PDF
    FedRAMP

    Panorama-Managed Prisma Access FedRAMP Moderate and High Plugin and Dataplane Requirements Through Common Services

    Table of Contents

    Panorama-Managed Prisma Access FedRAMP Moderate and High Plugin and Dataplane Requirements Through Common Services

    Learn how to activate your single or multitenant Panorama-managed Prisma Access FedRAMP license.
    Where Can I Use This?What Do I Need?
    • FedRAMP High and FedRAMP Moderate
    • Prisma Access (Managed by Panorama)
    • FedRAMP Prisma Access license with optional add-ons
    • FedRAMP email activation link
    • Gov Strata Logging Service
    • Gov Region
    • Role: Multitenant Superuser or Superuser with access to the FedRAMP Customer Support Portal (CSP) account
    To make sure that your Panorama Managed Prisma Access is compliant with FedRAMP, use these guidelines and requirements when installing, activating, setting up for the first time, and configuring Prisma Access.
    To ensure that Prisma Access stays in compliance with FedRAMP Moderate requirements, make sure that your Panorama Managed Prisma Access deployment uses the following versions.

    Prisma SASE FedRAMP Moderate

    ComponentRequired Version
    Prisma Access Infrastructure6.1
    Prisma Access Data Plane version
    10.2.10 Preferred or 11.2.7 Innovation
    Panorama PAN-OS version
    11.2.7 or later (not version 12.x)
    Enabling the Federal Information Processing Standard and Common Criteria (FIPS-CC) on the Panorama that manages Prisma Access is the recommended best practice aligned with FedRAMP controls. Enabling FIPS-CC support on Panorama requires accessing the Maintenance Recovery Tool (MRT).
    To simplify the installation and activation process, you can select an existing Panorama you have already configured in FIPS mode, if you have registered Panorama, installed the licenses, and activated the support license on the Customer Support Portal (CSP). If you have added the Panorama serial number to the same CSP account on which you want to deploy Prisma Access, you can select the serial number of this Panorama appliance during installation.
    You cannot use a Panorama that has been used to manage another Prisma Access or Strata Logging Service deployment.
    Strata Cloud ManagerRelease 5
    Cloud Services plugin version
    5.2.0-h60, 6.0.0-h9+, 6.0.0-h40+
    GlobalProtect version
    6.3.3+—recommended FIPS-CC validated version
    DLP plugin5.0.8+
    Explicit ProxyUS GCP locations only
    Prisma SD-WAN Controller version
    6.4.2

    Prisma Access FedRAMP High

    ComponentRequired Version
    Prisma Access Infrastructure6.0.1
    Prisma Access Data Plane version
    10.2.10 or 11.2.7
    Panorama PAN-OS version
    11.2.7 or later
    Enabling the Federal Information Processing Standard and Common Criteria (FIPS-CC) on the Panorama that manages Prisma Access is the recommended best practice aligned with FedRAMP controls. Enabling FIPS-CC support on Panorama requires accessing the Maintenance Recovery Tool (MRT).
    To simplify the installation and activation process, you can select an existing Panorama you have already configured in FIPS mode, if you have registered Panorama, installed the licenses, and activated the support license on the Customer Support Portal (CSP). If you have added the Panorama serial number to the same CSP account on which you want to deploy Prisma Access, you can select the serial number of this Panorama appliance during installation.
    You cannot use a Panorama that has been used to manage another Prisma Access or Strata Logging Service deployment.
    Strata Cloud ManagerRelease 4
    Cloud Services plugin version
    5.2.0-h53+ (h53 requires the CSP allowlisting the panorama serial number)
    GlobalProtect version
    6.3.3+—recommended FIPS-CC validated version
    DLP plugin5.0.8+

    © 2025 Palo Alto Networks, Inc. All rights reserved.