* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [Government](https://www2.paloaltonetworks.com/blog/category/government/)
* NIST Highlights Palo Alto...

# NIST Highlights Palo Alto Networks Supply Chain Best Practices

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2020%2F06%2Fpolicy-supply-chain-best-practices%2F)  
[](https://twitter.com/share?text=NIST+Highlights+Palo+Alto+Networks+Supply+Chain+Best+Practices&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2020%2F06%2Fpolicy-supply-chain-best-practices%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2020%2F06%2Fpolicy-supply-chain-best-practices%2F&title=NIST+Highlights+Palo+Alto+Networks+Supply+Chain+Best+Practices&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2020/06/policy-supply-chain-best-practices/&ts=markdown)  
\[\](mailto:?subject=NIST Highlights Palo Alto Networks Supply Chain Best Practices)  
Link copied  
By [Coleman Mehta](https://www.paloaltonetworks.com/blog/author/coleman-mehta/?ts=markdown "Posts by Coleman Mehta")  
Jun 26, 2020  
4 minutes  
[Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown)  
[Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)  
[Government](https://www.paloaltonetworks.com/blog/tag/government2/?ts=markdown)  
[NIST](https://www.paloaltonetworks.com/blog/tag/nist/?ts=markdown)  
[Supply Chain](https://www.paloaltonetworks.com/blog/tag/supply-chain/?ts=markdown)

This post is also available in: [日本語 (Japanese)](https://www2.paloaltonetworks.com/blog/2020/07/policy-supply-chain-best-practices/?lang=ja "Switch to Japanese(日本語)")

Around the world, governments as well as private sector organizations are focused on identifying and mitigating risks to the information and communications technology (ICT) supply chain. In fact, efforts to disrupt or exploit supply chains have become, in the words of a senior US Homeland Security Department official, a "[principal attack vector](https://homeland.house.gov/imo/media/doc/Testimony-Kolasky1.pdf)" for adversarial nations seeking to take advantage of vulnerabilities for espionage, sabotage or other malicious activities. In this environment, strong supply chain security practices are a differentiator for critical infrastructure organizations. But what, exactly, does a strong supply chain security program look like? Recently, the U.S. Department of Commerce's National Institute of Standards and Technology (NIST) published a[case study](https://csrc.nist.gov/publications/detail/white-paper/2020/02/04/case-studies-in-cyber-scrm-palo-alto-networks-inc/final) highlighting how Palo Alto Networks uses supply chain best practices.

The case study identified several best practices that collectively contribute to the overall supply chain security efforts of Palo Alto Networks. Among them:

* An organizational focus on end-to-end risk management. We identify supply chain risks across our entire product lifecycle -- design, sourcing, manufacturing, fulfilment and service -- and take proactive action to ensure the integrity of our products. Risk assessments are performed early in the product development lifecycle to help determine the feasibility of product design decisions.
* Strong supplier management, focused on security requirements as well as establishing collaborative relationships to ensure a complete view of suppliers' security posture.
* Hardware manufacturing and order fulfillment processes that enable us to more easily manage personnel, facility and product security. In fact, we regularly consider geopolitical implications when making decisions to forgo suppliers and manufacturing locations, because it's simply the right decision for product security.
* Active engagement in public-private partnerships designed to increase collaboration between public and private sector organizations and make recommendations for enhancing supply chain security, such as our executive committee role on the [DHS ICT Supply Chain Risk Management Task Force](https://www.cisa.gov/ict-scrm-task-force).
* Finally, overlaying these practices is executive management buy-in. Supply chain risk management is a team sport spanning operations, product management and other corporate functions. Strong coordination is critical to our success.

As with many global manufacturers, our supply chain practices were put to the test in the face of the COVD-19 pandemic. Indeed, Palo Alto Networks is both a critical infrastructure company ourselves -- playing a key role in ensuring complex, interconnected digital information systems are secure against malicious actors -- and a supplier to other critical infrastructure entities worldwide. The customers that rely on us to secure their networks span critical healthcare, defense, financial services, government, logistics, food and agriculture, and other entities that are playing a vital role in the response to the pandemic. In a testament to our risk management practices, our team and our manufacturing partner have done a terrific job working with our suppliers around the globe to ensure that we can meet the security needs of our customers during this time.

What's next? Palo Alto Networks believes governments should promote adoption of supply chain best practices by incentivizing companies that make risk-based decisions to maintain product integrity -- such as through qualified procurement preferences. In fact, in the United States, Congress has[mandated](https://www.congress.gov/bill/115th-congress/house-bill/7327) that the U.S. government should identify supply chain best practices and recommend legislative or other policy changes to incentivize their adoption by the private sector. The government would do well to look at NIST's work in identifying those best practices.

At Palo Alto Networks, we understand what it takes to maintain a strong supply chain and ensure the integrity of our products. We believe responsible companies have a duty to keep a secure supply chain and that governments should promote the adoption of best practices like these to foster a resilient ICT ecosystem. Read the full NIST case study on our approach to supply chain risk management here: [Case Studies in Cyber Supply Chain Risk Management: Palo Alto Networks, Inc.](https://doi.org/10.6028/NIST.CSWP.02042020-6).

*** ** * ** ***

## Related Blogs

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### Enhancing the Security of Software Development Environments](https://www2.paloaltonetworks.com/blog/2022/04/software-development-standards/)

### [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### CISA Panel: Reflections on Digital Transformation and COVID-19](https://www2.paloaltonetworks.com/blog/2020/09/policy-cisa-3rd-annual-national-cybersecurity-summit/)

### [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### The Federal Zero Trust Strategy](https://www2.paloaltonetworks.com/blog/2022/03/the-federal-zero-trust-strategy/)

### [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### New FedRAMP Authorization Secures Remote Access for Federal Agencies](https://www2.paloaltonetworks.com/blog/sase/2021-fedramp-secure-remote-access/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### NIST Selects Palo Alto Networks for Zero Trust Architecture Project](https://www2.paloaltonetworks.com/blog/2021/07/nist-nccoe-zero-trust-architecture/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown), [Partner Integrations](https://www.paloaltonetworks.com/blog/sase/category/partner-integrations/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### Google Cloud, Partnered With Palo Alto Networks, Receives US Government Success Memo](https://www2.paloaltonetworks.com/blog/2021/07/us-diu-cloud-delivered-security/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language