* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [Public Sector](https://www2.paloaltonetworks.com/blog/category/public-sector/)
* Product Integrity Is Para...

# Product Integrity Is Paramount: How We Protect and Secure Customers

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2020%2F08%2Fpolicy-product-integrity%2F)  
[](https://twitter.com/share?text=Product+Integrity+Is+Paramount%3A+How+We+Protect+and+Secure+Customers&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2020%2F08%2Fpolicy-product-integrity%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2020%2F08%2Fpolicy-product-integrity%2F&title=Product+Integrity+Is+Paramount%3A+How+We+Protect+and+Secure+Customers&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2020/08/policy-product-integrity/&ts=markdown)  
\[\](mailto:?subject=Product Integrity Is Paramount: How We Protect and Secure Customers)  
Link copied  
By [Ryan Gillis](https://www.paloaltonetworks.com/blog/author/ryan-gillis/?ts=markdown "Posts by Ryan Gillis") and [Natalio Pincever](https://www.paloaltonetworks.com/blog/author/natalio-pincever/?ts=markdown "Posts by Natalio Pincever")  
Aug 11, 2020  
6 minutes  
[Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)  
[NIST](https://www.paloaltonetworks.com/blog/tag/nist/?ts=markdown)  
[Supply Chain](https://www.paloaltonetworks.com/blog/tag/supply-chain/?ts=markdown)

***The Product Integrity Checklist***

✓ **Internal processes and oversight**

✓ **Hardware manufacturing processes**

✓ **Tamper-proof secure delivery of hardware products**

✓ **Third-party testing**

✓ **Vulnerability remediation** **and disclosure practices**

✓ **Executive Management Buy-In**

At Palo Alto Networks, our highest priorities are the integrity of our products and security of our customers. We are dedicated to the needs of our customers and, as a provider of security products, we are aware of the risks facing our government and business customers around the world.

The [commitment of Palo Alto Networks to product integrity](https://www.paloaltonetworks.com/blog/2020/06/policy-supply-chain-best-practices/) was highlighted by the U.S. Department of Commerce's National Institute of Standards and Technology [(NIST) case study](https://csrc.nist.gov/publications/detail/white-paper/2020/02/04/case-studies-in-cyber-scrm-palo-alto-networks-inc/final) in February 2020, which outlined how Palo Alto Networks uses end-to-end risk management as an example of best practice for supply chain management. This case study identifies and highlights how we inherently identify supply chain risks across our entire product lifecycle -- design, sourcing, manufacturing, fulfilment and service -- and take proactive action to ensure the integrity of our products. We are incredibly proud of this report.

We continue to pursue product integrity best practice via several key areas to ensure the quality and integrity of the Palo Alto Networks products:

## Internal Processes and Oversight

Palo Alto Networks undertakes a number of internal processes to ensure the integrity of its PAN-OS products. In particular:

* Software \& Firmware Signing: Palo Alto Networks digitally signs all of our PAN-OS software and updates. These signatures are checked and validated by the NGFW (appliance and virtual) prior to installation, thus ensuring all software and updates that are loaded have come from Palo Alto Networks.
* Secure Updates: Palo Alto Networks also provides all updates via a validated secure channel. When you enable Verify Update Server Identity, the Firewall or Panorama will verify that the server from which the software or content package is downloaded has an SSL certificate signed by a trusted authority. This adds an additional level of security for the communication between Firewalls or Panorama servers and the update server.
* Signature Verification: Palo Alto Networks performs software integrity checks on its products and performs software integrity checks for tamper detection and software corruption. The software integrity check validates that the operating system and data file structure are intact, as delivered by Palo Alto Networks. If the check detects a software corruption or possible appliance tampering, it generates a System log of critical severity. Since PAN-OS 8.1.3, this was further enhanced and the appliance will go into maintenance mode when the check fails, prohibiting the device from doing anything it should not, while allowing the administrator access to the device.

To ensure that new PAN-OS product introductions, ongoing product development and product changes such as bug fixes maintain the integrity of the products, Palo Alto Networks institutes checks and balances to oversee development. These measures include, but are not limited to, restrictions on who scopes and defines source code changes, reviewing new source code with a hierarchy of oversight, and ensuring a "chain of custody" throughout development, testing and Quality Assurance (QA) processes. We also require development managers to review and sign off on all code changes. These checks mitigate the risk of modification to the system that were not outlined in the design specifications.

## Hardware Manufacturing Processes

Palo Alto Networks next-generation firewalls are manufactured in the United States of America. While manufacturing location does not in itself guarantee secure hardware, it does enable Palo Alto Networks to more easily manage personnel, facility and product security. Importantly, our U.S. manufacturer is ISO 9001 and C-TPAT certified -- these standards invoke stringent quality processes to ensure supply chain security. We have a strong focus on our supply chain management, focused on security requirements and a collaborative relationship with suppliers to ensure a complete view of their security posture.

In fact, we regularly make decisions to forgo suppliers and certain manufacturing locations when they cannot offer the same security assurances, and we know it's the right decision to protect our product and our customers.

## Tamper-proof Secure Delivery of Hardware Products

To ensure that hardware purchased from Palo Alto Networks have not been tampered with during shipping, Palo Alto Networks asks each individual customer to verify the following upon receipt of each hardware product:

* The tracking number provided to each customer electronically when ordering the hardware product, which should match the tracking number that is physically labelled on the box or crate.
* The warranty seals on the device itself do not show evidence of tampering.

## Third-party Testing

Palo Alto Networks products are subjected to significant quality assurance and vulnerability testing both internally and from third-party vendors involved in the certification of products to the Common Criteria (CC), U.S. Federal Information Processing Standards (FIPS) and other global government certifications.

## Vulnerability Remediation and Disclosure Practices

All currently supported Palo Alto Networks PAN-OS-based products and services are designed with the highest security assurance standards in all aspects of a product lifecycle to help deliver highly trusted and secure products. Our product security assurance practices are based on recognized international standards such as ISO/IEC 29147:2018 (vulnerability disclosure), ISO/IEC 30111:2019 (vulnerability handling) and FIRST PSIRT Services Framework 1.0. We have a security incident response team to oversee receiving, identification, assessment, remediation, verification and publication of advisories for security vulnerabilities discovered in our products and services. We also maintain a comprehensive information portal for all of our products that covers[End of Life - Software](https://www.paloaltonetworks.com/services/support/end-of-life-announcements/end-of-life-summary). For our specific hardware, the[End of Life - Hardware](https://www.paloaltonetworks.com/services/support/end-of-life-announcements/hardware-end-of-life-dates) summary can also be found on our public site. We are deeply committed to helping ensure the safety and security of our customers.

## Executive Management Buy-In

The five practices described above are driven by, and have the buy-in of, Palo Alto Networks executive management. Supply chain risk management encompasses a whole-of-company strategy spanning operations, product management and other corporate functions; strong coordination is critical to our success.

As the global cybersecurity leader, the Palo Alto Networks mission is to be the cybersecurity partner of choice, protecting our digital way of life. To Palo Alto Networks, being the partner of choice means maintaining a strong supply chain and ensuring the integrity of our products for the ultimate benefit of our customers.

*** ** * ** ***

## Related Blogs

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### Enhancing the Security of Software Development Environments](https://www2.paloaltonetworks.com/blog/2022/04/software-development-standards/)

### [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### NIST Highlights Palo Alto Networks Supply Chain Best Practices](https://www2.paloaltonetworks.com/blog/2020/06/policy-supply-chain-best-practices/)

### [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### White House Post-Quantum Announcement: What It Means for Cybersecurity](https://www2.paloaltonetworks.com/blog/2024/08/white-house-post-quantum-announcement/)

### [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### Palo Alto Networks Zero Trust Platform Featured in New NIST Guidance](https://www2.paloaltonetworks.com/blog/2024/08/zero-trust-platform-featured-in-new-nist-guidance/)

### [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### Choosing Which Federal Guidelines to Follow for Zero Trust](https://www2.paloaltonetworks.com/blog/2022/03/federal-guidelines-for-zero-trust/)

### [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### The Federal Zero Trust Strategy](https://www2.paloaltonetworks.com/blog/2022/03/the-federal-zero-trust-strategy/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language