* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [Product Features](https://www2.paloaltonetworks.com/blog/sase/category/product-features/)
* Palo Alto Networks Provid...

# Palo Alto Networks Provides Telemetry Sharing Capability to CISA CLAW

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2022%2F07%2Ftelemetry-sharing-capability-to-cisa-claw%2F)  
[](https://twitter.com/share?text=Palo+Alto+Networks+Provides+Telemetry+Sharing+Capability+to+CISA+CLAW&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2022%2F07%2Ftelemetry-sharing-capability-to-cisa-claw%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2022%2F07%2Ftelemetry-sharing-capability-to-cisa-claw%2F&title=Palo+Alto+Networks+Provides+Telemetry+Sharing+Capability+to+CISA+CLAW&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2022/07/telemetry-sharing-capability-to-cisa-claw/&ts=markdown)  
\[\](mailto:?subject=Palo Alto Networks Provides Telemetry Sharing Capability to CISA CLAW)  
Link copied  
By [Wayne LeRiche](https://www.paloaltonetworks.com/blog/author/wayne-leriche/?ts=markdown "Posts by Wayne LeRiche")  
Jul 14, 2022  
4 minutes  
[Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown)  
[Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)  
[Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)  
[CISA](https://www.paloaltonetworks.com/blog/tag/cisa/?ts=markdown)  
[Cortex Data Lake](https://www.paloaltonetworks.com/blog/tag/cortex-data-lake/?ts=markdown)  
[Prisma Access](https://www.paloaltonetworks.com/blog/tag/prisma-access/?ts=markdown)  
[SLED](https://www.paloaltonetworks.com/blog/tag/sled/?ts=markdown)

This post is also available in: [日本語 (Japanese)](https://www2.paloaltonetworks.com/blog/2022/07/telemetry-sharing-capability-to-cisa-claw/?lang=ja "Switch to Japanese(日本語)")

I'm thrilled to announce that Palo Alto Networks [Prisma Access](https://www.paloaltonetworks.com/sase/access) and Cortex Data Lake are now fully compatible with the [Cybersecurity and Infrastructure Security Agency (CISA) Cloud Log Aggregation Warehouse (CLAW)](https://www.cisa.gov/sites/default/files/publications/CISA_NCPS_Cloud_Interface_RA_Volume-1.pdf). Working with CISA, Palo Alto Networks created an onboarding service to forward logs and telemetry from Cortex Data Lake securely to CLAW. This capability enables departments and agencies using Cortex Data Lake to participate in EINSTEIN by sending telemetry to CLAW.

## What Is CLAW?

CLAW is a CISA-deployed architecture for collecting and aggregating security telemetry data from agencies using commercial services from cloud services providers. It's meant to enable secure, efficient methods for processing cloud security data in a way that offers CISA a similar level of situational awareness, provided by its current National Cybersecurity Protections System (NCPS) EINSTEIN, on-premises deployments.

[The EINSTEIN system](https://www.cisa.gov/einstein) is designed to detect and block cyberattacks from compromising federal agencies, and it provides CISA with the situational awareness to use threat information detected in one agency to protect the rest of the government and help protect the private sector, too.

Palo Alto Networks CLAW forwarding capability provides rapid onboarding as agencies begin moving to approved cloud-based TIC solutions. And, if you implement Prisma Access, you'll get the added benefit of using the only Zero Trust Network Access (ZTNA) 2.0 solution currently available on the market.

Palo Alto Networks pioneered and recently introduced [ZTNA 2.0](https://www.paloaltonetworks.com/sase/ztna). ZTNA 2.0 addresses the deficiencies of legacy ZTNA approaches for securing remote and hybrid workforces by connecting all users and apps with fine-grained access controls and providing behavior-based continuous trust verification after users connect. This reduces the attack surface dramatically. ZTNA 2.0 can also make the transition to a broader Zero Trust architecture easier. (Read more about [ZTNA in the public sector](https://www.linkedin.com/pulse/ztna-public-sector-palo-alto-networks-publicsector/?trackingId=1pLljgRZbCpHgB2%2B9TfETA%3D%3D).)

## What Does This Mean for Departments and Agencies?

For federal civilian departments and agencies, our established CLAW forwarding capability means you have several capabilities:

* Use the FedRAMP Moderate Authorized Palo Alto Networks [Prisma Access Secure Access Service Edge (SASE)](https://www.paloaltonetworks.com/sase/access) solution as you work to modernize your IT and accelerate the adoption of a Zero Trust architecture. This enables you to meet aggressive timelines outlined in [a U.S. Office of Management and Budget (OMB) memo](https://www.whitehouse.gov/wp-content/uploads/2022/01/M-22-09.pdf) released earlier this year.
* Use Prisma Access to comply with CISA's Trusted Internet Communications (TIC) 3.0 guidance. TIC 3.0, which is the latest version of CISA's [TIC program](https://www.cisa.gov/tic), is meant to help agencies secure federal data, networks and boundaries. This is done while providing visibility into agency traffic, including cloud communications.
* Meet National Cybersecurity Protection System (NCPS) requirements to implement reporting patterns and maintain telemetry sharing with CISA as your organization moves to TIC 3.0 services. CISA analysts use this data for 24/7 situational awareness, analysis and incident response.

[According to CISA](https://www.cisa.gov/sites/default/files/publications/CISA_NCPS%20Cloud%20Interface%20RA%20Volume%20Two%20%28Final%20DRAFT%20for%20Release%29.pdf), when agencies move toward TIC 3.0 use cases, some network traffic no longer traverses traditional NCPS sensors, which means security information about that traffic is no longer captured by NCPS. Traditional NCPS sensors, located at TIC and Managed Trusted Internet Protocol Service (MTIPS) gateways, capture security information as traffic passes between the agency and the internet.

With a secure connection between [Palo Alto Networks Cortex Data Lake](https://www.paloaltonetworks.com/cortex/cortex-data-lake) and CLAW, federal civilian departments and agencies can send telemetry directly to CLAW through Prisma Access. The Cortex Data Lake, which provides cloud-based, centralized log storage and aggregation for Prisma Access, collects, transforms and analyzes enterprise data, and then pushes log data to CLAW from cloud services.

## Learn More about Prisma Access

Palo Alto Networks Prisma Access is part of a suite of FedRAMP Authorized, cloud-delivered services that are helping U.S. agencies modernize IT and cybersecurity. Find out how this solution and our other [FedRAMP Authorized cloud services](https://paloaltonetworks.com/security-for/government/fedramp), including Cortex Data Lake, can help federal civilian departments and agencies secure their networks and remote and hybrid workforces. Or contact our [federal team](https://www.paloaltonetworks.com/industry/federal#public-sector-contact-form) to request a meeting.

Also, be sure to visit our [Zero Trust for public sector page](https://www.paloaltonetworks.com/accelerating-your-zero-trust-journey-in-public-sector.html) to learn how Palo Alto Networks is helping organizations in the public sector to accelerate their Zero Trust journey.

*** ** * ** ***

## Related Blogs

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Education](https://www.paloaltonetworks.com/blog/category/education/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### CISA K-12 Report Blog](https://www2.paloaltonetworks.com/blog/2023/02/cisa-k-12-report-blog/)

### [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### Cybersecurity Guidelines for New Governors](https://www2.paloaltonetworks.com/blog/2023/02/cybersecurity-guidelines-for-new-governors/)

### [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### How to Launch an Effective Zero Trust Initiative](https://www2.paloaltonetworks.com/blog/2022/07/launch-an-effective-zero-trust-initiative/)

### [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### How to Balance the Zero Trust Journey with the Speed of the Mission](https://www2.paloaltonetworks.com/blog/2022/06/balance-zero-trust-journey-with-the-speed-of-the-mission/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### Google Cloud Partners with Palo Alto Networks](https://www2.paloaltonetworks.com/blog/2022/02/google-cloud-partners-with-palo-alto-networks/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Events](https://www.paloaltonetworks.com/blog/category/events/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### New Highly Secure TIC 3.0 Offering for Remote Users \& Branch Offices](https://www2.paloaltonetworks.com/blog/2021/11/remote-users-branch-offices/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language