CrowdStrike® is proud to announce today that it has officially received Federal Risk and Authorization Management Program (FedRAMP) authorization for the CrowdStrike Falcon® on GovCloud solution. CrowdStrike’s Authorization to Operate (ATO) at the Moderate Impact level from the U. S. Department of Commerce’s International Trade Administration (ITA) supports the federal government’s efforts to modernize IT and streamline operations with comprehensive endpoint protection delivered via the cloud.
As the industry's first cloud-native endpoint protection solution, the CrowdStrike Falcon® platform has long delivered on the promise of better protection and efficiency for our customers all over the world. CrowdStrike Falcon® uses sophisticated AI and behavioral analytics, powered by the security industry's most extensive set of endpoint telemetry and threat intelligence, to protect customers against all types of cyberattacks. CrowdStrike has experienced explosive growth over the last several years, today processing more than 1 trillion events per week. FedRAMP authorization allows CrowdStrike to build on this success in protecting the private sector and to expand our reach dramatically into the U.S. public sector, delivering cutting-edge technology to the U.S. federal government to drive innovation and efficiency.
Protection from the Cloud with Trust and Confidence
The public sector continues to be highly targeted by cyberattacks launched by sophisticated organized crime and nation-state adversaries. As attacks have become more advanced, legacy technologies have failed to deliver the comprehensive protection needed to reliably stop breaches. Agencies are increasingly turning to next-generation solutions delivered from the cloud to fill the cybersecurity gap. FedRAMP is a mandatory program developed by the U.S. Office of Management and Budget (OMB) to help federal agencies adopt modern cloud services without introducing unwanted risks or excessive bureaucratic red tape. FedRAMP provides a standardized approach across the U.S. federal government for assessing security and continuous monitoring of cloud infrastructure and services. FedRAMP gives the U.S. public sector a common framework for establishing trust in cloud services, saving the federal government significant time and resources.A Long Road
Today’s important milestone for CrowdStrike is one step on a long road that began more than two years ago. More recently, in February 2018, CrowdStrike announced it had reached the “In Process” milestone on the way toward FedRAMP authorization as a cloud service provider (CSP). At that time, CrowdStrike reported its path to FedRAMP authorization was via sponsorship from a government agency that has deployed the solution. In this case, the U. S. Department of Commerce’s International Trade Administration (ITA) chose the CrowdStrike Falcon® platform and “became a willing partner in assisting CrowdStrike during its pursuit of the FedRAMP authorization.” That partnership continues today. CrowdStrike’s authorization is the result of many months of hard work and close partnership between CrowdStrike and ITA. It demonstrates CrowdStrike’s unwavering commitment to protecting the public sector from today’s most sophisticated threats, and the ITA’s leadership and dedication to embracing innovation and streamlining its operations.We look forward to fulfilling our role in helping ITA and other agencies accomplish their complex global missions with trust and confidence. The path to FedRAMP authorization required CrowdStrike to deliver proof of compliance with more than 300 unique control objectives specified by the FedRAMP PMO. These requirements address every aspect of SaaS operation, including system access controls, security awareness and training for CrowdStrike staff, contingency planning, physical and environmental security and many more. Adhering to these control objectives ensures that a CSP operates to strict industry best practices. In addition, once a CSP has been authorized, regular monitoring and security assessments provide continuing assurance that CSPs are operating in compliance with FedRAMP standards.