CrowdStrike Pursues Higher Standards in Cloud Compliance To Better Protect Our Federal Customers

October 22, 2020

| | Public Sector
At CrowdStrike, our cloud-native protection is utilized by businesses ranging from small and mid-sized to the largest enterprises, as well as non-profit organizations and government agencies. Today, we are proud to share that we are continuing to expand our ability to serve our government partners by working toward a variety of higher compliance standards and authorizations.

 

When we started on the journey toward federal cloud compliance in 2017, we took aim at the FedRAMP Moderate Impact Level, ultimately partnering with the U.S. Department of Commerce's Bureau of International Trade Administration as our first agency sponsor. It was the first step of many toward ensuring that CrowdStrike is well positioned to provide government departments and agencies with the level of protection we have always provided to our private sector customers. Now, just four years later, we are happy to report that we’re currently authorized at the FedRAMP Moderate Impact Level with 27 federal agencies benefiting from our capabilities and over 100 customers in our government cloud instance. By leveraging resources such as the FedRAMP marketplace — where you can learn which companies have authorizations — and the AWS marketplace for AWS GovCloud, public sector IT teams and procurement professionals can get more information on CrowdStrike solutions.

 

Targeting DoD Impact Level 5 Authorization

As our journey continues, the next phase is focused on raising the bar, with the end goal of ultimately reaching the highest level of cloud compliance in federal. To that end, CrowdStrike is heavily invested in, and making significant progress toward, achieving Department of Defense (DoD) Impact Level 5 authorization of the CrowdStrike Falcon® platform. In fact, we are targeting final authorization of DoD Impact Level 4 on or before the end of calendar year 2020. Meeting these requirements can be a complex process, so we are actively working with one of our DoD customers who, as our agency sponsor, is helping us navigate the pursuit of these higher levels of authorization. Looking beyond this year, we have already completed internal assessments against the required controls for implementation of FedRAMP High and DoD Impact Level 5.

Leveraging Resources to Verify Authorization

For many of our federal customers, working to modernize government IT is a strategic initiative that often involves moving various government services to the cloud. FedRAMP and other compliance programs were established as security frameworks for assessing the risk of cloud computing implementation for government organizations.

 

FedRAMP and other compliance programs ensure that when picking the digital tools to serve their constituents, agency staffers can trust that these products and services meet a minimum level of security and privacy protection.

Committed to Secure Work-From-Anywhere Environments

Government IT modernization efforts were underway well before the COVID-19 pandemic, but with shelter-in-place orders leading to government agencies working from home, the need for safe and reliable cloud-based cybersecurity solutions has become more acute than ever — especially considering that adversaries around the world are taking advantage of the pandemic to target the endpoints of at-home staffers, as we describe here.

 

CrowdStrike is committed to partnering with government agencies to protect them from cybersecurity threats, both domestic and international. As our customers know, the Falcon platform’s advanced prevention, detection and mitigation capabilities are ideal for organizations that need to protect endpoints and critical data from the latest threats.

 

And, with federal agencies facing greater cybersecurity challenges every day, we understand the vital importance of our partnerships. Our latest Falcon OverWatchTM threat hunting report demonstrates that attempted intrusions have increased during the past six months, and new threats like PIONEER KITTEN show that state-affiliated threats will only increase.

 

Compliance across federal standards is an essential requirement for our customers, which is why we’ve spent years working closely with our partners in government to ensure we continue to progress through these higher levels of security standards and authorizations in the cloud arena. Meeting these stringent requirements strengthens CrowdStrike’s commitment and ability to serve our customers.

 

Now, more than ever, government agencies need cloud-based cybersecurity solutions they can trust. And in pursuing these higher authorizations, CrowdStrike will be better able to serve the agencies that serve us all.

Additional Resources

Breaches Stop Here