CrowdStrike® is proud to announce that it is officially “In Process” for the Federal Risk and Authorization Management Program (FedRAMP) authorization. This important authorization supports the federal government’s efforts to solve its computing challenges and revolutionize its operations with cloud computing, by addressing the need for comprehensive endpoint protection delivered via the cloud. As government agencies look to develop modern, secure and resilient infrastructures, choosing the right security provider is critical. CrowdStrike seeks to make this process easy for federal entities by ensuring the CrowdStrike Falcon® platform is FedRAMP authorized.
Bringing Cloud-Delivered Security to Cloud Migration
The federal government remains a high-value target for sophisticated nation-state and organized crime threat actors. In the wake of recent events, federal entities have sought to reinforce their security controls, while simultaneously migrating to and assessing the risk of the cloud. New cloud-based security solutions must provide protection against all attack vectors and be easy to deploy, all while empowering security teams to work efficiently so they can maximize their resources. The CrowdStrike Falcon platform has long supported the mission of the public sector by delivering cloud-native endpoint security to leading research institutions, state and local governments, and educational institutions. As CrowdStrike customers, these organizations continue to benefit from the comprehensive endpoint protection, immediate time-to-value, and low endpoint impact that the Falcon platform provides. CrowdStrike protects customers against all cyberattack types, using sophisticated signatureless AI and Indicator-of-Attack (IOA) based threat prevention to stop known and unknown threats in real time. Powered by the CrowdStrike Threat Graph™, Falcon instantly correlates nearly 100 billion security events a day from across the globe to immediately prevent and detect threats. As a result, CrowdStrike is uniquely positioned to support the infrastructure and security needs of the federal government as it moves to the cloud.
FedRAMP Support from a CrowdStrike Federal Customer
One of the reasons FedRAMP authorization is so valuable is the rigor of the process. In fact, the process is so demanding, many Cloud Service Providers (CSPs) abandon their pursuit of the FedRAMP authorization well before reaching the first milestone. The path to the FedRAMP authorization that CrowdStrike has pursued involves gaining sponsorship from a government agency that has deployed the solution. In this case, the U. S. Department of Commerce’s International Trade Administration (ITA) chose the CrowdStrike Falcon platform and became a willing partner in assisting CrowdStrike during its pursuit of the FedRAMP authorization.
This partnership was mutually beneficial because of ITA’s complex global mission, which is entirely dependent on cloud-based infrastructure. “With ITA’s sponsorship, CrowdStrike is now officially at the ‘In process’ stage of our journey toward achieving the FedRAMP authorization,” according to CrowdStrike VP of Public Sector James Yeager. Details can be found and progress monitored via CrowdStrike’s page in the FedRAMP Marketplace. “Everything that CSPs do leading up to hitting that first critical milestone is foundational. However, it still involves a ton of internal work on the engineering and the compliance side to get your products ready and technically positioned to support the demands of federal customers, while also addressing the technical challenges and compliance nuances that lie within the federal standards,” Yeager said. “This process involves a lot of paperwork and administrative tasks. It also requires commitment from CrowdStrike, the sponsoring agency, and the FedRAMP Program Management Office. We are fortunate to have all of those elements aligned and working for us.”
Steadfast Commitment to Safeguarding Federal Agencies’ Missions
The CrowdStrike engineering team has been working diligently to bring Falcon’s unique architecture and endpoint protection platform into a secure environment that is validated through the FedRAMP process. This effort has resulted in the creation of an instance of the Falcon platform in GovCloud, the Amazon Web Services (AWS) government community cloud instance. This enables CrowdStrike to offer the key benefits of the Falcon platform to its federal customers via an environment that supports the unique security requirements of the federal government.
Yeager explained that reaching this key milestone is critical as CrowdStrike continues to protect public sector enterprises, regardless of their size, complexity or location. “As a company, we are committed to providing best-in-class cloud-delivered endpoint protection that stops all attacks and keeps our customers and nation safe. As agencies continue to move to the cloud, we are determined to be a strategic partner in this evolution by providing an endpoint protection platform that makes security easier, while not impacting the performance of their operators, their enterprise or their mission.”
The Importance of Third-Party Testing and Next Steps
CrowdStrike is committed to continuous industry collaboration, scrutiny and testing. Third-party testing is an integral part of ensuring a solution’s validity and limitations. In addition to pursuing the FedRAMP authorization process, CrowdStrike has achieved the following:
- CrowdStrike has been independently tested since 2016 and certified to replace legacy antivirus solutions.
- A recent independent test by MITRE, a federally funded research and development center, validates CrowdStrike’s efficacy in stopping today’s most determined adversaries.
- In the 2018 Gartner Magic Quadrant for Endpoint Protection Platforms, CrowdStrike is positioned highest among “Visionaries” for ability to execute and furthest in completeness of vision.
To learn more about CrowdStrike’s path to FedRAMP authorization, please see our FedRAMP frequently asked questions.
Contact the CrowdStrike Public Sector Team at 1.888.512.8906 or email: firstname.lastname@example.org.
Download a white paper and learn why Endpoint Security Must Move to the Cloud.