CrowdStrike Falcon® Platform Positioned for CMMC

June 21, 2021

Public Sector

As the threat environment rapidly evolves with more targeted and sophisticated attacks on the supply chain and critical infrastructure, the U.S. Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) is even more critical for strengthening the security posture of contractors and federal agencies.

“CrowdStrike is well positioned to provide support for contractors looking to comply with the objectives and goals of the CMMC program,” according to Coalfire Federal, a leading CMMC-certified third-party assessment organization.

“Although a diverse spectrum of entities and various business models will require eventual CMMC assessment and compliance, Coalfire found that the CrowdStrike Falcon® platform supplies strong support for up to 118 of the 171 CMMC requirements,” according to Coalfire’s report, CrowdStrike Falcon® Platform for CMMC. That strong support was demonstrated in the following areas: common endpoint, line-of-business applications and cyber risk management assets.

CMMC arose out of a need to verify the cybersecurity practices of the companies serving the Defense Industrial Base (DIB) and DoD supply chain. The CMMC framework comprises maturity processes and cybersecurity best practices from multiple cybersecurity standards, such as the National Institute of Standards and Technology Special Publication 800-171 (NIST SP-171). NIST SP-171 recommends requirements for protecting the confidentiality of controlled unclassified information (CUI). However, CMMC puts more muscle in the framework, mandating that contractors strengthen their security posture and protocols, or risk losing DoD business.

CMMC compliance dictates five maturity processes and 171 cybersecurity practices organizationally evolving across five Maturity Levels. CMMC practices deliver a range of mitigation across the Maturity Levels, starting with basic safeguarding at Level 1, moving to the broad protection of CUI at Level 3, and culminating with reducing the risk from Advanced Persistent Threats (APTs) at Levels 4 and 5.

It seems evident from government publications that companies that handle Controlled Unclassified Information (CUI) must be certified at CMMC Level 3 at a minimum, and that this requirement is likely to be adopted by other agencies in the future.

CrowdStrike: Force Multiplier for Contractors

Defense contractors using the CrowdStrike Falcon® platform in their own infrastructure can ensure DoD and federal agencies that they have a CMMC-compliant platform that can protect endpoints and cloud workloads with a full suite of modules that offer in-depth protection.

Coalfire notes that for endpoint security, CrowdStrike has modules that cover next-generation antivirus (AV), endpoint detection and response (EDR), and device control. Moreover, the security and IT operations offering contains platforms that provide protection in threat hunting, IT hygiene, turnkey security, and vulnerability management (VM). CrowdStrike’s threat intelligence offering provides modules in threat intelligence, malware search and malware analysis. 

“Together, these ten modules offer a full array of options to assist customers in attaining CMMC Level 5 certification,” according to Coalfire. “CrowdStrike’s modular approach to implementing only the modules a customer requires creates an extensible solution that ensures new security countermeasures can be added to the platform without the need to re-architect or re-engineer their solution.”

Security Requires a Collaborative Approach

Yet, security requirements and controls are so vast, they span across many areas in the IT and cybersecurity world. Although CrowdStrike covers a diverse range of use cases, the Falcon platform alone cannot get an agency to CMMC Level 5. We don’t control it all. For example, there is no Falcon module specifically aimed at network security, though the platform performs periphery or complementary network security tasks since the lines between endpoint and network security are blurring.

CrowdStrike does not sell firewalls, web gateways, intrusion detection systems or networking gear, in the traditional sense. Instead, the Falcon platform makes those security tools more intelligent and definable. CMMC needs all of these technologies to coalesce and work together tightly.

CMMC Raises the Level of Cyber Resilience

The goal of CMMC is to raise the security profile and posture of companies working in concert with the U.S. DoD to help DoD fulfill its missions. Cybersecurity teams want to stop adversaries in their tracks before they wreak havoc, or the damage is done. That is a nearly impossible feat to accomplish perpetually or indefinitely. The adversaries are awfully skilled, highly determined, highly motivated and well resourced.

At a minimum, agencies and companies want to limit destruction and in an optimal sense stop an attack while it is happening. If you can see an attack before it happens or while it is ongoing – even if you can’t stop it – you can identify there is a breach activity ongoing. Then cyber teams can start the investigation rapidly and move to contain it.

Half of the battle is resiliency — how quickly can you mobilize your team to limit the damage, destruction and demise of your infrastructure. The Falcon platform equips cyber teams with a modern, innovative platform to help them in achieving CMMC certification and gives them greater visibility into attacks to disrupt the adversaries’ end game.

CMMC rules are still unfolding. The DoD released CMMC version 1.02 on March 18, 2020, confirming a phased rollout of cybersecurity requirements for companies that handle sensitive information. Interest in CMMC is growing outside the DoD as well. Victims of supply chain and ransomware attacks, state and local government agencies, and healthcare institutions are also interested in adopting the cybersecurity certification framework.

Join us for a CrowdStrike CrowdCast on CMMC readiness in partnership with Coalfire and Steel Root. Access it on demand here.

Additional Resources

Related Content