The Federal Risk and Authorization Management Program (FedRAMP) FAQ

Public sector customers, like private enterprises, must perform due diligence on any cloud-based solution to ensure that sensitive data is properly protected, while it’s outside of their direct control and that all other relevant security policies are met. In order to make this simple for U.S. federal agencies, the U.S. Office of Management and Budget created the Federal Risk and Authorization Management Program (FedRAMP).

FedRAMP is an assessment and authorization process which U.S. federal agencies use to ensure proper security controls are in place when accessing cloud computing products and services. FedRAMP provides a single, consistent process for validating cloud services across all U.S. federal agencies, which streamlines the procurement process for many public sector customers and ensures that consistent baseline security policies are used across different agencies.
Cloud computing continues to revolutionize the way businesses and the federal government operate and this includes the need to replace antiquated infrastructure and harness computing power in order to solve complex cybersecurity challenges. Inherently, there are risks with adopting cloud computing and FedRAMP has been established as a mandatory security compliance framework for assessing the risk of cloud computing implementation for federal agencies. FedRAMP applies to all cloud service providers (CSPs) that plan to do business with the federal government.
Yes and yes. CrowdStrike has two GovCloud environments: one for Federal Agencies and one for the Department of Defense. Since September 2018, CrowdStrike Falcon Platform for Government on Gov-1 has been recognized as “FedRAMP Authorized” on the FedRAMP Marketplace. As of March 2025, CrowdStrike's Gov-1 environment is listed on the FedRAMP Marketplace as authorized at the FedRAMP High baseline. In May 2023 CrowdStrike's Gov-2 environment was granted a Provisional Authorization (PA) at Impact Level 5 (IL-5) from the United States Department of Defense (DoD).
CrowdStrike Falcon Platform for Government , also referred to as GOV-1, is authorized to operate at the FedRAMP High baseline. This level of authorization meets the highest federal security requirements. This federal government certification enables CrowdStrike Falcon Platform for Government to meet civilian agencies’ high security requirements, as well as those of the Department of Defense (DoD) and other intelligence organizations.

Falcon on GovCloud-1, also referred to as GOV-1, is authorized to operate at Impact Level 4 (IL-4). This level of authorization is sufficient for a broad range of Department of Defense (DoD) and Defense Industrial Base (DIB) customers.

With the launch of GovCloud-2, CrowdStrike is proud to share that it has been granted DoD Impact Level 5 (IL-5) P-ATO and is committed to helping secure National Security Systems (NSS) and agencies and supporting organizations with controlled unclassified information (CUI) that requires this higher level of protection.
CrowdStrike’s FedRAMP High authorization is sponsored by the Department of Justice.
For customers who are subject to FedRAMP or DoD Cloud SRG requirements, it greatly simplifies procurement of Falcon solutions and helps agencies improve services by migrating to the cloud. The FedRAMP and DoD cloud authorizations that CrowdStrike maintains and is pursuing are in alignment with the protection of controlled unclassified data as laid out in a variety of compliance programs including FedRAMP, DoD Cloud SRG, and NIST SP 800-171. Meeting these stringent requirements reinforces CrowdStrike’s commitment and ability to serve customers of all types by safeguarding their enterprises with the most effective endpoint protection platform and ultimately stopping breaches. Customers who are not subject to these requirements gain assurance, knowing that the Falcon platform has been audited and validated against some of the strictest security requirements in the world — they can move their endpoint security to the cloud with complete confidence.
CrowdStrike has now been granted authorization to help the Department of Defense and Intelligence Community in protecting National Security Systems (NSS) through our Impact Level 5 P-ATO. CrowdStrike is proud to bring its best-of-breed cybersecurity products and services to these critical customers. For more information on future enhancements, product availability and timelines, please reach out to your local sales representative.

For more information:

Read the FedRAMP blog

Contact the CrowdStrike Public Sector Team at 1.888.512.8906 or email publicsector@crowdstrike.com

Download a white paper and learn why Endpoint Security Must Move to the Cloud