Interconnection Security Agreement ("ISA")
The interconnection between Customer Endpoints and those CrowdStrike Products hosted within the boundary of the applicable FedRAMP or DISA baseline accreditation and authority to operate by the US Federal Government is not a typical network connection. The purpose of the interconnection is to (i) transfer Customer Data collected from Customer Endpoints by the Software Component to CrowdStrike’s Falcon Platform where it is analyzed for suspicious behavior and (ii) allow Customer to leverage the Falcon Platform tooling to affect Customer’s Endpoints through the Software Component.
The Internet connection at CrowdStrike is located within controlled access facilities, with security provided by third party infrastructure provider Amazon Web Services. Amazon Web Services is also FedRAMP and DISA accredited. All access is controlled by authentication methods to validate approved users. Customer uses its web browser or software to leverage application programming interfaces (APIs) to access the CrowdStrike URL and API and exchanges data to CrowdStrike on TCP port 443 using the TLS v1.2 protocol. Customer must ensure that it is using FIPS 140-2 validated cryptographic services for its operating systems. Customer may use TCP port 80, though CrowdStrike’s system re-directs to TCP port 443 as above. CrowdStrike’s servers receive data using FIPS 140-2 validated cryptography.
CrowdStrike shall maintain appropriate technical and organizational safeguards as defined by CrowdStrike’s FedRAMP or DISA accreditation, which are designed to protect the confidentiality, integrity, and availability of such Customer Data and protect such Customer Data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, including the safeguards set forth in CrowdStrike’s System Security Plans. Securing a CrowdStrike instance and the Customer Data it contains is a joint responsibility between Customer and CrowdStrike. Each party certifies that its respective system is designed, managed, and operated in compliance with all federal laws, regulations, and policies directly applicable to such party. While CrowdStrike has its own obligations for securing the Falcon Platform and its associated infrastructure, the FedRAMP Customer Responsibility Matrix outlines the actions Customer must to take to operate its instances securely and in accordance with the authorization level of the instance.
Nature of the Information Communicated
CrowdStrike’s Products are designed to detect, prevent, respond to, and identify intrusions by collecting and analyzing data, including machine event data, executed scripts, code, system files, log files, DLL files, login data, binary files, tasks, resource information, commands, protocol identifiers, URLs, network data, and/or other executable code and metadata. The processing of machine events necessary to protect data inevitably requires the processing of certain data elements that may include personal data. Customer, rather than CrowdStrike, determines which types of data, whether personal data or not, exist on its systems. Accordingly, Customer’s endpoint environment is unique in configurations and naming conventions and certain machine event elements could potentially include personal data. In addition, while using certain CrowdStrike Products Customer may have the option to upload (by submission, configuration, and/or, in the case of Services, by CrowdStrike personnel retrieval) files and other information related to the files for security analysis and response or, when submitting crash reports, to make the product more reliable and/or improve CrowdStrike’s products and services or enhance cyber-security. These potentially suspicious or unknown files may be transmitted and analyzed to determine functionality and their potential to cause instability or damage to Customer’s endpoints and systems. In some instances, these files could contain customer’s personal data.
“CrowdStrike” means CrowdStrike, Inc.
“Customer” means the company or other legal entity accepting these terms.
“Customer Data” means the data generated by the Customer’s Endpoints, collected by the Products and sent to the Falcon Platform.
“Endpoint” means any physical or virtual device, such as, a computer, server, laptop, desktop computer, mobile, cellular, container or virtual machine image.
“Falcon Platform” means those computer systems hosting the ‘Falcon EPP Platform’.
“Product” means any of CrowdStrike’s cloud-based software or other products ordered by Customer as set forth in the relevant order.
“Software Component” means the CrowdStrike sensor agent installed on Customer Endpoints.