Helping you meet your regulatory needs
CrowdStrike recognizes that compliance and certification frameworks are critical to your organization. CrowdStrike can help you meet these requirements, providing you with confidence regarding the safe, smooth and compliant operation of your business. External validation and accreditation is critically important to organizations that rely on CrowdStrike’s capabilities and technology to secure their data and comply with regulatory requirements.
PCI DSS V3.2
This report was produced by Coalfire, a PCI Qualified Security Assessor (QSA) and outlines CrowdStrike Falcon's functionality with respect to PCI DSS v3.2, in summary:
CrowdStrike Falcon meets all elements of requirement No. 5: “Protect all systems against malware and regularly update antivirus software or programs.”
In addition, CrowdStrike Falcon provides assistance with meeting four additional PCI requirements.
This report, produced by leading HIPAA compliance assessor Coalfire, outlines how CrowdStrike Falcon can be used to address the requirements of the HIPAA security, including specific privacy rules for organizations implementing HIPAA (Health Insurance Portability and Accountability Act).
In summary, the report shows:
CrowdStrike Falcon has been independently validated to assist healthcare organizations achieve compliance with HIPAA
CrowdStrike Falcon was identified as addressing eight separate key HIPAA technical requirements
NIST SP 800-53 Rev. 4
This report, produced by leading compliance assessor Coalfire, outlines how CrowdStrike Falcon can assist organizations in their compliance efforts with respect to National Institute of Standards and Technology (NIST). NIST Special Publication 800-53 Revision 4 is a security control standard that provides guidelines for selecting technical, physical, and operational security controls for components of an information system that processes, stores, or transmits federal information. In summary, the report shows:
CrowdStrike Falcon is a suitable solution for addressing the system protection and monitoring controls identified in NIST SP 800-53 Rev. 4.
CrowdStrike Falcon helps implementing organizations with eight separate NIST control families, covering 23 separate controls.
This report, produced by leading compliance assessor Coalfire, outlines how CrowdStrike Falcon can assist organizations in their compliance efforts with respect to the Federal Financial Institutions Examination Council (FFIEC). This framework defines baseline technical, physical, and operational security controls necessary for protecting customer financial information. CrowdStrike’s Falcon platform was evaluated against the 2016 release of the FFIEC IT Examiner’s Handbook for Information Security, a document that provides guidance for examiners auditing financial institutions to determine the level of security risks to the institution’s information systems. In summary, the report shows:
CrowdStrike Falcon capabilities in detection and responding to threats, and associated collection of endpoint activities data, make it a suitable solution for addressing system protection and monitoring controls required for FFIEC compliance.
CrowdStrike’s Falcon provides support for achieving five FFIEC objectives, addressing 17 controls within those objectives.
PFI: PCI FORENSICS INVESTIGATOR
PCI Forensic Investigators are certified to help organizations determine when and how a cardholder data compromise may have occurred.
As a certified PCI Forensic Investigator, CrowdStrike’s Services team can provide a dedicated forensic investigation practice and perform investigations within the financial industry using proven forensic methodologies and tools.
CrowdStrike can also provide relationships with law enforcement to support stakeholders with any resulting criminal investigations.
CrowdStrike is one of 19 organizations worldwide that are PFI-certified by the PCI Security Standards Council.
An accreditation from the National Security Agency, it signifies that CrowdStrike has been evaluated and certified in critical focus areas derived from industry and government best practices for cybersecurity investigation.
CrowdStrike is one of only 12 organizations accredited by the National Security Agency for National Security Cyber Assistance Program (NSCAP) Cyber Incident Response Assistance (CIRA).
SERVICE ORGANIZATION CONTROL 2 (SOC 2®)
This attestation addresses a service organization’s controls relevant to security, availability, processing integrity, confidentiality or privacy.
CrowdStrike is compliant with Service Organization Control 2 standards and provides its CrowdStrike Falcon customers with a SOC 2® report.
The Type 2 report addresses the suitability of design and the operating effectiveness of the controls.
Cloud Security Alliance (CSA) Security, Trust, & Assurance Registry (STAR) Attestation
The CSA STAR Attestation is positioned as Level 2 of the Open Certification Framework and involves a third party assessing the security of a cloud service provider with a combination of the SOC2 framework and additional cloud provider-specific criteria.
CrowdStrike’s security controls have been verified by an independent 3rd party attestation for 47 STAR criterion, and is in the process pursuing the full STAR Attestation by February 2017.
Current CSA Star attestation is included as part of CrowdStrike’s SOC 2 report and addresses the suitability of design and operating effectiveness of CrowdStrike’s applicable security controls.
Anti-Malware Testing Standards Organization (AMTSO)
CrowdStrike is a registered Vendor Member of the Anti-Malware Testing Standards Organization. AMTSO's mission is to help improve business conditions related to the development, use, testing and rating of anti-malware products and solutions.
As a vendor member, CrowdStrike contributes to the development of standards for testing anti-malware products.
CrowdStrike participates in tests that adhere to the anti-malware testing standards created by AMTSO. For example, the CrowdStrike Machine Learning Engine was certified by AMTSO Testing Member SE Labs.
Adherence to AMTSO testing standards has allowed CrowdStrike to contribute its Machine Learning Engine to VirusTotal.
AV Comparatives Testing
AV-Comparatives, a leading vendor-independent organization offering systematic testing that checks whether security software live up to their promises and claims. AV Comparatives asked CrowdStrike to participate in their first-ever public comparative test report of next generation security products. In summary, the test report shows:
CrowdStrike Falcon received the first ever ‘Approved NextGen Security’ award.
CrowdStrike Falcon was the only tested endpoint solution to achieve 100% detection efficacy on all exploits used in the testing.
CrowdStrike Falcon scored a range of 98 to 99.2% detection efficacy with zero false positives on three separate malware tests performed by AV-Comparatives.