Rules of Behavior

You must conduct only authorized business on the system, applications, and networks owned or operated by CrowdStrike (the “System”).

Your level of access to the System is limited to ensure your access is no more than necessary to perform your legitimate tasks or assigned duties. If you believe you are being granted access that you should not have, you must immediately notify CrowdStrike Support at support@crowdstrike.com.

You must maintain the confidentiality of your authentication credentials related to the System such as your password. Do not reveal your authentication credentials to anyone; a CrowdStrike employee should never ask you to reveal them.

You must follow proper logon/logoff procedures related to the System. You must manually logon to your session; do not store your password locally on your system or utilize any automated logon capabilities. You must promptly logoff when session access is no longer needed. If a logoff function is unavailable, you must close your browser. Never leave your computer unattended while logged into the system.

You must report all security incidents or suspected incidents (e.g., lost passwords, improper or suspicious acts) related to the System to CrowdStrike Support at support@crowdstrike.com.

You must not establish any unauthorized interfaces between the System.

Your access to the System is governed by, and subject to, all federal laws, including, but not limited to, the Privacy Act, 5 U.S.C. 552a, if the applicable CrowdStrike system maintains individual Privacy Act information. Your access to the System constitutes your consent to the retrieval and disclosure of the information within the scope of your authorized access, subject to the Privacy Act, and applicable state and federal laws.

You must safeguard System resources against waste, loss, abuse, unauthorized use or disclosure, and misappropriation.

You must not process U.S. classified national security information on the System.

You must not browse, search or reveal information in the System except in accordance with that which is required to perform your legitimate tasks or assigned duties.

You must not retrieve information, or in any other way disclose information, in the System for someone who does not have authority to access that information.

You must ensure that Web browsers used to access the System use Secure Socket Layer (SSL) version 3.0 (or higher) and Transport Layer Security (TLS) 1.0 (or higher). SSL and TLS must use a minimum of 128-bit, encryption.

You must ensure that your web browser used to access the System is configured to warn about invalid site certificates.

You must ensure that your web browser used to access the System warns if the user is changing between secure and non-secure mode.

You must ensure that your web browser window used to access the System is closed before navigating to other sites/domains.

You must ensure that your web browser used to access the System checks for a publisher’s certificate revocation.

You must ensure that your web browser used to access the System checks for server certificate revocation.

You must ensure that your web browser used to access the System checks for signatures on downloaded files.

You must ensure that your web browser used to access the System empties/deletes temporary Internet files when the browser is closed.

By your signature or electronic acceptance (such as by clicking an acceptance button on the screen) you hereby agree to these rules.

You understand that any person who obtains information from a computer connected to the Internet in violation of their employer’s computer-use restrictions may be in violation of the Computer Fraud and Abuse Act.

You agree to contact the CrowdStrike Chief Information Security Officer or CrowdStrike Support at support@crowdstrike.com if you do not understand any of these rules.