Our website uses cookies to enhance your browsing experience.


The Federal Risk and Authorization Management Program (FedRAMP) FAQ:

What is FedRAMP?

Public sector customers, like private enterprises, must perform due diligence on any cloud-based solution to ensure that sensitive data is properly protected, while it’s outside of their direct control and that all other relevant security policies are met. In order to make this simple for U.S. federal agencies, the U.S. Office of Management and Budget created the Federal Risk and Authorization Management Program (FedRAMP).

FedRAMP is an assessment and authorization process which U.S. federal agencies use to ensure proper security controls are in place when accessing cloud computing products and services. FedRAMP provides a single, consistent process for validating cloud services across all U.S. federal agencies, which streamlines the procurement process for many public sector customers and ensures that consistent baseline security policies are used across different agencies.

Why is FedRAMP authorization required?

Cloud computing continues to revolutionize the way businesses and the federal government operate and this includes the need to replace antiquated infrastructure and harness computing power in order to solve complex cybersecurity challenges. Inherently, there are risks with adopting cloud computing and FedRAMP has been established as a mandatory security compliance framework for assessing the risk of cloud computing implementation for federal agencies. FedRAMP applies to all cloud service providers (CSPs) that plan to do business with the federal government.

Is CrowdStrike Falcon FedRAMP authorized?

Yes. As of September 2018, CrowdStrike® Falcon® on GovCloud is recognized as “FedRAMP Authorized” on the FedRAMP Marketplace.

What level of FedRAMP authorization has CrowdStrike pursued?

Falcon on GovCloud is authorized to operate at the FedRAMP Moderate impact level. This level of authorization is sufficient to meet the requirements of the vast majority of the civilian government, and some segments of the Department of Defense as well.

Who performed the authorization for Falcon on GovCloud?

The assessments of the Falcon on GovCloud environment have been performed by a certified third-party assessor, Schellman and Company. The initial authorization to operate (ATO), under the FedRAMP umbrella, has been issued with sponsorship from the U.S. Department of Commerce, after careful review of the assessment results.

Who sponsored CrowdStrike’s FedRAMP authorization?
CrowdStrike’s FedRAMP authorization is sponsored by the Department of Commerce’s International Trade Administration (ITA).
What are the requirements for FedRAMP compliance?

Obtaining FedRAMP authorization is quite a long and arduous process. CrowdStrike’s journey began in earnest in early 2017, when the company submitted paperwork documenting its intent to become FedRAMP authorized. Over the next 16+ months, CrowdStrike implemented the Falcon platform within the strong confines of the AWS GovCloud, and worked directly with an approved 3rd party assessor to demonstrate how the Falcon platform satisfies more than 300 unique control objectives.

Is this a one-time validation, or a continuous process?

Security is always a continuous process. Maintaining FedRAMP authorization requires CrowdStrike to provide regular assessments of the Falcon environment to CrowdStrike sponsors, proving that continuous compliance is being maintained and all relevant requirements are met.

How does FedRAMP authorization benefit CrowdStrike customers?

For customers who are subject to FedRAMP requirements, it greatly simplifies procurement of Falcon solutions and helps agencies improve services by migrating to the cloud. The FedRAMP authorization that CrowdStrike is pursuing is in alignment with the protection of controlled unclassified data as laid out in NIST SP 800-171. Meeting these stringent requirements reinforces CrowdStrike’s commitment and ability to serve customers of all types by safeguarding their enterprises with the most effective endpoint protection platform and ultimately stopping breaches. Customers who are not subject to FedRAMP requirements gain assurance, knowing that the Falcon platform has been audited and validated against some of the strictest security requirements in the world — they can move their endpoint security to the cloud with complete confidence.

Where can I learn more about FedRAMP?

The FedRAMP program website provides up-to-date information about the FedRAMP authorization process as well as partners, marketplace, blogs and authorization resources. You can find more on the website here.