Compliance and Certifications

Externally validated and accredited, the CrowdStrike Falcon® platform elevates your cybersecurity posture
and helps you meet regulatory mandates with confidence.

Products and services to build compliance

Gain peace of mind and unparalleled support with the power of the Falcon platform. Externally validated and accredited, our cybersecurity technology and solutions are trusted to safeguard thousands of organization’s data and help them adhere to the strictest, regulatory mandates.

Americas
UK & EMEA
Asia Pacific
Global

FedRAMP
The Falcon platform is authorized under the Federal Risk and Authorization Management Program (FedRAMP). CrowdStrike has an Authorization to Operate (ATO) at the Moderate Impact Level from the U. S. Department of Commerce’s International Trade Administration (ITA). In addition, CrowdStrike has achieved FedRAMP® High-Impact Level Ready status from the Joint Authorization Board (JAB).

CJIS
The Criminal Justice Information Services (CJIS) Security Policy describes controls to protect wireless networking, data encryption, remote access, personnel and more. CrowdStrike can support CJIS in states that have executed a CJIS Security Agreement with CrowdStrike in GovCloud.

DoD IL5
The Falcon platform has been granted Provisional Authorizations (PA) by the DISA, meeting compliance with DoD standards to operate at and up to Impact Level 5 (IL5). This authorization allows DoD agencies and supporting organizations to use CrowdStrike without having to go through additional time and effort to vet and approve necessary security controls. View requirements here.

CMMC
The Falcon platform provides significant support for the CMMC 2.0 program, its objectives, and requirements. The Falcon platform supplies strong support for up to 11 of the 17 CMMC 2.0 Level 1 requirements and 80 of the 110 CMMC 2.0 Level 2 requirements. Read this report to learn how.

FFIEC
This Coalfire report shows how the Falcon platform supports compliance with the Federal Financial Institutions Examination Council (FFIEC). The Falcon platform was evaluated as a suitable solution to address system protection and monitoring controls required for FFIEC compliance and provides support to achieve five FFIEC objectives, addressing 17 controls within those objectives.

HIPAA
In this Coalfire report, the Falcon platform was verified as addressing eight key Health Insurance Portability and Accountability Act (HIPAA) technical requirements and has been independently validated to assist healthcare organizations in achieving HIPAA compliance.

NSA-CIRA
An accreditation from the National Security Agency (NSA), it signifies that CrowdStrike has been certified in critical focus areas derived from industry and government best practices for cybersecurity investigation. CrowdStrike is one of only 12 organizations accredited by the NSA for National Security Cyber Assistance Program (NSCAP) Cyber Incident Response Assistance (CIRA).

NIST 800-53
This Coalfire report validates the Falcon platform as a suitable solution for addressing the system protection and monitoring controls identified in the National Institute of Standards and Technology (NIST) SP 800-53 Rev. 4 and shows that the platform helps customers implement eight separate NIST control families, covering 23 separate controls.

NIST 800-171
CrowdStrike supports customer compliance needs pertaining to CMMC (and NIST 800-171) through the features provided by the Falcon platform. Read our CMMC white paper for more details.

VPAT
CrowdStrike has created a Voluntary Product Accessibility Template (VPAT) in accordance with Section 508 of the Rehabilitation Act of 1973. The VPAT for the Falcon platform is available on request to customers and validates our relentless commitment to helping our customers meet and exceed compliance standards.

Spain ENS High (EDR)
EDR: The Falcon platform is certified in the Spanish National Cryptologic Center (CCN) STIC Products and Services Catalog (CPSTIC) at the ‘high’ level. CrowdStrike is the only modern endpoint security platform with the highest achievable level of accreditation possible. This new designation is for both the antivirus/endpoint protection platform (EPP) and EDR categories.

ISO/IEC 27001:2022
CrowdStrike has been independently assessed and certified to the new ISO/IEC 27001:2022 standard, which reflects our commitment to safeguarding information, managing risks effectively, and adhering to global security standards.

UK Cyber Essentials
CrowdStrike is fully compliant with the UK Cyber Essentials (CE) scheme, a testament to our commitment to our customers in the UK. Our Cyber Essentials certification demonstrates our dedication to implement fundamental security controls and measures, ensuring the protection of our systems and the sensitive data they hold.

TISAX
CrowdStrike has been independently assessed and is registered to the Trust Information Security Assessment Exchange (TISAX) — administered and governed by the ENX Association.
TISAX and TISAX results are not intended for the general public. For more information, refer to the ENX Portal:
- Scope ID: SY936H
- Assessment ID: AM1KZ4-1

UK NHS DSPT
CrowdStrike complies with the NHS Data Security and Protection Toolkit (DSPT), affirming our dedication to the highest standards of data security within the UK NHS sector. Designed with security and privacy in mind, our products and services offer reliable protection to our customers within the NHS.

Data Privacy Frameworks
CrowdStrike is certified under the EU-U.S. Data Privacy Framework, the UK Extension to it, and the Swiss-U.S. Data Privacy Framework. This certification means that CrowdStrike complies with the Frameworks’ Principles when processing personal information. Learn more and view our certification.

EU and UK General Data Protection Regulation (GDPR)
CrowdStrike adheres to the EU’s and UK’s General Data Protection Regulation (GDPR) requirements for the proper handling of personal information processed through its offerings and provides its customers with a Global Data Protection Agreement that meets GDPR requirements.

UK - NCSC Cyber Assessment Framework (CAF)
CrowdStrike is fully aligned with the UK NCSC Cyber Assessment Framework (CAF), demonstrating our comprehensive approach to cyber resilience and security for the UK public sector organizations. Our alignment with the NCSC CAF signifies how CrowdStrike products and services can be leveraged to support UK organizations to systematically assess and manage cyber risks.

UK - NCSC 14 Cloud Principles
CrowdStrike’s alignment with the NCSC 14 cloud principles ensures a comprehensive security foundation and measures are embedded throughout the CrowdStrike Falcon® Cloud Security solution. Our rigorous adherence to strict security controls enables a cybersecurity platform that’s unparalleled across industry.

UK G-Cloud
CrowdStrike is included in the UK Government’s G-Cloud framework, enhancing the digital security landscape for UK public sector organizations. Our inclusion reflects our compliance with rigorous government standards and ability to offer cutting edge solutions to our UK customers.

IRAP
CrowdStrike was successfully assessed under the Information Security Registered Assessors Program (IRAP), demonstrating and reinforcing our commitment to safeguarding data and networks governed by the Australian government. Our IRAP compliance signifies that CrowdStrike has been rigorously tested against the Australian Government Information Security Manual (ISM) standards.

Asia-Pacific Economic Cooperation (APEC) Privacy Recognition for Processor (PRP)
CrowdStrike participates in the APEC PRP system which provides a framework that helps CrowdStrike assist its customers in meeting relevant privacy compliance obligations, and to ensure protection of personal information transferred among participating APEC economies. To check the status of CrowdStrike’s PRP certification, click here.

PCI DSS v4
This Coalfire report, a PCI Qualified Security Assessor (QSA), outlines the Falcon platform’s functionality with respect to PCI DSS v4, which meets all elements of requirement No. 5: "Protect all systems against malware and regularly update antivirus software or programs." In addition, the Falcon platform provides assistance with meeting four additional PCI requirements.

SOC 2
CrowdStrike is compliant with Service Organization Control 2 standards and provides Falcon platform customers with a SOC 2® report. The Type 2 report addresses the suitability of design and the operating effectiveness of the controls. This attestation addresses service organization’s controls relevant to security, availability, processing integrity, confidentiality, or privacy.

CSA STAR
The Falcon platform attains both Security, Trust, Assurance, and Risk (STAR) Level 1 and STAR Level 2 within CSA STAR's public registry. CSA STAR Level 2 requires a third-party independent audit of CrowdStrike's implementation of CSA Cloud Controls Matrix (CCM) version 4.0.

AMTSO
CrowdStrike is a registered Vendor Member of the Anti-Malware Testing Standards Organization (AMTSO), whose mission is to help improve business conditions related to the development, use, testing and rating of anti-malware products and solutions. As a vendor member, CrowdStrike contributes to the development of standards for testing anti-malware products.

ISO/IEC 27001:2022
CrowdStrike has been independently assessed and certified to the new ISO/IEC 27001:2022 standard, which reflects our commitment to safeguarding information, managing risks effectively, and adhering to global security standards.