PCI DSS v4
This Coalfire report, a PCI Qualified Security Assessor (QSA), demonstrates the functionality of the Falcon platform in relation to PCI DSS v4, which meets all elements of Requirement 5: “Protect all systems against malware and regularly update antivirus software or programs.” In addition, the Falcon platform provides assistance in meeting four additional PCI requirements. CrowdStrike provides PCI DSS AOC to its customers.
South Oil Company 2
CrowdStrike complies with Service Organization Control 2 standards and provides Falcon platform customers with a SOC 2® report. The second type report addresses the suitability of the design and effectiveness of operation of the controls. This certification addresses a service organization's controls related to security, availability, processing integrity, confidentiality, or privacy.
CSA star
The Falcon platform reaches Security, Trust, Assurance and Risk (STAR) Level 1 and CSA STAR Public Registry Level 2. CSA STAR Level 2 requires an independent, third-party audit of CrowdStrike for CSA Cloud Controls Matrix (CCM) version 4.0.
Mod IL5
The Falcon platform has been granted Provisional Authorizations (PA) by DISA, meeting compliance with Department of Defense standards for operation at Impact Level 5 (IL5) and up. This authorization allows DoD agencies and supporting organizations to use CrowdStrike without having to expend additional time and effort to vet and approve the necessary security controls. View requirements here.
VPAT
CrowdStrike has established a Voluntary Product Accessibility Form (VPAT) pursuant to Section 508 of the Rehabilitation Act of 1973. The VPAT form for the Falcon platform is available upon request to customers and underscores our ongoing commitment to helping our customers meet and exceed compliance standards.
See also:
Identity protection
Log scale
Spain ENS High (EDR)
EDR: The Falcon platform has been certified in the STIC product and service catalog of the Spanish National Cryptographic Center (CCN) (CPSTIC) at the “High” level. CrowdStrike is the only modern endpoint security platform with the highest possible level of certification. This new classification is for both EPP/Endpoint Protection (EPP) and EDR categories.
Internet basics uk
CrowdStrike is fully compliant with the UK Cyber Essentials (CE) scheme, which is evidence of our commitment to our UK customers. Our Cyber Essentials certification demonstrates our commitment to implementing essential security controls and measures, ensuring that our systems and the sensitive data they hold are protected.
tisaks
CrowdStrike has been independently evaluated and registered on the Trust Information Security Assessment Exchange (TISAX) – which is managed and managed by the ENX Association.
TISAX and TISAX results are not intended for the general public. For more information, see the ENX portal:
– Band ID: SY936H
– Evaluation ID: AM1KZ4-1
Catalog of Compliance Controls for Cloud Computing in Germany (C5)
CrowdStrike's Falcon platform adheres to stringent requirements set by the German Federal Office for Information Security (BSI), providing data encryption, access controls, and comprehensive incident response capabilities. Our C5 compliance ensures German organizations can rely on CrowdStrike to meet stringent security standards, strengthen their cybersecurity posture and protect sensitive information.
IRAP
CrowdStrike has been successfully assessed under the Information Security Registered Assessors Program (IRAP), demonstrating and strengthening our commitment to protecting data and networks operated by the Australian Government. Our IRAP compliance indicates that CrowdStrike has been rigorously tested to the Australian Government's Information Security Manual (ISM) standards.
ISO/IEC 27001:2022
CrowdStrike has been independently evaluated and certified to the new ISO/IEC 27001:2022 standard, which reflects our commitment to protecting information, effectively managing risks and adhering to global security standards.
