CrowdStrike Falcon

NIST SP 800-83 §3.4.1: "Antivirus software should be configured to perform real-time scans of each file as it is downloaded, opened, or executed, which is known as on-access scanning." §3.4.1: "Antivirus software should be configured to attempt to disinfect infected files and to either quarantine or delete files that cannot be disinfected." §3.4.2: "Organizations should use centrally managed antivirus software that is controlled and monitored regularly by antivirus administrators. Centrally managed antivirus software makes it possible for administrators to push antivirus configuration and signature updates to hosts throughout the enterprise." CrowdStrike implements these requirements through cloud-native, behavior-based detection with centralized policy management.

Control 10.1: "Deploy and maintain anti-malware software." Control 10.2: "Configure automatic anti-malware signature updates." Control 10.7: "Use behavior-based anti-malware software." NIST SP 800-83 §3.4.1: "Organizations should use centrally managed antivirus software that is controlled and monitored regularly by antivirus administrators."

Covers sensor deployment, prevention policies, detection tuning, and threat hunting capabilities.

NIST SP 800-61r2 Executive Summary: "Incident response capability is necessary for rapidly detecting incidents, minimizing loss and destruction, mitigating the weaknesses that were exploited, and restoring IT services." §2.3: "The incident response team should work quickly to analyze and validate each incident, following a pre-defined process and documenting each step taken." §3.2.4: "Organizations should profile networks and systems to measure the characteristics of expected activity so that changes to it can be more easily identified."

NIST SP 800-86 §3.1: "Collection involves identifying, labeling, recording, and acquiring data from the possible sources of relevant data, while following procedures that preserve the integrity of the data." §5.1.2: "Volatile data is data that would be lost if the computer were powered down...includes information on running processes, open network connections, and contents of memory." CrowdStrike Falcon provides real-time endpoint telemetry and forensic data collection aligned with NIST forensic processes.

SOC 2 CC6.8: "The entity implements controls to prevent or detect and act upon the introduction of unauthorized or malicious software to meet the entity objectives." CC7.2: "The entity monitors system components and the operation of those components for anomalies that are indicative of malicious acts." CrowdStrike Falcon provides EDR capabilities aligned with SOC 2 malware protection and monitoring requirements. Source: AICPA Trust Services Criteria.

ISO 27001:2022 A.8.7: "Protection against malware shall be implemented and supported by appropriate user awareness." This includes detection, prevention, and recovery controls. Organizations should use a combination of technology-based controls (antivirus, behavior monitoring) and operational procedures. CrowdStrike provides next-generation malware protection supporting ISO 27001 requirements. Source: ISO/IEC 27001:2022 Annex A.

CCM TVM-01: "Policies and procedures shall be established for timely detection, reporting, and handling of malicious software or other potentially hostile code." CCM TVM-04: "The entity shall verify that protection mechanisms are deployed for endpoints." CCM SEF-02: "Establish policies and procedures for security incident management." CrowdStrike Falcon provides EDR, threat intelligence, and incident response capabilities directly implementing CCM TVM and SEF domain controls. Source: CSA Cloud Controls Matrix v4.0.