regscale-cli 6.16.0.0__py3-none-any.whl

regscale/integrations/commercial/mappings/csf_controls.json

@@ -0,0 +1,713 @@
+{
+    "ID.AM-1": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nThe CrowdStrike Falcon console can help generate an inventory of any active systems if the Falcon sensor has been configured on all systems. However, this is primarily the responsibility of the implementing organization. If the implementing organization implements the Falcon Discover module, a rich set of hardware, software, and configuration information is available on any active system.",
+            "Partially Supported Capability:\nThe CrowdStrike Falcon console can help generate an inventory of all active systems if the Falcon sensor has been configured on all systems. The Falcon Discover module offers contextual information for systems, utilizing dashboards, graphs, charts, and search functionality to drill down into supporting data such as account usage, installed software packages, and insights into potentially unmanaged devices on an organization\u2019s network.\nInstallation of the Falcon sensor is the responsibility of the implementing organization."
+        ],
+        "support": "Partial"
+    },
+    "ID.AM-2": {
+        "support_status": false,
+        "notes": [],
+        "support": "N/A"
+    },
+    "ID.AM-4": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nThe CrowdStrike Falcon console can help generate an inventory of all active systems if the Falcon sensor has been configured on all systems. The Falcon Discover module offers contextual information for systems, utilizing dashboards, graphs, charts, and search functionality to drill down into supporting data such as account usage, installed software packages, and insights into potentially unmanaged devices on an organization\u2019s network.\nInstallation of the Falcon sensor is the responsibility of the implementing organization."
+        ],
+        "support": "Partial"
+    },
+    "ID.AM-5": {
+        "support_status": false,
+        "notes": [],
+        "support": "N/A"
+    },
+    "ID.AM-6": {
+        "support_status": false,
+        "notes": [],
+        "support": "N/A"
+    },
+    "ID.BE-1": {
+        "support_status": false,
+        "notes": [],
+        "support": "N/A"
+    },
+    "ID.BE-2": {
+        "support_status": false,
+        "notes": [],
+        "support": "N/A"
+    },
+    "ID.BE-3": {
+        "support_status": false,
+        "notes": [],
+        "support": "N/A"
+    },
+    "ID.BE-4": {
+        "support_status": false,
+        "notes": [],
+        "support": "N/A"
+    },
+    "ID.BE-5": {
+        "support_status": false,
+        "notes": [],
+        "support": "N/A"
+    },
+    "ID.GV-1": {
+        "support_status": false,
+        "notes": [],
+        "support": "N/A"
+    },
+    "ID.GV-2": {
+        "support_status": false,
+        "notes": [],
+        "support": "N/A"
+    },
+    "ID.GV-3": {
+        "support_status": false,
+        "notes": [],
+        "support": "N/A"
+    },
+    "ID.GV-4": {
+        "support_status": false,
+        "notes": [],
+        "support": "N/A"
+    },
+    "ID.RA-1": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nThe CrowdStrike Security Cloud infrastructure is in constant contact with the Falcon sensors that have been implemented by organizations. Data is continuously sent to the CrowdStrike Security Cloud and analyzed for malicious behavior. This data is made available to customers via the Falcon UI.\nEstablishment of organization-defined metrics, monitoring frequency, security assessments and status monitoring, and any resulting analysis of the aforementioned strategies is the responsibility of the organization that implements the Falcon sensor.",
+            "Partially Supported Capability:\nThe CrowdStrike Falcon Intelligence product provides implementing organizations with detailed analysis and reports on the latest threats and actors. Additionally, CrowdStrike\u2019s detailed threat actor profiles provide a summary of the adversaries, as well as intelligence including last known activity, community identifiers, target industries and countries, motivations, tactics, techniques, and procedures."
+        ],
+        "support": "Partial"
+    },
+    "ID.RA-2": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nThe CrowdStrike Falcon Intelligence product provides implementing organizations with detailed analysis and reports on the latest threats and actors. Additionally, CrowdStrike\u2019s detailed threat actor profiles provide a summary of the adversaries, as well as intelligence including last known activity, community identifiers, target industries and countries, motivations, tactics, techniques, and procedures."
+        ],
+        "support": "Partial"
+    },
+    "ID.RA-3": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nThe CrowdStrike Falcon Intelligence product provides implementing organizations with detailed analysis and reports on the latest threats and actors. Additionally, CrowdStrike\u2019s detailed threat actor profiles provide a summary of the adversaries, as well as intelligence including last known activity, community identifiers, target industries and countries, motivations, tactics, techniques, and procedures."
+        ],
+        "support": "Partial"
+    },
+    "ID.RA-4": {
+        "support_status": false,
+        "notes": [],
+        "support": "N/A"
+    },
+    "ID.RA-5": {
+        "support_status": false,
+        "notes": [],
+        "support": "N/A"
+    },
+    "ID.RA-6": {
+        "support_status": false,
+        "notes": [],
+        "support": "N/A"
+    },
+    "ID.RM-1": {
+        "support_status": false,
+        "notes": [],
+        "support": "N/A"
+    },
+    "ID.RM-2": {
+        "support_status": false,
+        "notes": [],
+        "support": "N/A"
+    },
+    "ID.RM-3": {
+        "support_status": false,
+        "notes": [],
+        "support": "N/A"
+    },
+    "ID.SC-1": {
+        "support_status": false,
+        "notes": [],
+        "support": "N/A"
+    },
+    "ID.SC-2": {
+        "support_status": false,
+        "notes": [],
+        "support": "N/A"
+    },
+    "ID.SC-3": {
+        "support_status": false,
+        "notes": [],
+        "support": "N/A"
+    },
+    "ID.SC-4": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nThe CrowdStrike Security Cloud infrastructure is in constant contact with the Falcon sensors that have been implemented by organizations. Data is continuously sent to the CrowdStrike Security Cloud and analyzed for malicious behavior. This data is made available to customers via the Falcon UI.\nEstablishment of organization-defined metrics, monitoring frequency, security assessments and status monitoring, and any resulting analysis of the aforementioned strategies is the responsibility of the organization that implements the Falcon sensor."
+        ],
+        "support": "Partial"
+    },
+    "ID.SC-5": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nThe Falcon sensor can isolate and eradicate negatively affected system components, acquire artifacts, and remotely remove affected data.\nCrowdStrike provides services to assist customers in monitoring for data spills through its Falcon Intelligence Recon functionality. Falcon Intelligence Recon provides a combination of advanced dark web monitoring and situational awareness concerning potential leaks of organizational data and assets."
+        ],
+        "support": "Partial"
+    },
+    "PR.AC-1": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nThe CrowdStrike Falcon agent gathers telemetry from organizational devices, including the locally active users. This telemetry can support the generation of records regarding unique user activity. Falcon Identity Threat Protection gives deep insight into user account actions, including robust monitoring of authentication and change events."
+        ],
+        "support": "Partial"
+    },
+    "PR.AC-2": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nFalcon Identity Threat Protection gives deep insight into user account actions, including robust monitoring of authentication and change events. It can also surface group and role membership data, allowing organizations to identify accounts of interest, such as administrative accounts or overprivileged accounts. Organizations may also use the reporting features of the Falcon Identity Threat Protection to support their identity and account review processes.\nFalcon Insight XDR allows organizations to gather telemetry on the use of accounts across their deployed endpoints."
+        ],
+        "support": "Partial"
+    },
+    "PR.AC-3": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nCrowdStrike Falcon Device Control allows customers to restrict and monitor the use of USB devices, monitor data written to the devices, and restrict certain kinds of devices from being used."
+        ],
+        "support": "Full"
+    },
+    "PR.AC-4": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nFalcon Identity Threat Protection gives deep insight into user account actions, including robust monitoring of authentication and change events. It can also surface group and role membership data, allowing organizations to identify accounts of interest, such as administrative accounts or overprivileged accounts. Organizations may also use the reporting features of the Falcon Identity Threat Protection to support their identity and account review processes.\nFalcon Insight XDR allows organizations to gather telemetry on the use of accounts across their deployed endpoints.",
+            "Partially Supported Capability:\nFalcon Identity Threat Protection gives deep insight into user account actions, including robust monitoring of authentication and change events. It can also surface group and role membership data, allowing organizations to identify accounts of interest, such as administrative accounts or overprivileged accounts."
+        ],
+        "support": "Partial"
+    },
+    "PR.AC-5": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nThe CrowdStrike Falcon agent records a rich set of telemetry, allowing organizations to monitor and control key infrastructure elements. The agent and corresponding telemetry can be used to reinforce an organization\u2019s security architecture.\nIt Is the responsibility of the organization"
+        ],
+        "support": "Partial"
+    },
+    "PR.AC-6": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nThe CrowdStrike Falcon agent gathers telemetry from organizational devices, including the locally active users. This telemetry can support the generation of records regarding unique user activity. Falcon Identity Threat Protection gives deep insight into user account actions, including robust monitoring of authentication and change events."
+        ],
+        "support": "Partial"
+    },
+    "PR.AC-7": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nThe CrowdStrike Falcon agent gathers telemetry from organizational devices, including the locally active users. This telemetry can support the generation of records regarding unique user activity. Falcon Identity Threat Protection gives deep insight into user account actions, including robust monitoring of authentication and change events.",
+            "Partially Supported Capability:\nCrowdStrike Falcon Insight XDR captures telemetry from devices, generating a risk score that can be used contextually grant or deny access to organizational resources.",
+            "Partially Supported Capability:\nOrganizations may also implement their own single sign-on to further customize the authentication and authorization experience. The Falcon console will terminate inactive sessions."
+        ],
+        "support": "Partial"
+    },
+    "PR.AT-1": {
+        "support_status": false,
+        "notes": [],
+        "support": "N/A"
+    },
+    "PR.AT-2": {
+        "support_status": false,
+        "notes": [],
+        "support": "N/A"
+    },
+    "PR.AT-3": {
+        "support_status": false,
+        "notes": [],
+        "support": "N/A"
+    },
+    "PR.AT-4": {
+        "support_status": false,
+        "notes": [],
+        "support": "N/A"
+    },
+    "PR.AT-5": {
+        "support_status": false,
+        "notes": [],
+        "support": "N/A"
+    },
+    "PR.DS-1": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nCrowdStrike Falcon Device Control allows customers to restrict and monitor the use of USB devices, monitor data written to the devices, and restrict certain kinds of devices from being used.",
+            "Partially Supported Capability: CrowdStrike Falcon Device Control allows customers to restrict and monitor the use of USB devices, monitor data written to the devices, and restrict certain kinds of devices from being used.",
+            "Partially Supported Capability:\nThe CrowdStrike Falcon platform encrypts all gathered telemetry at rest using AES-256."
+        ],
+        "support": "Partial"
+    },
+    "PR.DS-2": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nThe CrowdStrike Falcon platform implements critical security practices to support this control, including:\n\u2022 The CrowdStrike Falcon agent encrypts the communication channel between agent and cloud end-to-end via TLS, using a trusted CrowdStrike certificate and certificate pinning. The CrowdStrike Falcon platform encrypts all gathered telemetry at rest using AES-256.\n\u2022 CrowdStrike\u2019s GovCloud environment implements the required FIPS-validated encryption protocols."
+        ],
+        "support": "Partial"
+    },
+    "PR.DS-3": {
+        "support_status": false,
+        "notes": [],
+        "support": "N/A"
+    },
+    "PR.DS-4": {
+        "support_status": true,
+        "notes": [
+            "Supported Capability:\nAll activity recorded by the Falcon sensor is sent to the CrowdStrike Security Cloud. This rich telemetry can support organizational requirements to store audit records about events on devices in their environments. Organizations may purchase varying retention periods to support their requirements or stream Falcon platform logs using a variety of methods to other systems of their choice. Falcon LogScale permits organizations to store arbitrary data for customized retention periods, allowing effective search and categorization of these records."
+        ],
+        "support": "Full"
+    },
+    "PR.DS-5": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nFalcon Identity Threat Protection gives deep insight into user account actions, including robust monitoring of authentication and change events. It can also surface group and role membership data, allowing organizations to identify accounts of interest, such as administrative accounts or overprivileged accounts."
+        ],
+        "support": "Partial"
+    },
+    "PR.DS-6": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nThe CrowdStrike Falcon Discover module allows customers to check and validate common UEFI and BIOS hashes, supporting integrity reportability."
+        ],
+        "support": "Partial"
+    },
+    "PR.DS-7": {
+        "support_status": false,
+        "notes": [],
+        "support": "N/A"
+    },
+    "PR.DS-8": {
+        "support_status": false,
+        "notes": [],
+        "support": "N/A"
+    },
+    "PR.IP-1": {
+        "support_status": false,
+        "notes": [],
+        "support": "N/A"
+    },
+    "PR.IP-2": {
+        "support_status": false,
+        "notes": [],
+        "support": "N/A"
+    },
+    "PR.IP-3": {
+        "support_status": false,
+        "notes": [],
+        "support": "N/A"
+    },
+    "PR.IP-4": {
+        "support_status": false,
+        "notes": [],
+        "support": "N/A"
+    },
+    "PR.IP-5": {
+        "support_status": false,
+        "notes": [],
+        "support": "N/A"
+    },
+    "PR.IP-6": {
+        "support_status": false,
+        "notes": [],
+        "support": "N/A"
+    },
+    "PR.IP-7": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nThe CrowdStrike Security Cloud infrastructure is in constant contact with the Falcon sensors that have been implemented by organizations. Data is continuously sent to the CrowdStrike Security Cloud and analyzed for malicious behavior. This data is made available to customers via the Falcon UI.\nEstablishment of organization-defined metrics, monitoring frequency, security assessments and status monitoring, and any resulting analysis of the aforementioned strategies is the responsibility of the organization that implements the Falcon sensor.",
+            "Partially Supported Capability:\nThe CrowdStrike Falcon platform includes a tool that can be used to assess the effectiveness of any IR process that would be an important element of any response."
+        ],
+        "support": "Partial"
+    },
+    "PR.IP-8": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nThe CrowdStrike Security Cloud infrastructure is in constant contact with the Falcon sensors that have been implemented by organizations. Data is continuously sent to the CrowdStrike Security Cloud and analyzed for malicious behavior. This data is made available to customers via the Falcon UI.\nEstablishment of organization-defined metrics, monitoring frequency, security assessments and status monitoring, and any resulting analysis of the aforementioned strategies is the responsibility of the organization that implements the Falcon sensor."
+        ],
+        "support": "Partial"
+    },
+    "PR.IP-9": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nCrowdStrike operates an Intelligence team. This team is constantly acquiring, implementing, and publishing intelligence information about adversaries and implementing protective measures in the Falcon sensor. This service is transparent to customers and included with the CrowdStrike Falcon platform. CrowdStrike also offers Falcon Intelligence, an enhanced product offering that permits customers to access specific indicators of compromise (IOCs) and make automated queries against intelligence data.",
+            "Partially Supported Capability:\nThe Falcon sensor can isolate and eradicate negatively affected system components, acquire artifacts, and remotely remove affected data.\nCrowdStrike provides services to assist customers in monitoring for data spills through its Falcon Intelligence Recon functionality. Falcon Intelligence Recon provides a combination of advanced dark web monitoring and situational awareness concerning potential leaks of organizational data and assets."
+        ],
+        "support": "Partial"
+    },
+    "PR.IP-10": {
+        "support_status": false,
+        "notes": [],
+        "support": "N/A"
+    },
+    "PR.IP-11": {
+        "support_status": false,
+        "notes": [],
+        "support": "N/A"
+    },
+    "PR.IP-12": {
+        "support_status": false,
+        "notes": [],
+        "support": "N/A"
+    },
+    "PR.MA-1": {
+        "support_status": false,
+        "notes": [],
+        "support": "N/A"
+    },
+    "PR.MA-2": {
+        "support_status": false,
+        "notes": [],
+        "support": "N/A"
+    },
+    "PR.PT-1": {
+        "support_status": false,
+        "notes": [
+            "Partially Supported: The Falcon sensor records running processes and all associated metadata. Specific activities performed within an application are not visible to the Falcon sensor.\nAdditionally, CrowdStrike has an available API to integrate detection activity to widely used SIEM solutions.",
+            "Partially Supported Capability:\nAll activity recorded by the Falcon sensor is sent to the CrowdStrike Security Cloud. This rich telemetry can support organizational requirements to store audit records about events on devices in their environments.\nFalcon LogScale permits organizations to store arbitrary data for customized retention periods, allowing effective search and categorization of these records.\nThe CrowdStrike Falcon platform includes a customer-facing audit log that records activities by customer administrators.",
+            "Partially Supported Capability:\nAll activity recorded by the Falcon sensor is sent to the CrowdStrike Security Cloud. Detection and alerting functionalities are built into the CrowdStrike Security Cloud environment. Both known patterns of malicious activities and anomalous activities using machine learning-based predictive models are used. Additionally, CrowdStrike offers a service in which the Falcon OverWatch team provides additional behavior analysis, reports, and remediation strategies for customers who might require additional assistance when hunting for suspicious behavior or activity.",
+            "Available Capability\nThe Falcon UI allows customers to run various incident reports without affecting the metadata that is stored in the CrowdStrike Security Cloud.",
+            "Partially Supported Capability:\nData captured by the Falcon sensor is sent to the CrowdStrike Security Cloud. Captured data is made available to CrowdStrike\u2019s customers through the Falcon UI.\nThe organization utilizing the Falcon sensor is responsible for meeting the terms of this control.",
+            "Partially Supported Capability:\nThe Falcon sensor is capable of capturing a user\u2019s activities through an information system and records the meta data for later review. Specific activities performed within the application are not visible to the Falcon sensor."
+        ],
+        "support": "N/A"
+    },
+    "PR.PT-2": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nCrowdStrike Falcon Device Control allows customers to restrict and monitor the use of USB devices, monitor data written to the devices, and restrict certain kinds of devices from being used.",
+            "Partially Supported Capability: CrowdStrike Falcon Device Control allows customers to restrict and monitor the use of USB devices, monitor data written to the devices, and restrict certain kinds of devices from being used."
+        ],
+        "support": "Partial"
+    },
+    "PR.PT-3": {
+        "support_status": false,
+        "notes": [],
+        "support": "N/A"
+    },
+    "PR.PT-4": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nCrowdStrike Falcon Device Control allows customers to restrict and monitor the use of USB devices, monitor data written to the devices, and restrict certain kinds of devices from being used."
+        ],
+        "support": "Partial"
+    },
+    "PR.PT-5": {
+        "support_status": false,
+        "notes": [],
+        "support": "N/A"
+    },
+    "DE.AE-1": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nThe Falcon sensor continuously monitors systems for suspicious executable files with malicious intent. This data is sent to the CrowdStrike Security Cloud for analysis and made available to the customer for corrective action."
+        ],
+        "support": "Partial"
+    },
+    "DE.AE-2": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nAll activity recorded by the Falcon sensor is sent to the CrowdStrike Security Cloud. Detection and alerting functionalities are built into the CrowdStrike Security Cloud environment. Both known patterns of malicious activities and anomalous activities using machine learning-based predictive models are used. Additionally, CrowdStrike offers a service in which the Falcon OverWatch team provides additional behavior analysis, reports, and remediation strategies for customers who might require additional assistance when hunting for suspicious behavior or activity.",
+            "Partially Supported Capability:\nThe CrowdStrike Security Cloud infrastructure is in constant contact with the Falcon sensors that have been implemented by organizations. Data is continuously sent to the CrowdStrike Security Cloud and analyzed for malicious behavior. This data is made available to customers via the Falcon UI.\nEstablishment of organization-defined metrics, monitoring frequency, security assessments and status monitoring, and any resulting analysis of the aforementioned strategies is the responsibility of the organization that implements the Falcon sensor.",
+            "Partially Supported Capability:\nThe Falcon sensor sends all captured data to the CrowdStrike Security Cloud in real time for a deeper level of analysis. All detection, analysis, containment, and eradication activities are performed in the Falcon UI.\nRecovery strategies, activities, and policies are the responsibility of the implementing organization.",
+            "Partially Supported Capability:\nThe Falcon sensor continuously monitors systems for suspicious executable files with malicious intent. This data is sent to the CrowdStrike Security Cloud for analysis and made available to the customer for corrective action."
+        ],
+        "support": "Partial"
+    },
+    "DE.AE-3": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nThe CrowdStrike Security Cloud infrastructure is in constant contact with the Falcon sensors that have been implemented by organizations. Data is continuously sent to the CrowdStrike Security Cloud and analyzed for malicious behavior. This data is made available to customers via the Falcon UI.\nEstablishment of organization-defined metrics, monitoring frequency, security assessments and status monitoring, and any resulting analysis of the aforementioned strategies is the responsibility of the organization that implements the Falcon sensor.",
+            "Partially Supported Capability:",
+            "Partially Supported Capability:\nThe Falcon sensor sends all captured data to the CrowdStrike Security Cloud in real time for a deeper level of analysis. All detection, analysis, containment, and eradication activities are performed in the Falcon UI.\nRecovery strategies, activities, and policies are the responsibility of the implementing organization.",
+            "Partially Supported Capability:\nData collected by the Falcon sensor is sent to the CrowdStrike Security Cloud where customers can view system security incidents in the Falcon UI. The CrowdStrike Falcon platform retains data associated with suspected and confirmed incidents for organizations to review and action.\nCrowdStrike also offers customers a free starting tool that can be used to implement some procedural elements of this control \u2014 see: https://www.crowdstrike.com/blog/crowdstrike-releases-digital-forensics-and-incident-response-tracker/",
+            "Partially Supported Capability:\nThe Falcon sensor continuously monitors systems for suspicious executable files with malicious intent. This data is sent to the CrowdStrike Security Cloud for analysis and made available to the customer for corrective action."
+        ],
+        "support": "Partial"
+    },
+    "DE.AE-4": {
+        "support_status": false,
+        "notes": [
+            "The Falcon sensor sends all captured data to the CrowdStrike Security Cloud in real time for a deeper level of analysis. All detection, analysis, containment, and eradication activities are performed in the Falcon UI.",
+            "Partially Supported Capability:\nThe Falcon sensor sends all captured data to the CrowdStrike Security Cloud in real time for a deeper level of analysis. All detection, analysis, containment, and eradication activities are performed in the Falcon UI.\nRecovery strategies, activities, and policies are the responsibility of the implementing organization.",
+            "Partially Supported Capability:\nThe Falcon sensor continuously monitors systems for suspicious executable files with malicious intent. This data is sent to the CrowdStrike Security Cloud for analysis and made available to the customer for corrective action."
+        ],
+        "support": "N/A"
+    },
+    "DE.AE-5": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nThe Falcon sensor sends all captured data to the CrowdStrike Security Cloud in real time for a deeper level of analysis. All detection, analysis, containment, and eradication activities are performed in the Falcon UI.\nRecovery strategies, activities, and policies are the responsibility of the implementing organization.",
+            "Recovery strategies, activities, and policies are the responsibility of the implementing organization."
+        ],
+        "support": "Full"
+    },
+    "DE.CM-1": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nThe CrowdStrike Security Cloud infrastructure is in constant contact with the Falcon sensors that have been implemented by organizations. Data is continuously sent to the CrowdStrike Security Cloud and analyzed for malicious behavior. This data is made available to customers via the Falcon UI.\nEstablishment of organization-defined metrics, monitoring frequency, security assessments and status monitoring, and any resulting analysis of the aforementioned strategies is the responsibility of the organization that implements the Falcon sensor.",
+            "Partially Supported Capability:\nThe CrowdStrike Falcon agent records a rich set of telemetry, allowing organizations to monitor and control key infrastructure elements. The agent and corresponding telemetry can be used to reinforce an organization\u2019s security architecture.\nIt Is the responsibility of the organization",
+            "Partially Supported Capability:\nThe Falcon sensor continuously monitors systems for suspicious executable files with malicious intent. This data is sent to the CrowdStrike Security Cloud for analysis and made available to the customer for corrective action."
+        ],
+        "support": "Partial"
+    },
+    "DE.CM-2": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nThe CrowdStrike Security Cloud infrastructure is in constant contact with the Falcon sensors that have been implemented by organizations. Data is continuously sent to the CrowdStrike Security Cloud and analyzed for malicious behavior. This data is made available to customers via the Falcon UI.\nEstablishment of organization-defined metrics, monitoring frequency, security assessments and status monitoring, and any resulting analysis of the aforementioned strategies is the responsibility of the organization that implements the Falcon sensor."
+        ],
+        "support": "Partial"
+    },
+    "DE.CM-3": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nFalcon Identity Threat Protection gives deep insight into user account actions, including robust monitoring of authentication and change events. It can also surface group and role membership data, allowing organizations to identify accounts of interest, such as administrative accounts or overprivileged accounts. Organizations may also use the reporting features of the Falcon Identity Threat Protection to support their identity and account review processes.\nFalcon Insight XDR allows organizations to gather telemetry on the use of accounts across their deployed endpoints.",
+            "Partially Supported Capability:\nData captured by the Falcon sensor is sent to the CrowdStrike Security Cloud. Captured data is made available to CrowdStrike\u2019s customers through the Falcon UI.\nThe organization utilizing the Falcon sensor is responsible for meeting the terms of this control."
+        ],
+        "support": "Partial"
+    },
+    "DE.CM-4": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nThe Falcon sensor continuously monitors systems for suspicious executable files with malicious intent. This data is sent to the CrowdStrike Security Cloud for analysis and made available to the customer for corrective action."
+        ],
+        "support": "Partial"
+    },
+    "DE.CM-5": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nThe Falcon sensor continuously monitors systems for suspicious executable files with malicious intent. This data is sent to the CrowdStrike Security Cloud for analysis and made available to the customer for corrective action."
+        ],
+        "support": "Partial"
+    },
+    "DE.CM-6": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nThe CrowdStrike Security Cloud infrastructure is in constant contact with the Falcon sensors that have been implemented by organizations. Data is continuously sent to the CrowdStrike Security Cloud and analyzed for malicious behavior. This data is made available to customers via the Falcon UI.\nEstablishment of organization-defined metrics, monitoring frequency, security assessments and status monitoring, and any resulting analysis of the aforementioned strategies is the responsibility of the organization that implements the Falcon sensor.",
+            "Partially Supported Capability:\nThe Falcon sensor continuously monitors systems for suspicious executable files with malicious intent. This data is sent to the CrowdStrike Security Cloud for analysis and made available to the customer for corrective action."
+        ],
+        "support": "Partial"
+    },
+    "DE.CM-7": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nData captured by the Falcon sensor is sent to the CrowdStrike Security Cloud. Captured data is made available to CrowdStrike\u2019s customers through the Falcon UI.\nThe organization utilizing the Falcon sensor is responsible for meeting the terms of this control.",
+            "Partially Supported Capability:\nThe CrowdStrike Security Cloud infrastructure is in constant contact with the Falcon sensors that have been implemented by organizations. Data is continuously sent to the CrowdStrike Security Cloud and analyzed for malicious behavior. This data is made available to customers via the Falcon UI.\nEstablishment of organization-defined metrics, monitoring frequency, security assessments and status monitoring, and any resulting analysis of the aforementioned strategies is the responsibility of the organization that implements the Falcon sensor.",
+            "Partially Supported Capability:\nThe CrowdStrike Falcon console can help generate an inventory of any active systems if the Falcon sensor has been configured on all systems. However, this is primarily the responsibility of the implementing organization. If the implementing organization implements the Falcon Discover module, a rich set of hardware, software, and configuration information is available on any active system.",
+            "Partially Supported Capability:\nThe Falcon sensor continuously monitors systems for suspicious executable files with malicious intent. This data is sent to the CrowdStrike Security Cloud for analysis and made available to the customer for corrective action."
+        ],
+        "support": "Partial"
+    },
+    "DE.CM-8": {
+        "support_status": false,
+        "notes": [],
+        "support": "N/A"
+    },
+    "DE.DP-1": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nThe CrowdStrike Security Cloud infrastructure is in constant contact with the Falcon sensors that have been implemented by organizations. Data is continuously sent to the CrowdStrike Security Cloud and analyzed for malicious behavior. This data is made available to customers via the Falcon UI.\nEstablishment of organization-defined metrics, monitoring frequency, security assessments and status monitoring, and any resulting analysis of the aforementioned strategies is the responsibility of the organization that implements the Falcon sensor."
+        ],
+        "support": "Partial"
+    },
+    "DE.DP-2": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nThe CrowdStrike Security Cloud infrastructure is in constant contact with the Falcon sensors that have been implemented by organizations. Data is continuously sent to the CrowdStrike Security Cloud and analyzed for malicious behavior. This data is made available to customers via the Falcon UI.\nEstablishment of organization-defined metrics, monitoring frequency, security assessments and status monitoring, and any resulting analysis of the aforementioned strategies is the responsibility of the organization that implements the Falcon sensor.",
+            "Partially Supported Capability:\nThe Falcon sensor continuously monitors systems for suspicious executable files with malicious intent. This data is sent to the CrowdStrike Security Cloud for analysis and made available to the customer for corrective action."
+        ],
+        "support": "Partial"
+    },
+    "DE.DP-3": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nThe CrowdStrike Security Cloud infrastructure is in constant contact with the Falcon sensors that have been implemented by organizations. Data is continuously sent to the CrowdStrike Security Cloud and analyzed for malicious behavior. This data is made available to customers via the Falcon UI.\nEstablishment of organization-defined metrics, monitoring frequency, security assessments and status monitoring, and any resulting analysis of the aforementioned strategies is the responsibility of the organization that implements the Falcon sensor.",
+            "Supported Capability:\nThe Falcon sensor is capable of being deployed on every endpoint in an organization to continuously gather system events from hosts to detect possible threats. All captured activity is sent to the CrowdStrike Security Cloud for analysis. The CrowdStrike Security Cloud is able to dynamically update its detection patterns based on the data collected from all of the deployed Falcon sensors. Suspicious data is quarantined and presented in the Falcon UI for further analysis in order to determine if an incident is in fact malicious or a false positive. The Falcon sensor continues to provide protection during periods of interrupted cloud connectivity.",
+            "Partially Supported Capability:\nThe Falcon sensor continuously monitors systems for suspicious executable files with malicious intent. This data is sent to the CrowdStrike Security Cloud for analysis and made available to the customer for corrective action."
+        ],
+        "support": "Partial"
+    },
+    "DE.DP-4": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nAll activity recorded by the Falcon sensor is sent to the CrowdStrike Security Cloud. Detection and alerting functionalities are built into the CrowdStrike Security Cloud environment. Both known patterns of malicious activities and anomalous activities using machine learning-based predictive models are used. Additionally, CrowdStrike offers a service in which the Falcon OverWatch team provides additional behavior analysis, reports, and remediation strategies for customers who might require additional assistance when hunting for suspicious behavior or activity.",
+            "Partially Supported Capability:\nThe CrowdStrike Security Cloud infrastructure is in constant contact with the Falcon sensors that have been implemented by organizations. Data is continuously sent to the CrowdStrike Security Cloud and analyzed for malicious behavior. This data is made available to customers via the Falcon UI.\nEstablishment of organization-defined metrics, monitoring frequency, security assessments and status monitoring, and any resulting analysis of the aforementioned strategies is the responsibility of the organization that implements the Falcon sensor.",
+            "Partially Supported Capability:\nThe Falcon sensor continuously monitors systems for suspicious executable files with malicious intent. This data is sent to the CrowdStrike Security Cloud for analysis and made available to the customer for corrective action."
+        ],
+        "support": "Partial"
+    },
+    "DE.DP-5": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nThe CrowdStrike Security Cloud infrastructure is in constant contact with the Falcon sensors that have been implemented by organizations. Data is continuously sent to the CrowdStrike Security Cloud and analyzed for malicious behavior. This data is made available to customers via the Falcon UI.\nEstablishment of organization-defined metrics, monitoring frequency, security assessments and status monitoring, and any resulting analysis of the aforementioned strategies is the responsibility of the organization that implements the Falcon sensor.",
+            "Partially Supported Capability:\nThe Falcon sensor continuously monitors systems for suspicious executable files with malicious intent. This data is sent to the CrowdStrike Security Cloud for analysis and made available to the customer for corrective action."
+        ],
+        "support": "Partial"
+    },
+    "RS.RP-1": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nThe Falcon sensor sends all captured data to the CrowdStrike Security Cloud in real time for a deeper level of analysis. All detection, analysis, containment, and eradication activities are performed in the Falcon UI.\nRecovery strategies, activities, and policies are the responsibility of the implementing organization."
+        ],
+        "support": "Partial"
+    },
+    "RS.CO-1": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nThe CrowdStrike Falcon platform includes a tool that can be used to assess the effectiveness of any IR process that would be an important element of any response."
+        ],
+        "support": "Partial"
+    },
+    "RS.CO-2": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nAll activity recorded by the Falcon sensor is sent to the CrowdStrike Security Cloud. Detection and alerting functionalities are built into the CrowdStrike Security Cloud environment. Both known patterns of malicious activities and anomalous activities using machine learning-based predictive models are used. Additionally, CrowdStrike offers a service in which the Falcon OverWatch team provides additional behavior analysis, reports, and remediation strategies for customers who might require additional assistance when hunting for suspicious behavior or activity.",
+            "Partially Supported Capability:\nThe CrowdStrike Falcon platform supports reporting incidents in several ways: (1) the SIEM connector can automatically deliver alerting to designated SOC or organizational functions, (2) Falcon Fusion workflows can send notifications on customer-defined conditions, and (3) the Falcon platform itself automatically surfaces incidents with confidence levels for organizations to assess."
+        ],
+        "support": "Partial"
+    },
+    "RS.CO-3": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nThe Falcon sensor sends all captured data to the CrowdStrike Security Cloud in real time for a deeper level of analysis. All detection, analysis, containment, and eradication activities are performed in the Falcon UI.\nRecovery strategies, activities, and policies are the responsibility of the implementing organization.",
+            "Partially Supported Capability:\nThe Falcon sensor sends all captured data to the CrowdStrike Security Cloud in real time for a deeper level of analysis. All detection, analysis, containment, and eradication activities are performed in the Falcon UI.\nRecovery strategies, activities, and policies are the responsibility of the implementing organization."
+        ],
+        "support": "Partial"
+    },
+    "RS.CO-4": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nThe Falcon sensor sends all captured data to the CrowdStrike Security Cloud in real time for a deeper level of analysis. All detection, analysis, containment, and eradication activities are performed in the Falcon UI.\nRecovery strategies, activities, and policies are the responsibility of the implementing organization.",
+            "Partially Supported Capability:\nThe Falcon sensor sends all captured data to the CrowdStrike Security Cloud in real time for a deeper level of analysis. All detection, analysis, containment, and eradication activities are performed in the Falcon UI.\nRecovery strategies, activities, and policies are the responsibility of the implementing organization."
+        ],
+        "support": "Partial"
+    },
+    "RS.CO-5": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nThe CrowdStrike Falcon Intelligence product provides implementing organizations with detailed analysis and reports on the latest threats and actors. Additionally, CrowdStrike\u2019s detailed threat actor profiles provide a summary of the adversaries, as well as intelligence including last known activity, community identifiers, target industries and countries, motivations, tactics, techniques, and procedures."
+        ],
+        "support": "Partial"
+    },
+    "RS.AN-1": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nAll activity recorded by the Falcon sensor is sent to the CrowdStrike Security Cloud. Detection and alerting functionalities are built into the CrowdStrike Security Cloud environment. Both known patterns of malicious activities and anomalous activities using machine learning-based predictive models are used. Additionally, CrowdStrike offers a service in which the Falcon OverWatch team provides additional behavior analysis, reports, and remediation strategies for customers who might require additional assistance when hunting for suspicious behavior or activity.",
+            "Partially Supported Capability:\nThe CrowdStrike Security Cloud infrastructure is in constant contact with the Falcon sensors that have been implemented by organizations. Data is continuously sent to the CrowdStrike Security Cloud and analyzed for malicious behavior. This data is made available to customers via the Falcon UI.\nEstablishment of organization-defined metrics, monitoring frequency, security assessments and status monitoring, and any resulting analysis of the aforementioned strategies is the responsibility of the organization that implements the Falcon sensor.",
+            "Partially Supported Capability:\nThe Falcon sensor sends all captured data to the CrowdStrike Security Cloud in real time for a deeper level of analysis. All detection, analysis, containment, and eradication activities are performed in the Falcon UI.\nRecovery strategies, activities, and policies are the responsibility of the implementing organization.",
+            "Partially Supported Capability:\nThe Falcon sensor continuously monitors systems for suspicious executable files with malicious intent. This data is sent to the CrowdStrike Security Cloud for analysis and made available to the customer for corrective action."
+        ],
+        "support": "Partial"
+    },
+    "RS.AN-2": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nThe Falcon sensor sends all captured data to the CrowdStrike Security Cloud in real time for a deeper level of analysis. All detection, analysis, containment, and eradication activities are performed in the Falcon UI.\nRecovery strategies, activities, and policies are the responsibility of the implementing organization.",
+            "Partially Supported Capability:\nThe Falcon sensor sends all captured data to the CrowdStrike Security Cloud in real time for a deeper level of analysis. All detection, analysis, containment, and eradication activities are performed in the Falcon UI.\nRecovery strategies, activities, and policies are the responsibility of the implementing organization."
+        ],
+        "support": "Partial"
+    },
+    "RS.AN-3": {
+        "support_status": true,
+        "notes": [
+            "Available Capability\nThe Falcon UI allows customers to run various incident reports without affecting the metadata that is stored in the CrowdStrike Security Cloud.",
+            "Partially Supported Capability:\nThe Falcon sensor sends all captured data to the CrowdStrike Security Cloud in real time for a deeper level of analysis. All detection, analysis, containment, and eradication activities are performed in the Falcon UI.\nRecovery strategies, activities, and policies are the responsibility of the implementing organization.",
+            "Partially Supported Capability:\nThe Falcon sensor sends all captured data to the CrowdStrike Security Cloud in real time for a deeper level of analysis. All detection, analysis, containment, and eradication activities are performed in the Falcon UI.\nRecovery strategies, activities, and policies are the responsibility of the implementing organization."
+        ],
+        "support": "Full"
+    },
+    "RS.AN-4": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nThe Falcon sensor sends all captured data to the CrowdStrike Security Cloud in real time for a deeper level of analysis. All detection, analysis, containment, and eradication activities are performed in the Falcon UI.\nRecovery strategies, activities, and policies are the responsibility of the implementing organization.",
+            "Partially Supported Capability:\nThe Falcon sensor sends all captured data to the CrowdStrike Security Cloud in real time for a deeper level of analysis. All detection, analysis, containment, and eradication activities are performed in the Falcon UI.\nRecovery strategies, activities, and policies are the responsibility of the implementing organization.",
+            "Partially Supported Capability:\nData collected by the Falcon sensor is sent to the CrowdStrike Security Cloud where customers can view system security incidents in the Falcon UI. The CrowdStrike Falcon platform retains data associated with suspected and confirmed incidents for organizations to review and action.\nCrowdStrike also offers customers a free starting tool that can be used to implement some procedural elements of this control \u2014 see: https://www.crowdstrike.com/blog/crowdstrike-releases-digital-forensics-and-incident-response-tracker/"
+        ],
+        "support": "Partial"
+    },
+    "RS.AN-5": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nThe Falcon sensor sends all captured data to the CrowdStrike Security Cloud in real time for a deeper level of analysis. All detection, analysis, containment, and eradication activities are performed in the Falcon UI.\nRecovery strategies, activities, and policies are the responsibility of the implementing organization.",
+            "Partially Supported Capability:\nThe CrowdStrike Falcon Intelligence product provides implementing organizations with detailed analysis and reports on the latest threats and actors. Additionally, CrowdStrike\u2019s detailed threat actor profiles provide a summary of the adversaries, as well as intelligence including last known activity, community identifiers, target industries and countries, motivations, tactics, techniques, and procedures."
+        ],
+        "support": "Partial"
+    },
+    "RS.MI-1": {
+        "support_status": false,
+        "notes": [],
+        "support": "N/A"
+    },
+    "RS.MI-2": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nThe Falcon sensor sends all captured data to the CrowdStrike Security Cloud in real time for a deeper level of analysis. All detection, analysis, containment, and eradication activities are performed in the Falcon UI.\nRecovery strategies, activities, and policies are the responsibility of the implementing organization."
+        ],
+        "support": "Partial"
+    },
+    "RS.MI-3": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nThe CrowdStrike Security Cloud infrastructure is in constant contact with the Falcon sensors that have been implemented by organizations. Data is continuously sent to the CrowdStrike Security Cloud and analyzed for malicious behavior. This data is made available to customers via the Falcon UI.\nEstablishment of organization-defined metrics, monitoring frequency, security assessments and status monitoring, and any resulting analysis of the aforementioned strategies is the responsibility of the organization that implements the Falcon sensor."
+        ],
+        "support": "Partial"
+    },
+    "RS.IM-1": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nThe Falcon sensor sends all captured data to the CrowdStrike Security Cloud in real time for a deeper level of analysis. All detection, analysis, containment, and eradication activities are performed in the Falcon UI.\nRecovery strategies, activities, and policies are the responsibility of the implementing organization."
+        ],
+        "support": "Partial"
+    },
+    "RS.IM-2": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nThe Falcon sensor sends all captured data to the CrowdStrike Security Cloud in real time for a deeper level of analysis. All detection, analysis, containment, and eradication activities are performed in the Falcon UI.\nRecovery strategies, activities, and policies are the responsibility of the implementing organization."
+        ],
+        "support": "Partial"
+    },
+    "RC.RP-1": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nThe Falcon sensor sends all captured data to the CrowdStrike Security Cloud in real time for a deeper level of analysis. All detection, analysis, containment, and eradication activities are performed in the Falcon UI.\nRecovery strategies, activities, and policies are the responsibility of the implementing organization."
+        ],
+        "support": "Partial"
+    },
+    "RC.IM-1": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nThe Falcon sensor sends all captured data to the CrowdStrike Security Cloud in real time for a deeper level of analysis. All detection, analysis, containment, and eradication activities are performed in the Falcon UI.\nRecovery strategies, activities, and policies are the responsibility of the implementing organization."
+        ],
+        "support": "Partial"
+    },
+    "RC.IM-2": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nThe Falcon sensor sends all captured data to the CrowdStrike Security Cloud in real time for a deeper level of analysis. All detection, analysis, containment, and eradication activities are performed in the Falcon UI.\nRecovery strategies, activities, and policies are the responsibility of the implementing organization."
+        ],
+        "support": "Partial"
+    },
+    "RC.CO-1": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nThe Falcon sensor sends all captured data to the CrowdStrike Security Cloud in real time for a deeper level of analysis. All detection, analysis, containment, and eradication activities are performed in the Falcon UI.\nRecovery strategies, activities, and policies are the responsibility of the implementing organization."
+        ],
+        "support": "Partial"
+    },
+    "RC.CO-2": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nThe Falcon sensor sends all captured data to the CrowdStrike Security Cloud in real time for a deeper level of analysis. All detection, analysis, containment, and eradication activities are performed in the Falcon UI.\nRecovery strategies, activities, and policies are the responsibility of the implementing organization."
+        ],
+        "support": "Partial"
+    },
+    "RC.CO-3": {
+        "support_status": true,
+        "notes": [
+            "Partially Supported Capability:\nThe Falcon sensor sends all captured data to the CrowdStrike Security Cloud in real time for a deeper level of analysis. All detection, analysis, containment, and eradication activities are performed in the Falcon UI.\nRecovery strategies, activities, and policies are the responsibility of the implementing organization."
+        ],
+        "support": "Partial"
+    }
+}