Award Context and Insight

12/02/2021 10:05 AM

Context on CrowdStrike's Federal Cyber Deal Announcement


  • CrowdStrike yesterday announced a new federal cyber deal that involves securing critical endpoints for multiple "major civilian agencies" but provided no detail on the deal size and gave little color on the nature of the work.
  • The company said the contribution to net new ARR was not notable in Q3 as the deal involves gradual rollouts with multiple agencies on varying deployment schedules.
  • The deal is tied to both President Biden's May executive order on improving cybersecurity and a previously existing federal government program known as Continuous Diagnostics and Mitigation, or CDM.


The government's CDM program is aimed at fortifying the cybersecurity of civilian government networks and systems. It is separate from Defense Department cyber initiatives. The program provides cybersecurity tools, integration services, and dashboards to participating agencies to support them in improving their security postures.

CDM has a Product component (an expedited way for government agencies to buy approved cyber security tools) and a Services component (a suite of six contracts known as CDM DEFEND held by Booz Allen Hamilton, CACI, ManTech and CGI that provide deployment and integration support).

Our database tracking federal software spend includes over 85 CrowdStrike transactions and shows a notable increase in federal business this year. Prior to yesterday's announcement, we estimated CRWD's ARR from federal agencies was on pace to more than double YOY in FY22, driven by notable Q1 deals with Health and Human Services (pink bars) and the Defense Department (light blue bars).


Our Take

The new agreement appears to be a complex implementation that will likely have a substantial services component, with possible involvement from one or more of the CDM DEFEND service providers mentioned above. As company commentary noted, the deal didn't significantly impact Q3 results, but will "steadily fold into ARR over the coming quarters," so it's no surprise the agreement didn't appear in our Q3 federal numbers.

While we expect our data set to detect incremental CrowdStrike software buys related to the deal in future quarters, we also note that given the deal's complexity, it's likely that some of the new revenue will be wrapped into the CDM DEFEND services contracts. We track spending under these contracts and detected a notable uptick in Q3 spending, likely as a result of the Biden cyber security executive order (see chart below).

Bottom Line

CRWD remains in the early stages of penetrating the federal market. We think this announcement has the potential to double federal AAR from the FY22 base within a 12-18 month timeframe. Capturing DOD spend is a separate initiative and represents additional upside from federal.

Please contact Francessca Chiappinelli with any questions or to arrange an analyst call.