SAN JASE, CA, May 5, 2022 – Today Cisco is happy to release Cisco Cloud Controls Framework (CCF) to the public. Cisco CCF is a complete set of international and national safety and certification requirements combined into one structure. Thanks to a simplified streamlined strategy for compliance and risk management, it allows teams to ensure that cloud products and services meet security and privacy requirements, saving significant resources.
Complying with rapidly evolving requirements for certificates and security standards around the world is becoming increasingly important, but also extremely challenging, and requires resources and time for cloud software vendors.
“Cisco CCF is central to our company’s security strategy. By making it available to the public, we are helping to ease tensions as required and provide smoother market access and scalability for the cloud community, ”explains Prasant Wadlamudi, Cisco’s Senior Director of Global Cloud Compliance. “Thanks to our CCF with customers and colleagues, we also continue to maintain our commitment to transparency and accountability, which are fundamental to Cisco DNA.”
CCF is a foundational methodology for Cisco to accelerate certification achievements in our cloud offerings and establish a solid security base. It is the result of many years of research standards for SaaS product certification across multiple standards for repetitive practices and effectiveness. CCF offers a structured “one-time-use-many” approach to obtaining the widest range of international, national and regional certifications.
Through this structure, organizations can identify, implement, and demonstrate controls that are fundamental to security and privacy certificates in various SaaS portfolios, such as SOC 2, ISO 27001: 2013, ISO 27701, ISO 27017, ISO 22301, ISO 27018. Germany, C5, FedRAMP Designed for US public sector, Spanish ENS, Japanese ISMAP, PCI DSS v3.2.1, EU Cloud Code of Conduct and IRAP * Australia.
“Customer demand for global SaaS security certificates is constantly growing, as are the security risks we all face. As the complexity of market demand grows, SaaS providers need an effective way to simplify and streamline security certification efforts. Our experience has helped us identify a common set of building blocks that are repeated in the developed products. Adapting additional blocks to specific regional or current certifications ensures that CCF is responsive to the needs and expectations of regulators and customers in different geographies and sectors, ”says Wadlamudi.
The CCF comes with instructions for implementing these controls and audit artifacts needed to demonstrate management effectiveness. Cisco will regularly update the CCF as regulations evolve and new structures are integrated into our compliance processes.
* SOC 2® – SOC for service organizations: criteria for trusted services; ISO IEC 27001: 2013 – Information technology – Security technology – Information security management systems – Requirements; ISO / IEC 27017: 2015 – Information technology – Security technology – Information security control code of practice based on ISO / IEC 27002 for cloud services; ISO / IEC 27018: 2019 – Information technology – Security technology – Code of Practice for the Protection of Personal Information (PII) in open clouds, acting as PII processors; ISO / IEC 27701: 2019 – Security practices – Extension to ISO / IEC 27001 and ISO / IEC 27002 for privacy management – Requirements and recommendations; ISO 22301: 2019 – Security and resilience – Business continuity management systems – Requirements; Federal Risk Management and Authorization Program (FedRAMP LI-SAAS / Individual); National Security Council (ENS); Infosec Registered Appraisers Program (IRAP December 2020); Payment Card Industry Data Security Standard (PCI-DSS v3.2.1); Information System Security Management and Assessment Program (ISMAP); Cloud Computing Compliance Control Catalog (C5); EU Cloud Code of Conduct (CoC); Third Party Cybersecurity Certificate (CCC)
Cisco (NASDAQ: CSCO) is a world leader in technologies that enable the Internet. Cisco inspires new opportunities by reviewing your applications, securing your data, transforming your infrastructure, and empowering your teams for a global and inclusive future. Find out more at The Newsroom and follow us Twitter.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and / or its affiliates in the United States and other countries. A list of Cisco brands can be found at www.cisco.com/go/trademarks. These trademarks of third parties are the property of their respective owners. The use of the word partner does not mean a partnership between Cisco and any other company.