Cisco Releases Its Cloud Controls Framework To The Public, Making Security Certification Ever More Accessible

News Summary
  • The Cisco Cloud Controls Framework (CCF) is now available to the public.
  • The Cisco CCF helps save significant resources by enabling organizations to achieve cloud security certifications much more efficiently.
  • The Cisco CCF offers a “build-once-use-many” approach for achieving the broadest range of international and national cloud security certifications such as SOC 2, ISO, FedRAMP, and many more.
SAN JOSE, CA - May 5, 2022 - Today, Cisco is pleased to release the  Cisco Cloud Controls Framework (CCF) to the public. The Cisco CCF is a comprehensive set of international and national security compliance and certification requirements, aggregated in one framework. It empowers teams to make sure cloud products and services meet security and privacy requirements thanks to a simplified rationalized compliance and risk management strategy, saving significant resources. Meeting the fast-evolving requirements for security certifications and standards across the globe is becoming increasingly important, but also extremely challenging, and resource- and time-intensive for Cloud-based software providers. “The Cisco CCF is central to our company’s security compliance strategy. By making it available for public use, we are helping ease compliance strain and enable smoother market access and scalability for the cloud community,” explains Prasant Vadlamudi, Cisco’s Senior Director for Global Cloud Compliance. “By sharing our CCF with customers and peers, we also continue to support our commitment to transparency and accountability that are foundational to Cisco’s DNA.” The CCF is the foundational methodology for Cisco to accelerate certification achievements across our cloud offerings and establish a strong security baseline. It is the result of years of standards research to certify SaaS products for multiple standards for repeatable practices and efficiencies. The CCF offers a structured, “build-once-use-many” approach for achieving the broadest range of international, national, and regional certifications. With this framework, organizations can define, implement, and demonstrate controls that are foundational to security and privacy certifications consistently across SaaS portfolios, such as SOC 2, ISO 27001: 2013, ISO 27701, ISO 27017, ISO 22301, ISO 27018, Germany’s BSI C5, FedRAMP Tailored for the US public sector, the Spanish ENS, Japan’s ISMAP, PCI DSS v3.2.1, the EU Cloud Code of Conduct, and Australia’s IRAP*. “Customer demand for global SaaS security certifications is constantly expanding, as are the security risks we all face. As the complexity of market demand grows, SaaS providers need an efficient way to simplify and streamline efforts to attain security certifications. Our experience has helped us define a common set of building blocks that are repeatable across developed products. Tailoring additional blocks for specific regional or topical certifications ensures the CCF is sensitive to the needs and expectations of regulators and customers across different geographies and sectors,” says Vadlamudi. The CCF comes with guidance on how to implement these controls and the audit artifacts needed to demonstrate controls operating effectiveness. Cisco will regularly update the CCF as regulations evolve and new frameworks are integrated into our compliance processes. Additional Resources:  *SOC 2® - SOC for Service Organizations: Trust Services Criteria; ISO IEC 27001:2013 - Information technology — Security techniques — Information security management systems — Requirements; ISO/IEC 27017:2015 - Information technology — Security techniques — Code of practice for information security controls based on ISO/IEC 27002 for cloud services; ISO/IEC 27018:2019 - Information technology — Security techniques — Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors; ISO/IEC 27701:2019 - Security techniques — Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management — Requirements and guidelines; ISO 22301:2019 - Security and resilience — Business continuity management systems — Requirements; Federal Risk and Authorization Management Program (FedRAMP LI-SAAS/Tailored); Esquema Nacional de Seguridad (ENS); Infosec Registered Assessors Program (IRAP December 2020); Payment Card Industry Data Security Standard (PCI-DSS v3.2.1); Information System Security Management and Assessment Program (ISMAP); Cloud Computing Compliance Controls Catalogue (C5); EU Cloud Code of Conduct (CoC); Third Party Cybersecurity Compliance Certificate (CCC) About Cisco Cisco (NASDAQ: CSCO) is the worldwide leader in technology that powers the Internet. Cisco inspires new possibilities by reimagining your applications, securing your data, transforming your infrastructure, and empowering your teams for a global and inclusive future. Discover more on  The Newsroom.
Cloud Communications Alliance

Related Posts

Browse these posts below for the latest in cloud communications news and insights.

Cisco and NTT DATA Partner to Empower Global Mobile Workforce with Simplified Access to 5G Connectivity
Expanded global partnership and co-innovation enhance secure and cost-effective ...
8x8 CX Transformation Drives Continued Customer Adoption and Momentum
Sales of New Products in FY25 Q2 Increased More Than 60% Year-Over-Year, Led By ...
Crexendo’s NetSapiens Platform Awarded 2024 Generative AI Expo Product of the Year Award
The NetSapiens platform utilizes generative AI to enhance customer ...