Cisco has made the Cisco Cloud Controls Framework (CCF) available to the general public. The Cisco CCF is a single framework that combines international and national security compliance and certification requirements. It enables teams to ensure that cloud goods and services fulfill security and privacy requirements using a streamlined compliance and risk management strategy, saving time and money.
Meeting the rapidly changing criteria for security certifications and standards around the world is growing more critical, but it’s also becoming more difficult and time-consuming for Cloud-based software suppliers.
“The Cisco CCF is central to our company’s security compliance strategy. By making it available for public use, we are helping ease compliance strain and enable smoother market access and scalability for the cloud community. By sharing our CCF with customers and peers, we also continue to support our commitment to transparency and accountability that is foundational to Cisco’s DNA,”explains Prasant Vadlamudi, Cisco’s Senior Director for Global Cloud Compliance.
The CCF is Cisco’s basic methodology for accelerating certification milestones and establishing a robust security baseline across our cloud services. It’s the culmination of years of research into different standards for repeatable processes and efficiencies in SaaS products. The CCF provides a disciplined “build-once-use-many” strategy to obtain the widest number of international, national, and regional certifications.
SOC 2, ISO 27001: 2013, ISO 27701, ISO 27017, ISO 22301, ISO 27018, Germany’s BSI C5, FedRAMP Tailored for the US public sector, the Spanish ENS, Japan’s ISMAP, PCI DSS v3.2.1, the EU Cloud Code of Conduct, and Australia’s Australia’s Australia’s Australia’s Australia’s Australia’s Australi
“Customer demand for global SaaS security certifications is constantly expanding, as are the security risks we all face. As the complexity of market demand grows, SaaS providers need an efficient way to simplify and streamline efforts to attain security certifications. Our experience has helped us define a common set of building blocks that are repeatable across developed products. Tailoring additional blocks for specific regional or topical certifications ensures the CCF is sensitive to the needs and expectations of regulators and customers across different geographies and sectors,”says Vadlamudi.
The CCF includes instructions for implementing these controls as well as the audit artifacts required to show control effectiveness. As legislation changes and new frameworks are integrated into our compliance processes, Cisco will update the CCF on a regular basis.
Contact us with your feedback and suggestions.