International Demand

Cisco launches Cloud Controls Framework to meet customer demand for security certifications

Cisco has released the Cisco Cloud Controls Framework (CCF). The Cisco CCF is a comprehensive set of international and national security compliance and certification requirements, brought together in a single framework.

It enables teams to ensure that cloud products and services meet security and privacy requirements through a simplified, streamlined compliance and risk management strategy, saving significant resources.

Meeting the rapidly changing requirements of certifications and security standards across the globe is becoming increasingly important, but also extremely difficult and resource- and time-consuming for cloud-based software vendors.

“Cisco’s CCF is at the heart of our company’s security compliance strategy. By making it publicly available, we are helping to reduce compliance constraints and enable smoother market access and scalability for the cloud community,” said Prasant Vadlamudi, Cisco senior director for global cloud compliance. “By sharing our CCF with our customers and peers, we also continue to uphold our commitment to transparency and accountability that is core to Cisco’s DNA.

The CCF is Cisco’s foundational methodology for accelerating certification achievements in our cloud offerings and establishing a solid security foundation. It’s the result of years of seeking standards to certify SaaS products to multiple standards for repeatable practices and efficiencies. CCF offers a structured “build once, use many” approach to achieving the broadest range of international, national and regional certifications.

With this framework, organizations can define, implement, and demonstrate controls that are fundamental to security and privacy certifications consistently across SaaS portfolios, such as SOC 2, ISO 27001:2013, ISO 27701, ISO 27017, ISO 22301, ISO 27018, German BSI. C5, FedRAMP Suitable for US Public Sector, Spanish ENS, Japanese ISMAP, PCI DSS v3.2.1, EU Cloud Code of Conduct and Australian IRAP.

“Customer demand for global SaaS security certifications is constantly increasing, as are the security risks we all face. As the complexity of market demand increases, SaaS vendors need an effective way to simplify and streamline efforts to obtain security certifications. Our experience has helped us define a common set of repeatable building blocks across all products developed. Adapting additional blocks for specific regional or thematic certifications ensures that CCF is responsive to the needs and expectations of regulators and customers in different geographies and sectors,” says Vadlamudi.

The CCF is provided with guidance on how to implement these controls and the audit artifacts necessary to demonstrate the operating effectiveness of the controls. Cisco will update the CCF regularly as regulations evolve and new frameworks are incorporated into our compliance processes.