Released by Cisco Cisco Cloud Controls Framework (CCF) to the public.
The Cisco CCF is a set of international and national security compliance and certification requirements that are integrated into one framework. This saves significant resources by ensuring that cloud products and services meet security and privacy requirements, thanks to a simplified proper compliance and risk management strategy.
Meeting the rapidly evolving requirements for security certifications and standards around the world is becoming increasingly important for cloud technology-based software providers, but it is also a very difficult, resource-intensive, and time-consuming task.
“Cisco CCF is a key part of our company’s security strategy. By making it available for public use, we are helping to ease the burden of compliance and provide easy access and expansion to the cloud community market, ”explained Prasant Wadlamudi, Cisco’s Senior Director for Cloud Compliance. “By sharing our CCF with our customers and peers, we continue to support Cisco’s commitment to transparency and accountability, which is at the heart of DNA.”
CCF is a key tool for accelerating the success of the certification we offer to Cisco and building a solid security foundation. This is the result of many years of standard research, and SaaS products have been validated by many standards of reproducibility and efficiency. CCF offers an organized, “one-build-many” approach to achieve the widest range of international, national, and regional certifications.
Within this framework, organizations can define, implement and demonstrate controls based on SaaS package security and privacy certificates, such as SOC 2, ISO 27001: 2013, ISO 27701, ISO 27017, ISO 22301 and ISO 27018. C5, FedRAMP for US public sector, Spain’s ENS, Japan’s ISMAP, PCI DSS v3.2.1, EU Cloud Code of Conduct, Australia’s IRAP *.
“The global demand for SaaS security certifications and the security risks we all face are constantly expanding. As market demand becomes more complex, SaaS providers need an effective way to simplify and streamline security certification efforts. Our experience has helped us identify a common set of building blocks that can be replicated in developed products. Setting up additional blocks for specific regional and thematic certifications makes CCF sensitive to the needs and expectations of regulators and clients in various geographies and industries, ”Wadlamudi said.
The CCF comes with instructions on how to implement these controls and the audit findings needed to demonstrate the effectiveness of the controls. Cisco will be constantly updating the CCF as our rules are updated and integrated into the process of complying with the new system.