SAN JOSE, Calif. — Cisco is sharing an internal guide on international security compliance and certification requirements for cloud software.
Cisco released the “Cisco Cloud Controls Framework” (CCF) to the public, according to the company last month.
The CCF is intended to help teams ensure cloud products and services meet security and privacy requirements with a simplified compliance and risk management strategy, “saving significant resources.”
Cisco believes it is “extremely challenging and resource- and time-intensive” for cloud-based software providers to meet requirements for security standards and certifications. Some may consider using a managed service provider to mitigate any potential issues that may arise using cloud-based software.
The “Cisco Cloud Controls Framework” is designed as the foundational methodology for Cisco to accelerate certification achievements across its cloud offerings and establish a “strong security baseline.”
Cisco’s guide on cloud security compliance is the result of “years of standards research” to certify SaaS products for multiple standards for repeatable practices and efficiencies.
The framework comes with guidance on how to implement the controls and the audit artifacts needed to demonstrate control effectiveness. Cisco will regularly update the CCF as regulations evolve and new information is integrated into its compliance processes.
Companies can use the CCF to define, implement, and demonstrate controls that are foundational to security and privacy certifications across SaaS portfolios: such as, SOC 2; ISO 27001: 2013; ISO 27701; ISO 27017; ISO 22301; ISO 27018; Germany’s BSI C5; FedRAMP Tailored for the US public sector; the Spanish ENS; Japan’s ISMAP; PCI DSS v3.2.1; the EU Cloud Code of Conduct; and Australia’s IRAP.
The Cisco CCF is “central to our company’s security compliance strategy,” said Prasant Vadlamudi, senior director for global cloud compliance, Cisco.
“By sharing our CCF with customers and peers, we also continue to support our commitment to transparency and accountability that are foundational to Cisco’s DNA,” Vadlamudi said.