Cisco released Cisco Cloud Controls Framework (CCF) of the public.
Cisco CCF is a comprehensive set of international and national compliance and certification requirements combined in one framework. It enables teams to ensure that cloud products and services meet security and privacy requirements through a simplified streamlined compliance and risk management strategy, saving significant resources.
Meeting the rapidly evolving requirements for certificates and security standards around the world is becoming increasingly important, but also extremely challenging, as well as resource and time-consuming for cloud software vendors.
“Cisco CCF is central to our company’s security compliance strategy. By making it available to the public, we are helping to ease tensions in line with requirements and allow smoother market access and scalability for the cloud community, ”said Prasant Wadlamudi, Cisco Senior Director of Global Cloud Compliance. “By sharing our CCF with clients and colleagues, we also continue to support our commitment to transparency and accountability, which are fundamental to Cisco’s DNA.”
CCF is Cisco’s core methodology for accelerating certification in our cloud offerings and establishing a strong security baseline. This is the result of years of research into SaaS product certification standards for multiple standards for repetitive practices and effectiveness. CCF offers a structured “build-use-many” approach to achieve the widest range of international, national and regional certifications.
With this framework, organizations can define, implement and demonstrate controls that are fundamental to security and confidentiality certificates, consistently in the SaaS portfolio, such as SOC 2, ISO 27001: 2013, ISO 27701, ISO 27017, ISO 22301, ISO 27018, Germany, BSI, C5, FedRAMP Developed for the US public sector, Spanish ENS, Japanese ISMAP, PCI DSS v3.2.1, EU Cloud Code of Conduct and IRAP * of Australia.
“Customer demand for global SaaS security certificates is constantly growing, as are the security risks we all face. As the complexity of market demand increases, SaaS providers need an effective way to simplify and streamline security certification efforts. Our experience has helped us define a common set of building blocks that can be replicated in developed products. Adapting additional blocks to specific regional or local certificates ensures that the CCF is sensitive to the needs and expectations of regulators and customers in different geographies and sectors, ”says Vadlamudi.
The CCF comes with guidelines on how to implement these controls and the audit artifacts needed to demonstrate the operational effectiveness of controls. Cisco will update the CCF regularly as regulations evolve and new frameworks are integrated into our compliance processes.