Cisco Cloud Controls Framework (CCF) enables teams to ensure that cloud products and services meet security and privacy requirements through a streamlined, rationalized compliance and risk management strategy that saves significant resources.

Cisco CCF is a comprehensive set of international and national security compliance and certification requirements compiled into a single framework.

Prasant Vadlamudi, Senior Director for Global Cloud Compliance at Cisco commented, “The Cisco CCF is central to our company’s security compliance strategy. By making it available for public use, we are helping ease compliance strain and enable smoother market access and scalability for the cloud community. By sharing our CCF with customers and peers, we also continue to support our commitment to transparency and accountability that is foundational to Cisco’s DNA.”

The ever-changing requirements for security certifications and standards around the world are becoming more important, but it’s also becoming more difficult and time-consuming for Cloud-based software providers.

ISO 27701, ISO 27017, ISO 22301, SOC 2, ISO 27001: 2013, ISO 27018, Germany’s BSI C5, FedRAMP tailored for the US public sector, the Spanish ENS, Japan’s ISMAP, PCI DSS v3.2.1, Australia’s IRAP, and the EU Cloud Code of Conduct can all be defined, implemented, and demonstrated using this framework.

The CCF includes instructions on how to implement these controls as well as audit artifacts required to demonstrate control effectiveness. Cisco will regularly update the CCF as regulations change and new frameworks are integrated into our compliance processes.

Prasant Vadlamudi, Senior Director for Global Cloud Compliance at Cisco added, “Customer demand for global SaaS security certifications is constantly expanding, as are the security risks we all face. As the complexity of market demand grows, SaaS providers need an efficient way to simplify and streamline efforts to attain security certifications. Our experience has helped us define a common set of building blocks that are repeatable across developed products. Tailoring additional blocks for specific regional or topical certifications ensures the CCF is sensitive to the needs and expectations of regulators and customers across different geographies and sectors.”

Read more articles:

Cloud Security?