Software developer Cisco recently released its Cisco Cloud Control Framework (Cisco CCF) to improve security and privacy certificates for Software as a service (SaaS) portfolios across the globe. The framework was created to meet emergent international requirements for security and standards compliance.
Cisco CCF is a unified framework made up of local and international requirements for security compliance and standards certification. It was created to ensure that cloud products and services comply with security and privacy requirements. The framework simplifies rationalized compliance, saves company resources, and also eases the implementation of risk management strategies throughout an organization.
According to Cisco Senior Director for Global Cloud Compliance Prasant Vadlamudi, the new framework is an integral part of the company’s current security compliance strategy. In offering it to the public, it is meant to reduce difficulties in standards compliance and make market access and scalability more accessible for the cloud community across the globe. It is also a reflection of Cisco’s commitment to accountability and transparency in all transactions and developments.
As Vadlamudi puts it, customer demand for SaaS security certifications is surging worldwide, along with the security threats that are causing concern for both companies and individual SaaS users. In which case, Cisco tailored a number of elements for specific certifications both in the US and overseas, making the framework one that is attuned to the expectations of regulators and customers alike.
What Can Be Done with Cisco CCF?
As a foundational methodology that speeds up cloud certification across a diverse range of products, Cisco CCF is the end result of the company’s research on how SaaS products can be certified under multiple standards. It is a structured approach aimed at giving clients everything they need to achieve a diverse range of certifications.
Guidance for control implementation as well as primary audit artifacts for demonstrating these controls are already built into the framework. Users can also look forward to regular updates which will come up as online security and privacy regulations evolve, and new frameworks are also set to be absorbed into Cisco’s compliance processes.
Cisco CCF allows companies to define, implement, and demonstrate key controls for achieving various security and privacy certifications for SaaS portfolios. The current roster of achievable certifications includes SOC 2, ISO 27001: 2013, ISO 27701, ISO 27017, ISO 22301, ISO 27018, Germany’s BSI C5, FedRAMP Tailored for the US public sector, the Spanish ENS, Japan’s ISMAP, PCI DSS v3.2.1, the EU Cloud Code of Conduct, as well as Australia’s IRAP*.