The regulatory landscape for Software-as-a-Service (SaaS) offerings is rapidly changing worldwide as governments seek to address concerns around privacy, security, and data sovereignty. While the European Union’s Cybersecurity Certification Scheme for Cloud Services (EUCS) has set a high standard for data protection, Asian countries are also stepping up their regulatory frameworks. For instance, the Information System Security Management and Assessment Program (ISMAP) in Japan provides a baseline standard of protection for user data, imposing stringent requirements on the collection, use, and disclosure of data by organizations. This directly affects SaaS providers.

With existing laws and emerging regulations across Asia and Europe, global SaaS providers must maintain a vigilant approach to compliance. They must properly manage their solution development and operational practices to meet the varying demands of each market, while offering high levels of data security and privacy to their users. Cisco recognizes the challenge of maintaining security compliance requirements and is here to assist.

In May 2022, we announced the general availability of the Cisco Cloud Controls Framework (CCF) for public use, and since then, we have been rolling out successive updates. Today, we are proud to announce the public availability of the Cisco Cloud Controls Framework v3.0.

The Cisco CCF provides a simple, straightforward way to gain global market access using a “build-once-use-many” approach for assessing whether SaaS products can meet multiple regional and international standards, while offering scalability and easing the burden of compliance.

This update extends the CCF with additional, globally accepted, security compliance frameworks and certifications. It continues to provide a global SaaS solution compliance and certification strategy and methodology that will help meet customer requirements and ever-evolving regulatory demands. What’s more, the Cisco Cloud Controls Framework v3.0 further simplifies the Control Narratives and supporting Audit Artifacts provided for every control in CCF. The narratives provide guidance on the actions to execute a control, while artifacts offer a high-level understanding of what typically is requested when reviewing the effectiveness of a control.

The Cisco Cloud Controls Framework v3.0 covers the following security compliance framework and certification standards:

As critical cybersecurity regulations continue to evolve and be written into law across the globe, we will continue to update and integrate this framework. In our next implementation, we will offer a way to access control automation scripts to serve as a valuable starting point for automating CCF controls in your environment and according to your requirements. These automated control checks will enable you to expedite your market access objectives, while establishing a solid foundation for proactive compliance and continuous controls monitoring.

We hope the Cisco CCF can help you achieve your market access goals, keep pace with your evolving customer demands, and continue to maintain a secure cloud infrastructure for everyone. After all, trust is hard to earn, but easy to break.

View the CCF Overview Video and reach out to our team at ciscoccf@cisco.com to learn more.

We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!

Cisco Security Social Channels



Gagandeep Singh

Director, GCC Strategy and Planning

Global Cloud Compliance