Customers globally are requesting – and often requiring – SaaS providers to demonstrate their commitment to security, availability, confidentiality, and privacy. While attaining global security certifications has become table-stakes for many to do business, it’s no easy feat. Many organizations struggle to keep pace with this resource- and time-intensive process.

As the complexity of market demand grows, SaaS providers need an efficient way to simplify and streamline efforts to attain security certifications. They are looking for methods and tools to help launch them on their journey to cloud compliance and broaden their global market access. A strategic compliance and risk management approach is as essential to the success of an organization as its product strategy. We understand these challenges and are here to help.

Announcing the Cisco Cloud Controls Framework (CCF)

We are proud to announce the general availability of the Cisco Cloud Controls Framework (CCF) V1.0 for public use.

The Cisco CCF is a rationalized framework with comprehensive control requirements taken from numerous, globally accepted, security compliance frameworks and certifications. It provides a structured, “build-once-use-many” approach for achieving multiple regional and international certifications, enabling market access and scalability, as well as easing compliance strain.

Today, the Cisco CCF V1.0 covers these security compliance framework and certification standards:

We will regularly update the framework as regulations evolve and new industrial frameworks are integrated into our compliance processes.

Along with the security controls, we are also making available ‘narratives,’ guidelines for users to understand how to implement the necessary controls, and ‘audit artifacts’ that include examples of what auditors generally request when testing the operating effectiveness of controls. The framework’s corresponding narratives and supporting audit artifacts offer guidance for you to review, evaluate, and tailor according to your needs, while integrating the Cisco CCF into your organization’s compliance regime.

Why make the Cloud Controls Framework freely available?

Customer demand for global SaaS security certifications is ever-increasing, as are the security risks we face. We are sharing the Cisco CCF with the broader security and risk management community as a guide to help you achieve your market access goals, keep pace with evolving customer demand, and continue to maintain a more secure cloud infrastructure.

Access the Cisco Cloud Controls Framework and reach out to our team at ciscoccf@cisco.com with questions and to learn more.


We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels



Prashant Vadlamudi

Head of Global Cloud Compliance

Security and Trust Organization