Cisco Blogs

Where the Rubber Meets the Road: The Security Control Framework

December 10, 2012 - 0 Comments

When Cisco introduced the Cisco SecureX Architecture at the 2011 RSA Conference in San Francisco, it aimed to provide network security practitioners the following benefits of a security architecture:

  • Contextual awareness
  • Comprehensive visibility
  • Scalable control
  • Dynamic adaptability to new threats
  • Data and application protection

What exactly does this mean? What does it do? How is it implemented? Which products are needed to achieve the benefits of a Cisco SecureX Architecture?

These are just some of the questions we hear when consulting with people tasked with the protection of an organization’s information and providing appropriate security controls around current and/or new business initiatives.

Around business initiatives, joint research conducted by IBM developerWorks and the IBM Center for Applied Insights has reported four information technologies (mobile technology, business analytics, cloud computing, and social business) that are rapidly reshaping how enterprises operate. This joint research has been published in the 2012 IBM Tech Trends report and security has been identified as a threat to innovation and a top barrier to adopting business-critical technology.

“Mobile technology, business analytics, cloud computing, and social business are rewriting strategic playbooks across industries. In these spaces, new business possibilities are emerging faster than many organizations can act on them, with significant IT skill shortages and security concerns threatening progress. Yet, some companies are equipped to innovate at the front edges of these fast-moving technology trends and drive strategic advantages for their organizations.” – 2012 IBM Tech Trends pdf

With that introduction of how security relates to business innovation, the aim of this blog post is to raise awareness that the Cisco SecureX architecture is beyond marketing and that in the background, Cisco and our partners are developing products, technology, services, and learning curricula—to help practitioners deploy cyber security architectures using models such as the Cisco Security Control Framework—so that a security architectural blueprint can be in place to allow organizations to have the confidence and agility to accelerate business transformation.

“The Cisco Security Control Framework model is the application of foundational security principles to define the guidelines and rules for achieving a secure infrastructure. The security architecture does not define how to build or implement a secure infrastructure, but instead defines the properties, capabilities, processes, and controls that a secure infrastructure must possess to protect against a range of threats.” – Cisco Security Control Framework (SCF) Model pdf

The two principles that govern the Security Control Framework are Total Visibility and Complete Control.

In October 2012, Cisco hosted our 15th Annual Cisco CIO Summit in Dana Point, California. The theme of this year’s event was “Redefining What’s Possible.” Speeches and breakout sessions reflected some of the major issues on the minds of CIOs today: How can they use new technology, such as cloud, mobile, and social, to create possibilities for their organizations and companies? A topic that received attention was Security. Discussions centered around tools available to protect data and the latest trends in protecting data on mobile devices. Customers are asking for a distributed model/view of the security. Who are you? What do you see? Where are you coming from? Where can you go? What do you do?

These questions relate to identification (of an end-user, of a network-device, of an application, of access-control) and offer an opportunity to utilize a pillar of the Security Control Framework for expansion—Identity—to show how Cisco and partner products, technologies, services, and training offerings support the Identification element of the framework.


Identify the state of trust of users, devices, and traffic flows:

  • Defines the ability of a system to identify entities accessing a given resource and determine a trust level or state of trust.
  • This may include traffic entering and/or leaving an area of the network.
  • The trust level may be established through the inspection of credentials or through other means. Usually trust is established through mechanisms other than an IP address.
Cisco Products that support the Identity pillar of the Security Control Framework include:

I would encourage you to engage with your Cisco Account Teams and/or Cisco Partners to review the Cisco Security Framework Model in the context of your environment. This includes the following aspects, which are merely a few of the factors that will be taken into consideration:

  • Business
  • Compute
  • Network
  • Storage
  • Security
  • Geopolitical

Cisco Professional Services:

Cisco Technologies and Identification Tools:

Sample Cisco Partner Solutions:

Cisco Training for Security Practitioners:

Sample Industry Training for Security Practitioners:

Cisco Products and Acronyms:

AnyConnect – Cisco AnyConnect Secure Mobility Client

ASA-CX – Cisco Context-Aware Adaptive Security Appliance

CWS – Cisco Cloud Web Security

CSR – Cisco Cloud Services Router 1000V

WSA – Cisco Web Security Appliance

SGT – Cisco Security Group Tags -Cisco TrustSec Innovation

Nexus 1000V – Cisco Nexus 1000V Series Switches

ISR – Cisco Integrated Services Routers

ASR – Cisco Aggregation Services Routers

IPS – Cisco Intrusion Prevention System

WIPS – Cisco Adaptive Wireless Intrusion Prevention System

ESA – Cisco Email Security Appliance

ASA-V – Cisco Virtual Adaptive Security Appliance

ISE – Cisco Identity Services Engine

ASA-X – Cisco Adaptive Security Appliances

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.