Cisco on Thursday released its Cloud Controls Framework (CCF), a set of comprehensive international and national security compliance and certification requirements combined into one framework.
The CCF was developed as the foundational methodology to accelerate certification achievements across Cisco’s cloud offerings and to help companies establish a strong security baseline. According to Cisco, the CCF offers a structured, “build-once-use-many” approach for achieving the broadest range of international, national, and regional certifications.
“The Cisco CCF is central to our company’s security compliance strategy,” said Prasant Vadlamudi, senior director for global cloud compliance at Cisco. “By making it available for public use, we are helping ease compliance strain and enabling smoother market access and scalability for the cloud community. By sharing our CCF with customers and peers, we also continue to support our commitment to transparency and accountability.”
At first glance, Cisco’s CCF looks like an ambitious and much-needed guidance to help organizations accelerate migration to the cloud while satisfying security and privacy requirements, said Mark Arnold, vice president, advisory services at LARES Consulting. Arnold said the CCF accounts for a decent swath of international and national standards, offering companies sufficient coverage of cloud computing standards.
“One glaring omission from the list is the expansive works from the Cloud Security Alliance,” Arnold said. “One may wonder how Cisco’s vendor-pitched CCF holds court against CSA’s vendor-agnostic community approach to building a consensus cloud security framework.”
