Cisco Cloud Controls Framework

Accelerating SaaS product security certifications to maximize market access.

What is the Cloud Controls Framework?

The Cisco Cloud Controls Framework (CCF) is a comprehensive set of international and national security compliance and certification requirements, aggregated into a single framework. In addition to the control mapping, the CCF also contains guidance on implementation and audit artifacts.

The Cisco CCF will be updated as security compliance frameworks and regulations evolve. To benefit from this framework, please review, evaluate, and tailor it to reach your compliance goals.

Contact us to learn more and get answers to your questions.




Cloud Controls Framework
Complete this form to download the file
* required fields

I understand I can unsubscribe at any time.


Why apply Cisco Cloud Controls Framework (CCF)?

This framework enables your organization to keep pace with the increasing complexity of market and customer demands. It provides a structured, “build-once-use-many” approach designed to help streamline and operationalize cloud compliance and certification. The CCF represents years of research from Cisco’s cloud compliance experts and can help your organizations better address the challenging compliance landscape and meet your market access goals.

What do I get with the CCF?

In addition to the control mapping to each of the standards referenced below, the CCF provides control narratives and supporting audit artifacts for every control in the CCF.

The narratives help provide guidance on activities and actions to implement and execute a control.

The audit artifacts offer a high-level understanding of what auditors typically request when testing the operating effectiveness of a control.

These narratives and artifacts are guidance for you to review, evaluate, and update according to your business needs and environment.

Why is Cisco making the CCF publicly available?

Strong cybersecurity is good for everyone. Efficient pathways to compliance and certification help organizations understand and address risk faster. Hopefully, this work helps to accelerate safer clouds for all.