Bridging Global Frameworks: Governance Strategies Behind Cisco Common Control Framework v4.0 for Scalable Cloud Compliance
Nishant Sonkar
TL;DR
This paper presents Cisco's Common Control Framework v4.0, a scalable governance model that maps controls across multiple international compliance standards, streamlining cloud compliance efforts.
Contribution
It introduces a unified governance structure and control mapping approach that enhances scalability and audit readiness for Cisco's cloud compliance across various frameworks.
Findings
Cisco's cloud offerings now use a unified compliance model.
The framework effectively maps controls across multiple standards.
Governance processes support scalable and reliable compliance management.
Abstract
CCF v4.0 provides a standard way to ensure that Cisco's cloud products comply with the many quickly evolving requirements worldwide. To cope with increasing demands brought by ISO 27001, SOC 2, NIST, FedRAMP, EU CRA, DORA, and NIS2, CCF v4.0 introduces reliable governance by grouping controls using modules mapped across many frameworks. In this document, I discuss the governance structure controlling the framework's progress, noting how the CAB helped and the relevant steps for mapping and validating controls. Because of this, Cisco now uses the same scalable and audit-ready compliance model in all $ 10 B+ of their cloud offerings.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsBlockchain Technology Applications and Security