Building Trustworthy Systems
Foundation of Trust
The threat landscape is expanding, is your security strategy evolving and keeping up? Adversaries with malicious intent challenge the defenses of organizations worldwide. We need to be able to trust the technologies in our networks, and verify that trust. A trustworthy IT infrastructure is built on strong policies, processes, technologies, and products that are visible and controlled.
Cisco Trustworthy Systems At-A-Glance (PDF - 145 KB)
Assuring that products are genuine starts with security awareness and visibility that goes across the entire lifecycle of processes, policies, technology and people. Cisco products are built using our Secure Development Lifecycle (SDL) process and Trust Anchor technology.
The Cisco Secure Development Lifecycle, is part of our engineering methodology that starts at the product's design as the first step in its concept to end-of-life value chain security. The product security baseline includes the requirements for international certifications such as Common Criteria, as well as mitigations to known vulnerabilities.
Trust Anchor technology is integrated to provide assurance of genuine hardware and software. It also provides a highly secure unique identity, a source of entropy, and highly secure storage for encryption keys, attestation, and other valuable data.
Secure by Default
The trustworthy foundation provided by the Cisco product integrity features and common security modules encrypts data with the latest cryptography. Highly secure authentication and management of public key infrastructure (PKI) using the identity and current status of the PKI, helps to secure devices upon installation. Network services, using the trust anchor services for device identity, can authenticate and authorize over highly secure communications.
Trust Anchor Technologies
Cisco Trust Anchor technologies start with standards-based technology and add security functions and features to enhance product protection. Our Secure Boot implementation not only provides a high secure initiation of signed images, but also anchors a root of trust into hardware components. The hardware components that start the chain of trust can perform both system-critical functions and security functions, including proactive monitoring of the startup process and a shutdown of the process if tampering is detected.
Visibility and Control
Knowing the products on your network has increased in importance. The ability to securely communicate with products and monitor infrastructure product performance at boot time as well as in real time should be included in overall security policies and controls. Cisco certifies a wide range of products in independent Common Criteria labs to show our adherence to the protection profiles established for a product type.
Cisco Security Awareness Program
Security responsibility and accountability resides with everyone. Accordingly, Cisco has embedded security into corporate initiatives and the Cisco Code of Business Conduct (COBC). And we ask employees to assimilate security in their daily activities.
We created a comprehensive program to grow employee security knowledge. Employees proceed through five program levels. At the first level, they demonstrate familiarity with basic security vocabulary and concepts. At the highest level, they are perceived as security leaders providing ongoing, significant contributions to the security industry.