Continuous Diagnostics and Mitigation (CDM)
This Department of Homeland Security (DHS) program offers federal agencies real-time capabilities for identifying and mitigating cybersecurity risks.
COPPA
The Children's Online Privacy Protection Act (COPPA) framework protects children's privacy online by regulating data collection for kids under 13 years old.
Criminal Justice Information Services (CJIS)
The CJIS security policy provides guidelines to safeguard sensitive criminal justice information to ensure confidentiality and integrity.
Cybersecurity Maturity Model Certification (CMMC)
This DoD framework enhances the cybersecurity posture of contractors through cybersecurity practices across five maturity levels.
DNI NITTF Insider Threat Maturity Framework
This guide for executive branch agencies details how to optimize insider threat programs to enhance detection, prevention, and mitigation capabilities.
DoD Cloud Computing Security Requirements Guide (CC SRG)
This U.S. Department of Defense guide outlines security controls and requirements for using cloud services within military operations.
DoD Comply-to-Connect (C2C)
The DoD's C2C framework enhances network security by continuously validating and monitoring devices, reducing vulnerabilities.
DoD Impact Levels (IL)
The DoD Cyber Exchange classifies information by sensitivity and potential impact of a security breach, guiding protection measures.
DoD Zero Trust Strategy
This DoD framework focuses on stringent security measures by verifying every user and device, regardless of network location.
FedRAMP
FedRAMP provides a standardized approach for assessing, monitoring, and authorizing cloud computing products used by federal agencies.
FIPS 140
The U.S. government computer security standard is used to approve cryptographic modules and ensure secure data encryption and protection processes.
FISMA
The Federal Information Security Modernization Act (FISMA) governs NIST-based security for federal and contractor systems.
HIPAA
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) framework protects the privacy and security of health information in the United States, ensuring confidentiality and compliance.
NIST Cybersecurity Framework (CSF)
The cybersecurity framework offers guidance on managing cyber risk and enhancing security using four phases: Identify, Protect, Detect, Respond, and Recover.
NIST SP 800-171
The guidelines protect Controlled Unclassified Information (CUI) in non-federal systems, focusing on confidentiality, integrity, and access controls.
NIST SP 800-172
Boost security by extending NIST SP 800-171 to protect Controlled Unclassified Information (UCI) against advanced persistent threats (APTs).
NIST SP 800-53
This comprehensive set of security and privacy controls is designed to secure federal information systems and protect sensitive data.
SOC
The Service Organization Control (SOC) 1, 2, and 3 standards manage and report on controls at service organizations, ensuring security and compliance.
Trusted Internet Connections (TIC)
TIC guidance modernizes federal network security, enabling agencies to leverage the cloud, enhance performance, and improve cybersecurity.
Zero trust
DoD, CISA, and NIST provide frameworks for 'never trust, always verify' security before granting access to any user or device.
EU Cloud Code of Conduct (CoC)
The European Data Protection Board (EDPB) endorsed code of conduct for cloud providers implements GDPR Article 28 requirements for B2B processors.
EU Cyber Resilience Act (CRA)
This proposed EU regulation aims to enhance cybersecurity across digital products and services by establishing mandatory security requirements.
EU Digital Operational Resilience Act (DORA)
DORA harmonizes digital operational resilience requirements for EU financial entities and their ICT providers and became effective January 2025.
EU ENISA IAF
The framework by the EU cybersecurity agency ENISA is designed to assess cloud service providers' security measures for customer data protection.
EU Cybersecurity Certification (EUCC)
Harmonizing ICT security across Europe, this framework boosts trust and ensures consistent standards for products and services.
EU General Data Protection Regulation (GDPR)
Comprehensive data protection regulation safeguards EU residents' privacy rights and regulates data processing activities.
EU NIS2 Directive
The directive enhances cybersecurity across EU critical sectors by expanding measures to ensure robust network and information security protections.
Payment Services Directive 2 (PSD2)
The EU PSD2 framework enhances the security of electronic payments in the European Union (EU), mandating strong customer authentication.
Australia Essential Eight
This Australian framework emphasizes eight key strategies to mitigate cybersecurity risks and protect systems from common attacks.
Australia Information Security Manual (ISM)
This Australian government guide provides strategies and controls to secure government information and systems against cyberthreats.
Japan ISMAP
This Japanese government program assesses and certifies cloud services for secure use by government agencies, ensuring robust cloud security.
India MeitY
India's Ministry of Electronics and IT (MeitY) provides guidelines for data protection and cybersecurity, ensuring secure digital infrastructure.
Emerging AI regulations and security
NIST AI Risk Management Framework
The framework offers guidelines to manage AI risks, enhance trustworthiness, and tackle governance challenges effectively.
NYDFS guidance on AI and ML
The NYDFS guidance focuses on AI model governance and risk management for financial institutions, setting a precedent for regulated AI.
EU AI Act
This European directive creates comprehensive AI regulation based on risk, ensuring transparency and accountability for high-risk applications.
UK AI safety bill
This policy paper highlights a principles-based AI regulation, focusing on innovation and safety through pre-release testing of models.
ISO 42001:2023
The international standard for AI Management Systems provides guidance on ethical and trustworthy AI development and usage across organizational operations.
Featured solutions
Cisco Duo Federal
Cisco Secure Firewall
Cisco Identity Services Engine (ISE)
Cisco Secure Network Analytics
Cisco Secure Workload
Cisco Secure Access for Government
Secure. Comply. Thrive.
Zero trust
Seamlessly enforce zero trust without compromising experience or productivity.
Responsible AI
Support compliance, privacy, and security across evolving AI frameworks.
Data center security
Align with evolving frameworks to achieve compliance and mitigate security risks.
Our recent blogs
Strengthening cybersecurity: CMMC with Cisco's NIST CSF 2.0 mapping
Discover how Cisco's security solutions align with NIST CSF 2.0 to enhance and support CMMC compliance efforts.
From regulation to resilience: Shaping EU cybersecurity with NIS2
Learn how Cisco's innovations help share EU cybersecurity resilience in line with NIS2 and GDPR regulations.
We can help
Your security and support team
Talos Incident Response services
Prepare, respond, and recover from breaches with our proactive and reactive services.
Cisco Services
Make use of expert guidance to transform your organization's IT, reduce risk, and drive measurable business value.
Cisco U.
Take advantage of learning courses and certifications to improve your skills and optimize Cisco security solutions.