Design Zone for Security: SAFE

Simplify Security with SAFE

This overview of SAFE will show you how to map security capabilities to threats. (PDF – 6 MB)

Read Overview

How to Use SAFE

Cisco and our Partners can help you align your business and security priorities with a SAFE Workshop.

Read Overview

Easy-to-Use Security Reference Architecture

SAFE can help you simplify your security strategy and deployment. This Cisco security reference architecture features easy-to-use visual icons that help you design a secure infrastructure for the edge, branch, data center, campus, cloud, and WAN. The framework encompasses operational domains such as management, security intelligence, compliance, segmentation, threat defense, and secure services.

SAFE solutions have been deployed, tested, and validated at Cisco and provide guidance, best practices, and configuration steps.

Why complicate your security network design? Keep it simple with SAFE.

The SAFE Key

Click to Enlarge

The SAFE Key organizes security by using two core concepts: Places in the Network (PINs) and Secure Domains.

PINs reference examples of locations that are found in networks and the infrastructure needed to create them:

Data center
Branch
Campus
WAN
Internet edge
Cloud

Secure Domains are operational areas used to protect these locations. They are security concepts that traverse an entire network:

Management
Security intelligence
Compliance
Segmentation
Threat defense
Secure services

How SAFE Works

This Interactive SAFE Poster shows you how the model works to protect your network.

The Latest in Thought Leadership

The SAFE blog brings you best practices in network security architecture and design.

Read Blogs

This reference architecture logically arranges capabilities to secure business workflows against threats.

Cisco Zero Trust Architecture Guide (HTML) (PDF)
Zero Trust Frameworks Architecture Guide (HTML) (PDF)
Cisco Secure Access Service Edge (SASE) Architecture Guide (HTML) (PDF)
Trusted Internet Connections (TIC) 3.0 Guide (HTML) (PDF)
SAFE Secure Cloud Architecture Guide (PDF - 3.3 MB)
SAFE Secure Data Center Architecture Guide (PDF - 3.7 MB)

SAFE design guides have been tested, validated, and deployed at Cisco. They provide best practices, configuration steps, and more.

Secure Cloud for GCP (IaaS) Design Guide (HTML) (PDF) (GitHub)

Secure Data Center – Cisco ACI, Secure Firewall, and Secure ADC Design Guide (HTML) (PDF) (GitHub)

Cisco Secure Access Service Edge (SASE) with Viptela SD-WAN Design Guide (HTML) (PDF)

Cisco Secure Access Service Edge (SASE) with Meraki SD-WAN Design Guide (HTML) (PDF)

Cisco Breach Defense Design Guide (HTML) (PDF)

Securing Cloud-Native Applications - Azure Design Guide (HTML) (PDF) (GitHub)

Securing Cloud-Native Applications - AWS Design Guide (HTML) (PDF) (GitHub) (DevNet)

Secure Remote Worker On-Prem Design Guide (HTML) (PDF)

Secure Remote Worker for AWS Design Guide

Secure Remote Worker for Azure Design Guide

Secure Remote Worker Design Guide

Trusted Internet Connections (TIC) 3.0 Design Guide

Trusted Internet Connections (TIC) 3.0 Cisco Overlay Guidance

Secure Cloud for AWS (IaaS) Design Guide

Umbrella Design Guide

Secure Cloud for Azure (IaaS) Design Guide

SAFE Edge Remote Access VPN with DDoS Design Guide – September 2016 (PDF - 4.6 MB)

SAFE Toolkit

The SAFE Toolkit includes the elements required to facilitate security discussions. You can use the items on these slides to build presentations using SAFE best-practice illustrations and diagrams. And you can customize the diagrams to suit your business.

SAFE Security Architecture Toolkit for PowerPoint - June 2021 (PPT - 32.5 MB)
SAFE Security Architecture Toolkit for Visio - April 2021 (ZIP - 19.3 MB)
SAFE Security Architecture Toolkit for Lucidchart - April 2021 (PDF - 163 KB)

SAFE