Skip to Main Content
(Press Enter)

Security, privacy, and trust resources

We free the world to innovate, transform, and grow into their own futures confidently and securely.

Empowering people through a foundation of security, privacy, and trust.

Today, almost everything is connected and generating data. These connections have become lifelines to our paychecks and our prosperity, our families and our healthcare, our world news, our entertainment, and our futures. Our new digital reality creates vast opportunity—but also unprecedented levels of risk.

While organizations have always needed security, privacy, and trust, today's challenges have made them mission-critical. Customers are setting new standards of trust, and Cisco is listening, learning, and evolving to meet their needs. Our holistic approach to security and privacy sets us apart. This approach has three key characteristics: trustworthiness, transparency, and accountability. Read on to see how we earn and maintain customer trust in these three ways.

Trustworthy

We embed security and privacy at every stage of the solution lifecycle. The fact that our solutions are secure and protect personal information—and won't ship without strict security and privacy checkpoints and verification—translates into a competitive advantage for our customers, helping to make their critical infrastructure, applications, and data more secure and ensure appropriate use.

Transparent

We are open and transparent about the security and privacy approach we take across our entire solutions portfolio. And we share our cyber-resilience strategies with organizations around the world, collectively raising the bar for global cybersecurity and trust.

  • The Trust Center is an external site where we share information on Cisco's trustworthy, transparent, and accountable approach, our Trust Principles, and thought leadership on security, privacy, and earning and building customer trust.
  • Our Trust Portal provides customers with access to security and privacy compliance documents. There, we post Transparency Reports, which list the demands we receive from law enforcement and national security agencies around the world. Read more about Cisco's Principled Approach to Government Demands for Data and Cisco Law Enforcement Guidelines for Government Data Demands.
  • This fact sheet provides information about our Transparency Service Center, where users can review and test Cisco technology, including hardware, software, and firmware in a dedicated, secure facility at a Cisco site.
  • Privacy Data Sheets, available for various Cisco solutions, describe how Cisco controls the collection and use of personal data, the purpose under which Cisco processes personal data, where data is processed, and third-party subprocessors processing data.
  • Privacy Data Maps visually explain how various types of personal information are collected, used, stored, and shared throughout the solution lifecycle.
  • We publish Privacy Reports for privacy and security professionals and business leaders interested in privacy, including the Data Privacy Benchmark Study, which explores privacy practices and maturity levels at organizations around the world, their financial investments in privacy, business benefits from these investments, and the forces driving these behaviors. The Consumer Privacy Survey is our annual reporting on consumers' attitudes and actions regarding their personal data.
  • Our Cybersecurity Reports, including the Cisco Threat Report and Security Outcomes Study, provide the latest information for security professionals and business leaders interested in the state of global cybersecurity.
  • The Cisco Cloud Controls Framework (CCF) is a comprehensive set of international and national security and privacy compliance and certification requirements, aggregated into a single framework. In addition to the control mapping, CCF also contains guidance on implementation and audit artifacts.
  • Responsible use of artificial intelligence (AI) is an important part of our approach to innovation. See our Responsible AI Principles and Responsible AI Framework.

Accountable

Cisco's dedicated team of security and privacy experts ensures our customers' business resilience and continuity by being proactive and taking responsibility to ensure timely detection, notification, response, and remediation of security incidents.

  • Our Security & Trust infographic provides a closer look at the people, processes, technology, and policies that allow Cisco to protect the security and privacy of our customers.
  • The Cisco Security Vulnerability Policy and Cisco Security Advisories provide guidance and information in the event of a reported vulnerability in a Cisco product or service.
  • Cisco Event Responses provide information about security events that have the potential for widespread impact on customer networks, applications, and devices. We also provide a mechanism for Data Subject Requests to be processed so end users or their proxies can add, change, delete, port, and stop processing of their data.
  • The Cisco Vulnerability Repository is a vulnerability search engine for publicly disclosed computer security flaws or Common Vulnerability and Exposures (CVE) that may impact Cisco products. This can help Cisco customers understand if their Cisco product is affected by a particular third-party vulnerability and displays Cisco Security Advisories associated with a CVE.
  • In the event Cisco becomes aware of a vulnerability that does not affect a Cisco product but does involve another vendor's products, we follow our Cisco Vendor Vulnerability Report and Disclosure Policy.
  • We hold ourselves accountable for resolution of security and privacy incidents. When issues arise with Cisco's solutions, our global Cisco Product Security Incident Response Team responds swiftly, using a playbook with documented resolution procedures.
  • When security or privacy incidents occur, our Computer Security Incident Response Team (CSIRT) and Data Incident Response Team perform 24/7 comprehensive incident investigation and prevention. When a breach occurred in 2022, CSIRT and Talos worked swiftly to resolve it.
  • Cisco Talos is one of the most trusted commercial threat intelligence teams in the world, comprising world-class researchers, analysts, and engineers. Talos conducts research and provides a wide variety of resources for users, including:
    • Talos Incident Response that offers a full suite of proactive and emergency services to help organizations prepare, respond, and recover from a breach.
    • Reputation Center that provides access to expansive threat data and related information for domains, IPs, and files.
    • Talos Vulnerability Research that investigates software and operating system vulnerabilities to discover them before malicious threat actors do. We provide this information to vendors so that they can create patches and protect their customers as soon as possible.
    • Open-source security software, including Snort, an intrusion prevention system; and ClamAV, an anti-virus engine for detecting trojans, viruses, malware, and other malicious threats.
    • The Talos Blog discusses the latest threat research on malware campaigns, nation-state activity, and indicators of compromise, while the Threat Source newsletter offers a weekly recap of some of the biggest headlines in cybersecurity. The Beers with Talos podcast series explores all things security, while Talos Takes breaks down complex issues for listeners.
  • Our latest threat report, Defending Against Critical Threats, analyzes key incident trends that affected organizations in 2021.
  • We are committed to maintaining strong protections for our customers, products, and company. The Cisco Online Privacy Statement captures our approach to building and maintaining trust, and is also available in summary form.
  • Cisco's global privacy program and policies have been approved by EU privacy regulators as providing additional safeguards for the protection of privacy, fundamental rights, and freedoms of individuals for transfers of Personal Information protected under EU law. Cisco's EU Binding Corporate Rules—Controller state that international transfers made by Cisco as a controller worldwide of EU Personal Information benefit from additional safeguards. For customers who prefer contractual commitments of adherence to EU privacy requirements, Cisco enters into Standard Contractual Clauses, which are incorporated into our Master Data Protection Agreement.
  • Cisco's global privacy program is certified under the Asia Pacific Economic Cooperation (APEC) Cross Border Privacy Rules system (CBPRs) and Privacy Recognition for Processors (PRP). The APEC CBPR System and PRP provide a framework for organizations to ensure protection of Personal Information transferred among participating APEC economies.
  • Although the EU/UK/Swiss-US Privacy Shield has been invalidated as a data transfer mechanism, Cisco remains a certified company and committed to adhering to the Privacy Shield Principles when processing personal data from those countries.