Security, privacy, and trust resources

Empowering people through a foundation of security, privacy, and trust

Today, almost everything is connected and generating data. These connections have become lifelines to our families and our healthcare, our livelihood and our prosperity, the world news, our entertainment, and our futures. This new digital reality creates vast opportunity—but also unprecedented levels of risk.

While organizations have always needed security, privacy, and trust, today’s challenges have made these attributes mission critical. Expectations are changing that require new standards and Cisco is listening, learning, and evolving to support our customers’ needs. Our holistic approach to security and privacy sets us apart. Our holistic approach to security and privacy sets us apart, as we center on three key principles of trustworthiness, transparency, and accountability. Read on to see how we earn and maintain customer trust in these three ways.

Trustworthiness

We embed security and privacy at every stage of the solution lifecycle. The fact that our solutions are built to secure and protect personal information—and won’t ship without undergoing meticulous security and privacy checkpoints and verification—translates into a competitive advantage for our customers, helping to make their critical infrastructure, applications, and data more secure.

• The Cisco New Trust Standard is a compilation of what we’ve heard in conversations with thousands of customers around the world about trusted digital relationships. We also have created a summary profile of a trusted partner and an explanation of what makes a solution trustworthy.
• We embed security and privacy into the technology we build with our repeatable and measurable Cisco Secure Development Lifecycle (Cisco SDL) process that is unified across the solutions and services we offer. The Cisco SDL includes a Privacy Impact Assessment and follows a security by design and privacy by design philosophy from product creation through end-of-life.

• Trustworthy solutions encompass Cisco’s commitment to deliver products and solutions with multilayered security that protects against today’s threats. This data sheet explains how trustworthy technologies enhance the security of Cisco solutions.
• This infographic provides an overview of the Cisco SDL, trustworthy technologies, and approach to security.
• Counterfeit products can cause serious risks to network quality, performance, safety, and reliability. Use this guide to see how to identify counterfeit or pirated products and only buy direct from Cisco or an authorized reseller/partner.
• Part of Cisco’s success is our ability to acquire companies that strengthen our technology and innovation portfolio, and securely integrate them into the larger organization through a trusted M&A cybersecurity approach.
• Cisco regularly publishes resources to help users of all ages stay safe online. See our recent guides on top cyber tips, protecting kids online, and keeping seniors cyber safe.
• When it comes to protecting critical infrastructure, the stakes for service providers are high. This video explains how Cisco Trustworthy Solutions help providers detect potential compromises and validate platform integrity for secure networks.

Transparency

We are open and transparent about the security and privacy approach we take across our solutions portfolio, including our compliance with global standards, certifications, and government regulations. And we share our cyber-resilience strategies with organizations around the world with the intention of collectively raising the bar for global cybersecurity and trust.

• A key example is responding to the rapid rise of sophisticated cyberattacks on legacy network infrastructure. Cisco continues to focus on the critical importance of updating software and maintaining hardware to support network resilience.
• Cisco is a founding member of the Network Resilience Coalition, working with technology providers, security experts, and network operators on improving network security that supports our global economic and national security.
• Cisco is committed to Software Transparency that reduces cyber risks and enables customers to more efficiently evaluate whether and how secure software development practices were fulfilled.
• New in 2023, customers can now request Software Bills of Materials (SBOMs) on our Trust Center, providing transparency into the third-party software used in building Cisco products.
• The Trust Center is an external site where we share information on Cisco’s trustworthy, transparent, and accountable approach, our Trust Principles, and thought leadership on security, privacy, and earning and building customer trust. Our Transparency Reports list the demands we receive from law enforcement and national security agencies around the world. Read more about Cisco’s Principled Approach to Government Demands for Data and Cisco Law Enforcement Guidelines for Government Data Demands.
• Our Trust Portal provides customers with access to security and privacy compliance documents, offering assurances that Cisco products support market security expectations. This fact sheet shares information about our Transparency Service Center, where users can review and test Cisco technology, including hardware, software, and firmware in a dedicated, secure facility at a Cisco site.
• Privacy Data Sheets, available for various Cisco solutions, describe how Cisco controls the collection and use of personal data, the purpose under which Cisco processes personal data, where data is processed, and third-party subprocessors processing data.
• Privacy Data Maps visually explain how various types of personal information are collected, used, stored, and shared throughout the solution lifecycle.
• We publish Privacy Reports for privacy and security professionals and business leaders interested in privacy, including our annual Data Privacy Benchmark Study. The study explores privacy practices and maturity levels at organizations around the world, their financial investments in privacy, business benefits from these investments, and the forces driving these behaviors. This blog shares more detail about how privacy’s impact continues to grow.
• The Consumer Privacy Survey is our annual reporting on consumers’ attitudes and actions regarding their personal data.
• We also partner with organizations like the Centre for Information Policy Leadership (CIPL) to report on the Business Benefits of Investing in Data Privacy Management Programs, as spotlighted in this blog.
• Our Cybersecurity Reports, including the Cisco Threat Report and Security Outcomes Report, provide the latest information for security professionals and business leaders interested in the state of global cybersecurity.
• The Cisco Cloud Controls Framework (CCF) is a comprehensive set of security and privacy compliance and certification requirements for SaaS offers, aggregated into a single framework. The CCF is publicly available, and the overview video and this blog provide details.
• The Trustworthy Cloud spotlights our work with international governance organizations to develop and enhance mechanisms and leading practices that demonstrate compliance and facilitate safe international data flows, as exemplified in Webex by Cisco being the first collaboration suite to achieve EU Cloud Code of Conduct Level 3 adherence.
• Responsible use of artificial intelligence (AI) is an important part of our approach to innovation. See our Responsible AI Principles and Responsible AI Framework to learn how these principles and practices form a broad AI governance framework for those who develop, deploy, and use AI.
• The Cisco Vulnerability Repository is a vulnerability search engine for publicly disclosed computer security flaws or Common Vulnerability and Exposures (CVE) that may impact Cisco products. This can help Cisco customers understand if their Cisco product is affected by a particular third-party vulnerability and displays Cisco Security Advisories associated with a CVE.
• In the event Cisco becomes aware of a vulnerability that does not affect a Cisco product but does involve another vendor’s products, we follow our Cisco Vendor Vulnerability Report and Disclosure Policy.

Accountability

Cisco’s dedicated team of security and privacy experts supports our customers’ business resilience and continuity by being proactive and taking responsibility for timely detection, notification, response, and remediation of security incidents.

• Our Security & Trust infographic provides a closer look at the people, processes, technology, and policies that enable Cisco to protect the security and privacy of our customers.
• The Cisco Security Vulnerability Policy and Cisco Security Advisories provide guidance and information in the event of a reported vulnerability in a Cisco product or service.
• Cisco Event Responses provide information about security events that have the potential for widespread impact on customer networks, applications, and devices. We also provide a mechanism for Data Subject Requests to be processed so that end users or their proxies can add, change, delete, port, and stop processing of their data.

• We hold ourselves accountable for resolution of security and privacy incidents. When issues arise with Cisco’s solutions, our global Cisco Product Security Incident Response Team responds swiftly, using a playbook with documented resolution procedures.
• When security or privacy incidents occur, our Computer Security Incident Response Team (CSIRT) and Data Incident Response Team perform 24/7 comprehensive incident investigation and prevention. When a cyberattack occurred in 2022, CSIRT and Talos worked swiftly to resolve it.
• Cisco Talos is a proven and trusted threat intelligence research team comprising world-class researchers, analysts, and engineers. Talos powers the Cisco portfolio with comprehensive intelligence that supports our customers' environments, covers events that arise, every single day, all over the world. Talos provides verifiable and customizable defensive technologies and techniques that help customers, users, and the Internet at-large quickly protect their assets, including:
  • Talos Incident Response offers a full suite of proactive and emergency services to help organizations prepare, respond, and recover from a breach.
  • Reputation Center provides access to expansive threat data and related information for domains, IPs, and files.
  • Talos Vulnerability Research investigates software and operating system vulnerabilities to discover them before malicious threat actors do. We provide this information to vendors so they can create patches and protect their customers as soon as possible.
  • Open-source security software, such as Snort, an intrusion prevention system; and ClamAV®, an anti-virus engine for detecting trojans, viruses, malware, and other malicious threats.
  • The Talos Blog shares the latest threat research on malware campaigns, nation-state activity, and indicators of compromise, while the Threat Source newsletter offers a weekly recap of some of the biggest headlines in cybersecurity. The Beers with Talos podcast series explores all things security, while Talos Takes breaks down complex issues for listeners.
• Talos Year in Review analyzes key incident trends that affected organizations in 2023.
• We are committed to maintaining strong protections for our customers, products, and company. The Cisco Online Privacy Statement captures our approach to building and maintaining trust and is also available in summary form.
• Cisco’s global privacy program and policies have been approved by European Union (EU) privacy regulators as providing additional safeguards for the protection of privacy, fundamental rights, and freedoms of individuals for transfers of Personal Information protected under EU law. Cisco’s EU Binding Corporate Rules—Controller state that international transfers made by Cisco as a controller worldwide of EU Personal Information benefit from additional safeguards. For customers who prefer contractual commitments of adherence to EU privacy requirements, Cisco enters into Standard Contractual Clauses, which are incorporated into our Master Data Protection Agreement.
• Cisco’s global privacy program is certified under the Asia Pacific Economic Cooperation (APEC) Cross Border Privacy Rules system (CBPRs) and Privacy Recognition for Processors (PRP). The APEC CBPR System and PRP provide a framework for organizations to ensure protection of Personal Information transferred among participating APEC economies.
• Cisco is now EU-U.S. Data Privacy Framework and Swiss-U.S. Data Privacy Framework certified for the transfer of personal data. When we transfer personal data out of the EU, European Economic Area (EEA), the United Kingdom (U.K.), Gibraltar, and Switzerland to countries that do not benefit from an adequacy decision, we may rely on Standard Contractual Clauses, Binding Corporate Rules—Controller, or other legal transfer mechanisms with appropriate safeguards in place to protect Personal Data. Additionally, Cisco and its U.S.-based subsidiaries comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the U.K. Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) for transfers of Personal Data from the EU, EEA, United Kingdom (and Gibraltar), and Switzerland to the United States.