Security, Privacy, and Trust

Empowering People Through a Foundation of Security, Privacy, and Trust

Today, so much of our world is connected and generating data. We have unprecedented opportunities to boost human potential through artificial intelligence (AI) and technological innovation, but emerging and evolving capabilities make us more vulnerable unless we proactively address the security and risk challenges that come with innovation.

Our holistic approach to security and privacy sets us apart. The Cisco Trust Center offers thought leadership across our principles of trustworthiness, transparency, and accountability, and our Trust Portal provides customers with access to security, privacy, and compliance documents, offering assurance that Cisco solutions align with or exceed market security and privacy expectations.

Trustworthiness

We embed security and privacy throughout each stage of our solutions’ life cycle, safeguarding personal and confidential customer data by design and default. Our repeatable and measurable secure development life cycle process follows a security-by-design and privacy-by-design philosophy from product creation through end of life. This holistic approach empowers our customers with enhanced protection for their critical infrastructure, applications, and data, delivering a distinct advantage to help protect them and their customers.

• Our Trustworthy Technologies demonstrate Cisco’s commitment to deliver products and solutions with multilayered security that protect against today’s threats.
  • Learn how Trustworthy Technologies enhance the security of Cisco solutions.
  • Learn about our Secure Development Lifecycle (SDL) and approach to enhance the security of our solutions.
  • Watch how Cisco Trustworthy Solutions help providers detect potential compromises and validate platform integrity for secure networks.

• Our Responsible AI Principles and Responsible AI Framework form a broad AI governance framework for those who develop, deploy, and use AI.
• Cisco is a founding member of the Coalition for Secure AI, joining other industry-leading organizations dedicated to sharing best practices for secure AI deployment and collaborating on AI security research and product development.
• Cisco is committed to securing AI technologies so that they are not only powerful and efficient, but also safe and reliable for users worldwide.
• We help customers identify counterfeit or pirated products, since these can cause serious risks to network quality, performance, safety, and reliability.
• We acquire companies that strengthen our technology and innovation portfolio and integrate them into Cisco through a trusted mergers and acquisitions cybersecurity approach.
• Cisco regularly publishes resources to help users of all ages stay safe online. See our recent guides:
  • Top 10 Cyber Tips
  • Simple Steps to Protect Your Children Online
  • Helping Silver Surfers Navigate Online
• The Trustworthy Cloud spotlights our work with international governance organizations to develop and enhance mechanisms and leading practices that demonstrate compliance and facilitate safe international data flows.
  • This blog post shows how Webex by Cisco became the first collaboration suite to achieve European Union (EU) Cloud Code of Conduct Level 3 adherence.
• With quantum computers rapidly advancing toward the capability to break current encryption methods, Cisco is committed to helping customers adopt quantum-safe encryption to safeguard their data and communications.
• Cisco continues to respond to the rapid rise of sophisticated cyber attacks on legacy network infrastructure, focusing on the critical importance of updating software and maintaining hardware to support network resilience.

Transparency

We are transparent about the security and privacy approach we take across our solutions portfolio, including our compliance with global standards, certifications, and government regulations. We share our cyber-resilience strategies with organizations around the world with the intention of collectively raising the bar for global cybersecurity and trust.

• Building on our long-standing commitment to trusted infrastructure, Cisco continues to develop sovereignty-enabling solutions that help customers manage essential services and sensitive data in line with their unique requirements.
• Cisco is committed to Software Transparency that reduces cyber risk and providing trust assurances that increase customer confidence in Cisco’s solutions.
  • Customers can request Software Bills of Materials (SBOMs) that provide transparency into the third-party software used in building Cisco products via our Trust Center.
  • Secure Software Development Attestations, based on National Institute of Standards and Technology Special Publication 800-28, are available to U.S. Federal customers and demonstrate implementation of Cisco’s SDL process across Cisco’s solutions.
  • Cisco is the industry leader in public sector product certifications, achieving 249 product certifications.
• The Cisco Vulnerability Repository — a search engine for Common Vulnerability and Exposures (CVE) — can help Cisco customers understand if their Cisco product is affected by a particular third-party vulnerability and displays Cisco Security Advisories associated with a CVE.
• Our Transparency Reports list the demands we receive from law enforcement and national security agencies around the world. Read more about:
  • Cisco’s Principled Approach to Government Demands for Data
  • Cisco Law Enforcement Guidelines for Government Data Demands
• To help customers navigate the complexities of SaaS compliance, the Cloud Controls Framework is now more readily accessible on Cisco Trust Center. By expanding global standards coverage, streamlining controls implementation, and enabling access to audit artifacts, customers can reuse one implementation for multiple certifications and jurisdictions.
• Offer Disclosures, available for various Cisco solutions, describe how Cisco protects and controls the collection and use of personal data, the purpose under which Cisco processes personal data, where data is processed, and the third-party subprocessors processing data, as well as information on customer data access and nonpersonal data processing by Cisco solutions.
• We demonstrate privacy leadership by partnering with global information policy think tanks and privacy organizations like the International Association of Privacy Professionals, Future of Privacy Forum, and the Centre for Information Policy Leadership that provide thought leadership, a community of practice, training, and resources for privacy, AI, and cybersecurity law and policy professionals.
• Our Cybersecurity Reports provide the latest information for security professionals and business leaders interested in the state of global cybersecurity. Learn more by reading:
  • Cisco Cyber Threat Trends Report
  • 2025 Cybersecurity Readiness Index
  • The State of AI Security 2025 Annual Report
  • Cisco AI Readiness Index 2025
  • Cisco Talos 2024 Year in Review
  • The Duo 2024 Trusted Access Report
  • Cisco 2025 Data Privacy Benchmark Study
  • Cisco 2024 Consumer Privacy Survey

Accountability

Cisco’s dedicated team of security and privacy experts supports our customers’ business resilience and continuity by being proactive and providing timely detection, notification, response, and remediation of security incidents.

• Our Security & Trust infographic shows the people, processes, technology, and policies that enable Cisco to help protect the security and privacy of our customers.
• The Cisco Security Vulnerability Policy and Cisco Security Advisories provide guidance and information in the event of a reported vulnerability in a Cisco product or service.
  • Cisco's Product Security Incident Response Team (PSIRT) follows SO/IEC 29147:2018 standards for vulnerability disclosure, so that we receive information about potential vulnerabilities from the public, properly manage those reports, and communicate our findings transparently.

• Cisco Event Responses provide information about security events that have the potential for widespread impact on customer networks, applications, and devices.
  • We also enable Data Subject Access Requests processing as per our Online Privacy Statement so that end users or their proxies can add, change, delete, port, and stop processing of their data.
• We hold ourselves accountable for resolution of security and privacy incidents.
  • When issues arise with Cisco’s solutions, our global PSIRT responds swiftly, using a playbook with documented resolution procedures.
  • When security or privacy incidents occur, our Computer Security Incident Response Team and Data Incident Response Team perform 24/7 comprehensive incident investigation and prevention.
• Cisco Talos is a proven and trusted threat intelligence research team comprising world-class researchers, analysts, and engineers.
  • Integrating Talos’ threat intelligence into Cisco’s security products, across the platform, heightens real-time visibility, improves threat detection, enables proactive defense, automates response, reduces false positives, and enhances behavioral detections. Talos’ efforts help customers, users, and the internet at large quickly protect their assets, including:
    • Talos Incident Response offers a full suite of proactive and emergency services to help organizations prepare, respond, and recover from a breach.
    • Intelligence Center provides access to expansive threat data and related information for domains, internet protocols, and files.
    • Talos Vulnerability Research investigates software and operating system vulnerabilities to discover them before malicious threat actors do. We provide this information to vendors so they can create patches and protect their customers as soon as possible.
    • The Talos Blog shares the latest threat research on malware campaigns, nation-state activity, and indicators of compromise, while the Threat Source newsletter offers a weekly recap of some of the biggest headlines in cybersecurity. The Beers with Talos podcast series explores all things security, while Talos Takes breaks down complex issues for listeners.
    • The Talos Year in Review is an annual analysis of key incident trends that affect organizations. The 2025 report will be available early in 2026.
• The Cisco Online Privacy Statement — also available in summary form — captures our commitment and approach to maintaining strong protections for our customers, solutions, and company.
  • Cisco supports the G20’s “data free flow with trust” initiative to enable trustworthy data transfers across borders, and we have certified our privacy program against internationally recognized privacy standards. Cisco’s global privacy program, policies, and practices have been approved by EU and UK privacy regulators as providing the requisite “additional safeguards” for protecting privacy, fundamental rights, and freedoms of individuals under General Data Protection Regulation (GDPR).
  • Cisco’s EU Binding Corporate Rules — Controller enable legal international transfers of EU and UK Personal Information throughout Cisco’s global operations.
  • For customers in the European Union, European Economic Area, Switzerland, the United Kingdom, Kingdom of Saudi Arabia, or Turkey who prefer contractual commitments of adherence to privacy requirements, Cisco offers Standard Contractual Clauses, which are incorporated into our Data Protection Agreement.
  • Cisco’s global privacy program is also certified under the Global CBPR Forum’s Cross Border Privacy Rules (CBPRs) and Privacy Recognition for Processors, providing a framework for organizations to help protect personal data transferred among participating member economies.
  • Cisco is EU/UK/Swiss–US Data Privacy Framework certified, enabling personal data from the European Union, European Economic Area, United Kingdom (and Gibraltar), and Switzerland to be processed in the United States.