Cisco Meraki operates the industry’s largest-scale cloud networking service. The Cisco Meraki cloud service powers millions of networks worldwide and connects hundreds of millions of devices every day. Cisco Meraki scales to fit the needs of businesses of every size, supporting networks with hundreds of thousands of devices at full enterprise scale, as well as small businesses with only a handful of users. Cisco Meraki also has extensive experience in the cloud, having run its cloud networking service continuously for more than 10 years. The Cisco Meraki cloud platform is trusted by thousands of IT professionals, from enterprises to hospitals, banks, and retailers.
The Cisco Meraki trust center website is a central repository of information regarding security, privacy, and reliability as related to Cisco Meraki cloud networking services. Here you will find information concerning:
The Cisco Meraki service is colocated in fully redundant, highly available data centers and select public cloud service providers (together, “data centers”). These facilities feature state of the art physical and cyber security, and maintain certifications such as PCI, SOC 2 and ISO 27001. All Cisco Meraki services are replicated across these multiple independent data centers, so that customer-facing services remain highly available in the event of a catastrophic data center failure.
The Cisco Meraki cloud networking service is powered by a multi-tier data storage architecture. This architecture allows us to offer powerful capabilities such as the ability to upload and use custom floorplans, host custom splash pages, and provide in-depth location analytics as part of the dashboard and product experience. The Meraki storage architecture is designed to store different types of data in a highly redundant and scalable fashion.
There are three major types of data types stored by Cisco Meraki:
The above types of data are stored in different systems in order to optimize performance; for example, network analytics data is stored in a custom time-series database built by the Meraki team.
Although the three types of data above are stored in three unique systems, the goals and underlying principles of the various storage architectures are the same:
By following these underlying principles, Meraki has created a best-in-class data storage architecture that allows for rapid data lookup, the ability for customers to upload custom assets, and highly redundant customer configuration backups.
Cisco Meraki’s out of band control plane separates network management data from user data.
The data (e.g. configuration, statistics, monitoring, etc.) that flows from Meraki devices (e.g. wireless access points, switches and security appliances) to the Meraki cloud over a secure internet connection.
Data related to user traffic (e.g. web browsing, internal applications). User data does not flow through the Meraki cloud, instead flowing directly to their destination on the LAN or across the WAN.
Scalability
Reliability
Security
With Cisco Meraki’s out of band architecture, most end users are not affected if Cisco Meraki hardware devices (e.g. wireless APs, switches or security and SD-WAN devices) cannot communicate with the Cisco Meraki cloud (e.g., because of a temporary WAN failure). In the event of such an interruption:
While the Cisco Meraki cloud is unreachable, management, monitoring, and hosted services are temporarily unavailable:
In addition to the Cisco Meraki secure out of band architecture and hardened data centers, Cisco Meraki offers a number of tools for administrators to maximize the security of their network deployments. Use of these tools provide optimal protection, visibility, and control over your Cisco Meraki network. This page contains information about how to quickly and easily increase the security of your meraki.com accounts and our recommended best practices for account control and auditing. For more information, see Cisco Meraki manuals.
Two-factor authentication adds an extra layer of security to an organization’s network by requiring access to an administrator’s phone, in addition to her username and password, in order to log in to Cisco Meraki cloud services. Cisco Meraki’s two factor authentication implementation uses secure, convenient, and cost effective SMS technology: after entering their username and password, an administrator is sent an a one-time passcode via SMS, which they must enter before authentication is complete. In the event that a hacker guesses or learns an administrator’s password, she still will not be able to access the organization’s account, as the hacker does not have the administrator’s phone. Cisco Meraki includes two-factor authentication for all enterprise users at no additional cost.
You can configure organization-wide security policies for your Cisco Meraki accounts to better protect access to the Cisco Meraki dashboard. Under organization > configure, you may:
Role-based administration lets you appoint administrators for specific subsets of your organization, and specify whether they have read-only access to reports and troubleshooting tools, administer managed guest access via Cisco Meraki’s lobby ambassador, or can make configuration changes to the network. Role-based administration reduces the chance of accidental or malicious misconfiguration, and restricts errors to isolated parts of the network.
The Cisco Meraki system can automatically send human-readable email alerts when network configuration changes are made, enabling the entire IT organization to stay abreast of new policies. Change alerts are particularly important with large or distributed IT organizations.
Cisco Meraki logs the time, IP, and approximate location (city, state) of logged in administrators. Additionally, Cisco Meraki provides a searchable configuration change log, which indicates what configuration changes were made, who they were made by, and which part of the organization the change occurred in. Auditing configuration and login information provides greater visibility into your network.
Cisco Meraki accounts can only be accessed via https, ensuring that all communication between an administrator’s browser and Cisco Meraki cloud services is encrypted. As with any secure web service, do not log in if your browser displays certificate warnings, as it may indicate a man-in-the-middle attack.
30 seconds before being logged out, users are shown a notice that allows them to extend their session. Once time expires, users are asked to log in again.
Cisco Meraki provides a comprehensive solution to ensure a PCI compliant wireless environment held to the strict standards of a Level 1 PCI audit (the most rigorous audit level). Cisco Meraki’s rich security feature set addresses all of the PCI data security standards, helping customers to build and maintain a secure network, protect cardholder data, maintain a vulnerability management program, implement strong access control measures, and monitor network security.
Unlike traditional networks, Cisco Meraki’s intelligent security infrastructure eliminates the management complexities, manual testing, and ongoing maintenance challenges that lead to vulnerabilities. Cisco Meraki’s intuitive and cost effective security features are ideal for network administrators, while powerful and fine-grained administration tools, account protections, audits, and change management appeal to CISOs.
Centrally managed from the cloud, Cisco Meraki makes it easy and cost effective to deploy, monitor, and verify PCI compliant networks across distributed networks of any size.
The Cisco Meraki cloud-hosted management system is out of band, meaning that traffic (including cardholder data) does not flow through Cisco Meraki’s cloud or any other Cisco Meraki infrastructure not behind your firewall. Learn more about Meraki’s out of band architecture. Cisco Meraki data centers are SSAE16 / SAS70 type II certified, feature robust physical and cyber security protection, and are regularly audited by third parties. Learn more about Cisco Meraki’s data centers.
Cisco Meraki wireless APs include an integrated stateful firewall which ensures that guest WiFi users and other non-privileged clients cannot access cardholder data, in conformance with Requirement 1.2.3. The firewall’s LAN isolation feature enables one-click secure guest WiFi, wherein guests can only access the Internet. Blocked from LAN access, guests cannot spread viruses or reach internal resources. Cisco Meraki’s firewall provides fine-grained control, from layer 3 through 7. Configure VLAN tags, ACLs, identity-based policies, and block unwanted applications — even peer-to-peer apps without well-known hosts and ports.
Cisco Meraki does not ship with default vendor keys that need to be changed. Cisco Meraki hardware is configurable through an SSL-encrypted connection, accessible only by authenticated users. To comply with requirement 2.1.1, simply enable strong security standards, such as WPA2 (802.11i). See requirement 4.1.1 for more information on wireless encryption.
Compliant networks require strong encryption using industry best-practices, e.g., WPA2, for wireless networks used for cardholder data. Cisco Meraki supports WPA2 (802.11i), offering both WPA2-PSK and WPA2-Enterprise with AES encryption. To maintain compliance with requirements 4.1.1 and 2.1.1, enable WPA2 on any SSID that cardholder data is transferred over. Since Cisco Meraki’s firewall will isolate traffic between SSIDs, WPA2 need not be enabled on SSIDs that are not used for cardholder data (e.g. a guest WiFi SSID.)
Cisco Meraki firmware updates are delivered seamlessly from the cloud to APs, security appliances, and switches. When firmware updates are available, an administrator simply schedules an appropriate time for Cisco Meraki devices to download and install the new version, eliminating insecure and out of date firmware in the cardholder data environment. This delivery model facilitates compliance with requirement 6.1 – without deciphering compatibility matrices, time consuming manual updates, site visits to branch locations.
Cisco Meraki provides role-based administration to enforce the principle of least privilege in compliance with requirement 7.2. Role-based administration lets you appoint administrators for specific subsets of your organization and specify whether they have read-only access to reports and troubleshooting tools, can administer managed wireless guest access via Cisco Meraki’s lobby ambassador, or can make configuration changes to the network.
Cisco Meraki includes a comprehensive suite of features to enable unique ID and authentication methods for network administration, in compliance with requirement 8. Configure organization-wide security policies for your Cisco Meraki administrator accounts to better protect access to the Cisco Meraki dashboard and network infrastructure. These policies include account protections such as two-factor authentication, password hardening policies, and the use of encrypted transmission (SSL/TLS) for access to the Cisco Meraki dashboard.
Cisco Meraki logs the time, IP, and approximate location (city, state) of logged in administrators. Additionally, Cisco Meraki provides a searchable configuration change log, which indicates what configuration changes were made, who they were made by, and which part of the organization the change occurred in. Auditing this configuration and access information satisfies requirement 10 and provides greater visibility into your network.
Cisco Meraki data centers undergo thorough quarterly scans and daily penetration testing by Qualys, an approved scanning vendor (ASV). Cisco Meraki is verified to be free of vulnerabilities such as injection flaws, cross-site scripting, misconfiguration, and insecure session management. Cisco Meraki data centers are SSAE16 / SAS70 type II certified and hardened against physical and network intrusion. These procedures exceed the scanning and penetration testing requirements of requirement 11.2 and 11.3, respectively.
Cisco Meraki’s out-of-the-box WIDS/WIPS, Air Marshal, protects the network from unauthorized wireless access points that may compromise network security. Rogue APs are unauthorized wireless APs that connect to your wired LAN, or that connect to a separate network but masquerade as part of your WLAN, using your same SSID. Cisco Meraki automatically detects rogue APs, identifying their IP address, VLAN, manufacturer, and model, and optionally contains them to neutralize their threat. Air Marshal includes network-wide visualization, email alerts, and reporting, meeting requirements 11.1 and 11.4.
PCI DSS v4.0 is the latest global standard for securing payment card data, setting requirements for technology, processes, and people to protect transactions and cardholder information. It strengthens security, reduces risks of breaches and fraud, and is mandatory for businesses handling card data. Meraki dashboard is PCI DSS v4.0 certified, ensuring robust encryption, access control, monitoring, and vulnerability management. This makes it a reliable solution for PCI-compliant environments across a variety of industries, including retail, hospitality, financial services, and many others that process or store payment card data.
For more information about Cisco Meraki security capabilities, PCI compliance, and configuration best practices, please contact a Cisco Meraki specialist.
Cisco Meraki is committed to data protection, privacy, security, and compliance with applicable regulatory frameworks in the US and abroad. The Meraki cloud-based architecture is designed from the ground up with data protection, privacy, and security in mind.
The Cisco Meraki technical architecture and its internal administrative and procedural safeguards assist customers with the design and deployment of cloud-based networking solutions. The cornerstone of Meraki’s privacy driven architecture is our out-of-band control plane. This means only network management information (not user traffic data) flows from devices to the Meraki cloud, dramatically limiting the amount of personal data that is transferred to the Meraki cloud. In addition:
At Meraki, we are committed to providing our customers with secure and intuitive product experiences. From time to time, we partner with third party service providers who are contracted to provide the same level of data protection and information security that customers expect from Meraki. Some of these third parties are engaged as “subprocessors” to process customer data, including limited personal data, in connection with providing Meraki products, including dashboard.
A current list of subprocessors is set out below. Meraki may update this list from time to time.
| Subprocessor | Primary data storage location(s) |
|---|---|
| Amazon Web Services, Inc. | Global locations including (us-east-1), (us-east-2), (us-west-1), (us-west-2), (ca-central-1), (eu-central-1), (eu-west-1), (eu-west-3), (ap-northeast-1), (ap-southeast-1), (ap-southeast-2), (cn-north-1), (cn-northwest-1), (ap-south-1), (ap-south-2) |
| Google LLC | Global locations |
| Labelbox, Inc | United States |
| Localize Corporation | United States |
| Microsoft Corporation | Australia, Hong Kong, Ireland, Japan, Netherlands, Singapore, United States |
| New Relic, Inc. | United States |
| NewVoiceMedia US Inc. | Australia, Singapore, United States, United Kingdom |
| Salesforce.com, Inc. | United States |
| Snowflake Computing, Inc. | United States |
| Syntiant Corp., formerly doing business as Pilot AI Labs, Inc. | United States |
| Twilio, Inc. | United States |
This page is provided for informational purposes only.
This service level agreement (“SLA”) applies to the Cisco Meraki cloud services as set out in the offer description. If capitalized terms are not defined in this SLA, then they have the same meaning as under the offer description.
| Service level | During each measurement period, the availability of the core services will be 99.99% or greater |
| Measurement period | One calendar month |
| Availability percentage | Amount credited and type |
|---|---|
| < 99.99% – ≥ 99.9% | 3 Service days |
| < 99.9% – ≥ 99.0% | 7 Service days |
| < 99.0% | 15 Service days |
2.2 Service credit limitations
The aggregate maximum service credit for any measurement period will be 15 days of additional cloud service for that measurement meriod. These service credits are your only remedy if the core services do not meet the service level.
Claims procedure
3.1 To receive a service cedit, you must:
3.2 You must submit a claim via Meraki support.
3.3 If You purchased the cloud service from a Cisco partner, You may claim service credits or the Cisco partner may claim them on Your behalf.
3.4 If there is a dispute about whether a qualifying outage has occurred, Cisco will decide in good faith based on our system logs, monitoring reports, and configuration records. If You have supporting information for Your claim that You want Cisco to consider, You should provide this information with Your claim.
4.1 Review. Cisco will use commercially reasonable efforts to review and issue earned service credits within 30 calendar days of confirming that you are entitled to those service credits.
4.2 Service credits. Service credits that Cisco issues will be added to the end of your existing usage term. You will be responsible for arranging adjustments to the term for any other Cisco offers or services that depend on the cloud service (which may have a fee). You cannot convert service credits to general credits or refunds, and you cannot sell, transfer, or assign such service credits. Cisco will use commercially reasonable efforts to notify the Cisco partner of the awarded service credits.
| Term | Meaning |
|---|---|
| Availability | Calculated as follows and converted into a percentage: (Total service time – total outage time) / Total service time |
| Core services | Your ability to access the cloud-hosted software platform known as the Cisco Meraki dashboard. |
| Qualifying outage | The time that the core services are unavailable. |
| Service credits | Additional days Cisco will add to your cloud service usage term (“service days”). The applicable service credit type and amount is listed in the table in section 2. |
| Total outage time | The aggregate total time for all qualifying outages during a measurement period (rounded upward to the nearest minute). To calculate total outage time, each qualifying outage will:
|
| Total service Time | The total number of minutes in a measurement period (calculated by multiplying 60 (minutes) by 24 (hours) by the number of calendar days in the measurement period). |
Cisco Meraki provides certain translated versions of the Service Level Agreement at the link(s) below. View the service level agreement in French (Canada).
The security of our customers and end users are our top priority. We invest heavily in tools, processes, and technologies to keep our users and their networks safe. This includes third-party audits, threat modeling, penetration testing, features like two-factor authentication, and our out-of-band cloud management architecture. The Cisco Meraki vulnerability reporting program is a crucial element of our comprehensive security strategy, promoting active collaboration among our customers, external researchers, and the public with a shared goal of enhancing the safety and security of our customers.
If you are a user and have a security issue to report regarding your account (including password problems and account abuse issues), non-security bugs, or questions about issues with your network, please contact Cisco Meraki support.
Reporting security issues
If you think you’ve discovered a vulnerability in a Cisco Meraki product or service, please report it through our Vulnerability Reporting Form below. We welcome all relevant reports to help us improve our security posture. Additional information on this program, including our commitment and details about disclosure are available on our Bugcrowd responsible disclosure program landing page.
To participate in our security rewards bug bountprogram, which provides monetary rewards for verified vulnerabilities, please visit our bug bounty program through Bugcrowd. The program has specific limitations regarding scope and vulnerability types; therefore, we encourage you to thoroughly review the detailed targets that are in and out of scope, the rewards offered, and the guidelines on permissible activities.
Please note that this program does not cover vulnerabilities related to other parts of Cisco Systems, Inc.
Cisco Meraki’s cloud-based location analytics and user engagement solution provides data about the physical locations of visitors, enabling businesses to better understand the behavior of clients. Location analytics is available with all Cisco Meraki wireless access points.
Location analytics data is gathered by capturing and analyzing the beacons that every Wi-Fi enabled device periodically emits when its Wi-Fi antenna is turned on in order to detect the presence of nearby wireless networks. The Cisco Meraki dashboard also displays anonymized and aggregated statistics on nearby devices, whether they join the network or not.
Location analytics distinguishes between devices and recognizes repeat visitors by collecting a MAC address, the unique identifier assigned to every device connecting to wired or wireless networks. Only a device’s MAC address is captured, and the aggregated data provided to businesses using location analytics can’t be traced back to an individual without the business having prior knowledge of the MAC address of that person’s device.
You can learn more in our documentation on location analytics.
Cisco Meraki uses a one-way hash function to anonymize MAC addresses before storage. The function is irreversible; given a specific hashed MAC, there is no way to undo the function to reveal the original MAC address. In addition, bytes are dropped from the hashcode, meaning that even if one knew the hash function, they could not determine if a specific MAC had visited a location. Hashed MAC addresses are unique to each business or organization, so it is not possible to view location analytics data for a single device across networks with different owners.
Our data centers are protected by enterprise-class physical and network security, and are subjected to regular audits and penetration tests by independent third parties.
In addition to providing statistics to businesses within the Cisco Meraki dashboard, customers can use the location analytics API to export MAC addresses of probing clients, consistent with industry standards. Retail and enterprise customers can use the location analytics API to integrate location analytics data from their network with their own custom-built applications.
The location analytics API provides no mechanism for users to connect MAC addresses with any other personal information.
We provide a set of best practices to users of the location analytics API, and it is their responsibility to take appropriate measures to safeguard the privacy of personally identifiable information that they may collect.
If you would like to exclude your Wi-Fi-enabled devices from Meraki location analytics services, you may do so through a simple opt-out form, available here https://account.meraki.com/optout. Opting out will exclude your MAC address from location analytics information stored in the Cisco Meraki cloud and from export through the location analytics API. It is the Cisco Meraki customer’s responsibility to notify visitors to their network that location analytics services are in use.
Meraki takes a systematic approach to data protection, privacy, and security. We believe a robust security and privacy program requires active involvement of stakeholders, ongoing education, internal and external assessments, and instillment of best practices within the organization.
To deny unauthorized persons access to data processing systems in which customer data is processed.
This is accomplished by:
To prevent data processing systems from being used without authorization.
This is accomplished by:
To ensure that persons authorized to use systems in which customer data is processed only have access to the customer data as they are entitled to in accordance with their access rights and authorizations, and to prevent the unauthorized reading, copying, modification or deletion of customer data.
This is accomplished by:
To prevent the unauthorized reading, copying, modification or deletion of customer data which is under Meraki’s control while customer data is being transferred electronically, transported or recorded on data storage devices, and to ensure that the intended recipients of customer data who are provided with customer data by means of data communication equipment can be established and verified.
This is accomplished by:
To ensure it is possible to establish an audit trail as to when and by whom customer data has been entered, modified, or removed from systems being used by (or on behalf of) Meraki to process customer data.
This is accomplished by:
To ensure that customer data processed by or on behalf of Meraki can only be processed in accordance with the customer’s instructions.
This is accomplished by:
To ensure the protection of customer data which is under the control of Meraki against accidental destruction or loss.
This is accomplished by:
To ensure that customer data collected is only used for the intended purpose under the agreement.
This is accomplished by:
Meraki keeps documentation of organizational and technical measures in case of audits. Meraki takes reasonable steps to ensure that its employees and other persons at Meraki physical locations are aware of and comply with the organizational and technical measures set forth in this document.
Additional measures
Out-of-band architecture
Cloud services security
Cloud services infrastructure
Disaster preparedness
Organization and personnel
For a Meraki hardware device to communicate with the cloud, Meraki leverages a lightweight encrypted tunnel using AES256 encryption while management data is in transit. Within the tunnel itself, Meraki leverages HTTPS and protocol buffers for a secure and efficient solution, limited to 1 kbps per device when the device is not being actively managed.
Meraki uses an event-driven Remote Procedure Call (RPC) engine for Meraki devices to communicate to the Meraki dashboard and for Meraki servers to send and receive data. Meraki hardware devices act as the server/receiver as the Meraki cloud initiates calls to the devices for data collection and configuration deployment. Because the cloud infrastructure is the initiator, configurations can be executed in the cloud before the devices are actually online, or even physically deployed. In the event of cloud connectivity loss (which is most commonly caused by a local ISP or connection failure), the Meraki hardware device will continue to run with its last known configuration until cloud connectivity is restored.
Auto VPN is a proprietary technology developed by Meraki that allows you to quickly and easily build VPN tunnels between Meraki MX devices at your separate network branches with just a few clicks. Auto VPN performs the work normally required for manual VPN configurations with a simple cloud based process.
Meraki MR access points may also be configured to concentrate traffic to a single point either for layer 3 roaming or teleworker use cases. SSID tunneling and layer 3 roaming with a concentrator both use the same Meraki Auto VPN technology. Wireless access points should concentrate to a Meraki MX security appliance.
View offer disclosure for the Cisco Meraki cloud service.
At Meraki, earning and maintaining your trust is our highest priority. Our security certifications reflect our ongoing investment in keeping your data safe and meeting leading industry standards. Meraki enforces industry-leading security certifications and protocols, ensuring unparalleled protection and compliance. Its robust security framework includes rigorous encryption, continuous monitoring, and strict access controls, making it a top-tier choice for secure network infrastructure.
The Meraki dashboard is backed by a broad range of globally recognized certifications, highlighting our commitment to strong security, operational excellence, and regulatory compliance. Our certifications—including PCI DSS v4.0, SOC 2 Type II, ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, and FedRAMP® Moderate —demonstrate our focus on safeguarding data and meeting regulatory standards. Beyond these, the Meraki dashboard also meets local government certification requirements such as C5, ISMAP, and ENS. FedRAMP specifically meets U.S. federal agency requirements. Full details and documentation are always available for customer review on the Cisco trust portal.
PCI DSS v4.0 is the latest global standard for securing payment card data, setting requirements for technology, processes, and people to protect transactions and cardholder information. It strengthens security, reduces risks of breaches and fraud, and is mandatory for businesses handling card data. Meraki dashboard is PCI DSS v4.0 certified, ensuring robust encryption, access control, monitoring, and vulnerability management. This makes it a reliable solution for PCI-compliant environments across a variety of industries, including retail, hospitality, financial services, and many others that process or store payment card data.
SOC 2 Type II, developed by the AICPA, is an independent audit standard assessing an organization’s controls over security, availability, processing integrity, confidentiality, and privacy over time. It demonstrates strong operational controls, provides third-party validation of security practices, and supports organizations’ due diligence and vendor assessments. Meraki SOC 2 Type II report assures customers that industry best practices are followed, supporting their own compliance requirements for partners, clients, or auditors.
ISO/IEC 27001 is the global standard for information security management systems (ISMS), providing best practices for managing sensitive data, risks, and security controls. It establishes a systematic approach to managing sensitive information to ensure its confidentiality, integrity, and availability, thereby reducing the risk of data loss. Meraki maintains a certified ISMS, continually assessing and improving security to protect customer information. Using Meraki services helps customers align with international security standards and simplifies their own audits and compliance processes.
ISO/IEC 27017 is designed for cloud service providers and customers, offering additional cloud-specific security controls beyond the general ISO 27001 standard. Achieving ISO 27017 demonstrates that Meraki has implemented best practices for cloud service security, including clear guidelines for shared responsibilities, data segregation, and customer data protection in cloud environments.
ISO/IEC 27018 sets out controls and guidelines to ensure that cloud service providers implement effective privacy and data protection measures for PII, helping customers meet global privacy requirements and giving assurance that their data is handled with the highest level of care. With this certification, Meraki is recognized for its strong commitment to protecting personally identifiable information (PII) in the cloud.
BSI C5 (Cloud Computing Compliance Controls Catalogue) is a cloud security standard developed by the German federal office for Information Security (BSI). It is a mandatory requirement to conduct business with the German government. The standard outlines requirements for transparency, data protection, and operational security for cloud providers, aligning with German and EU standards. Meraki BSI C5 certification demonstrates compliance with these requirements, including logging, incident response, and legal standards, making Meraki cloud services suitable for organizations with strict data residency or regulatory needs in Germany and the EU.
The Esquema Nacional de Seguridad (ENS) is Spain’s national security framework, setting mandatory information security requirements for public sector systems and service providers. ENS ensures data integrity, confidentiality, and availability for government data, fostering trust with Spanish government and regulated entities. ENS certification in the Meraki dashboard demonstrates strong, compliant security controls, enabling Spanish public sector organizations and their partners to confidently rely on the Meraki dashboard for sensitive workloads.
FedRAMP Moderate ATO (Authorization to Operate) is a federal standard ensuring that cloud services meet specific security requirements for moderate-impact data. Achieving this status involves rigorous assessment, ongoing monitoring, and reporting, enabling secure cloud adoption by U.S. government agencies. Cisco Meraki for government has earned FedRAMP Moderate ATO, assuring agencies and contractors that its cloud environment complies with federal security standards, allowing them to confidently deploy Meraki solutions for secure government use.
ISMAP (Information System Management and Assessment Program) is a Japanese government cloud security certification that ensures cloud service providers meet strict security requirements for handling government data. This certification demonstrates Meraki complies with Japan’s government security standards, providing confidence to public sector organizations and regulated entities in Japan when using Meraki cloud services.
These certifications demonstrate our commitment to protecting customer data, supporting regulatory requirements, and helping you operate with confidence.
Easily download these certifications for Meraki dashboard from the Cisco trust portal (search “Meraki”).