Saturday, 15 June 2024

Bolster SaaS Security Posture Management with Zero Trust Architecture

Bolster SaaS Security Posture Management with Zero Trust Architecture

According to AppOmni’s 2023 State of SaaS Security report, 79% of organizations reported a SaaS security incident during the preceding 12-month period. As enterprises incrementally store and process more sensitive data in SaaS applications, it is no surprise that the security of these applications has come into greater focus. Security Service Edge (SSE) solutions with Zero Trust Network Access (ZTNA) are a common way to securely connect the hybrid workforce to cloud applications.

Bolster SaaS Security Posture Management with Zero Trust Architecture
Changes in the workplace, employee preferences, external users, and customer services have made remote access to cloud applications outside the corporate network or VPN commonplace. Simultaneously, changes in SaaS usage and data with access by both human and machine identities, new compliance requirements, and cloud-to-cloud connectivity between SaaS applications have created new risks that security teams need to address.

This article describes how Cisco and AppOmni have teamed to extend zero trust principles to secure SaaS applications and data with a closed loop zero trust architecture.

Introducing Zero Trust Posture Management


The myriad SaaS applications used by today’s organizations are procured, configured, and managed by multiple departmental owners or business units with little or no visibility to security teams. Nearly all SaaS breaches involve some violation of implicit trust models — for example, a user in a sales operation role can grant Salesforce access to guest users; a test user is able to create new users and grant them new privileges. These scenarios are all too common with how SaaS applications and users are set up.

Zero-trust architectures are built by granting explicit trust that is continuously assessed based on identity and contextual risks. If such zero-trust principles can be extended to SaaS applications, policies would be designed, maintained, and monitored such that SaaS identities would never be implicitly trusted and always verified regardless of the location of the user. This zero-trust model for SaaS needs to be implemented using the just-in-time context of the application, data access, users, behavior, and events. It should be able to work together with the ZTNA controls to give security teams better mechanisms to prevent, detect, and react to attackers at the application level. These capabilities are collectively called Zero Trust Posture Management (ZTPM) for SaaS applications.

Cisco Secure Access and AppOmni SaaS Security Platform


Cisco Secure Access provides a robust, cloud-delivered SSE solution that is grounded in zero trust and delivers protected access from any user to any application. Cisco Secure Access simplifies IT operations through a single, cloud-managed console, unified client, centralized policy creation, and aggregated reporting. Extensive security capabilities are converged in one solution (ZTNA, secure web gateway, cloud access security broker, firewall as a service, DNS-layer security, remote browser isolation, and more) to mitigate risk by applying zero trust principles and to enforce granular security policies.

As a complement to Cisco’s zero trust access approach, AppOmni has implemented ZTPM principles to fill a critical void in traditional zero trust implementations by securing the application layer regardless of access location with unparalleled visibility into configurations, security postures, SaaS identities (human and machine), and user behaviors within SaaS applications. It ensures that the principles of zero trust are embedded deeply within the applications that manage and process vital business data.

Closed-Loop Zero Trust Implementation with Cisco and AppOmni

Bolster SaaS Security Posture Management with Zero Trust Architecture

How ZTPM Complements ZTNA


While Cisco Secure Access provides seamless and managed access to internal and external applications based on identity and device posture, AppOmni extends this security through the application layer.

Cisco Secure Access delivers:

  • Secure access to all applications including those involving non-standard protocols as well as those based on multi-channel and client-to-client architectures
  • A single unified management console across all security modules
  • Comprehensive ‘best-of-breed’ security capabilities, consistent rulesets, and entails a minimal learning curve
  • Resilient cloud-native architecture with extensive end-user count scalability, efficient single-pass processing for faster responses
  • Automatic load distribution and rebalancing of traffic fosters better performance

AppOmni ZTPM capabilities include:

  • Visibility into data access configuration and least privilege within SaaS applications
  • Security coverage for all SaaS identities (human and machine) i.e. external users, anonymous/ guest-users, and third party or cloud-to-cloud applications
  • Application and identity-aware threat detection to monitor user behavior of internal and external users
  • Continuous security of application posture, configuration drift, and critical application components of SaaS applications
  • Identify and mitigate misconfigurations such as side-loaded accounts or misconfigured Single Sign On (SSO) that may allow bypassing of ZTNA controls and protect your users from password attacks and account compromise

Continuous visibility into app configurations and activities enables a critical feedback loop in a zero-trust architecture. This approach uses a user’s permissions, data access entitlements, and behaviors to dynamically adjust security measures or to terminate access based on suspicious activities.

Additionally, AppOmni enhances the integrity of the ZTNA capabilities provided by Cisco Secure Access by identifying potential application misconfigurations that could lead to bypassing ZTNA controls. By implementing zero trust principles across their applications, customers can detect unmanaged accounts, inadequate IP restrictions, and other security vulnerabilities. Such proactive identification helps user and access settings from undermining ZTNA protections, thereby safeguarding users and data against phishing and other attacks.

Source: cisco.com

Thursday, 13 June 2024

Cisco Simplifies Cloud Security with AWS Cloud WAN Service Insertion

Cisco Simplifies Cloud Security with AWS Cloud WAN Service Insertion

In conversations with customers about cloud infrastructure, I routinely hear two challenges when it comes to scaling their cloud deployments, these challenges include:

  • Achieving secure connectivity across clouds, virtual private clouds (VPCs), regions, and on-premises networks
  • Ensuring security is baked into the network architecture from the start.

As customers grow their cloud environment, the increasing number of VPCs and regions leads to a complex mesh of connections to ensure their applications and users can access the applications they need, regardless of on-premises or in the cloud. These interwoven spiderwebs of connections make it difficult for IT teams to properly establish secure connectivity throughout the infrastructure which increases management complexity and hinders scale. Because of the challenges organizations face in multi-VPC and multi-region deployments, customers are increasingly transitioning to cloud wide area networks (WAN) services, driven by the desire to centralize and streamline how they manage their network topology and security.

AWS Cloud WAN simplifies how customers build, manage, and monitor their WANs by automating the connectivity between branch offices, data centers, VPCs through automation and a rich dashboard. Customers can use network policies to automate network management and security tasks from a single place eliminating the need to create the complex mesh of traditional VPC peering. Recently, Amazon Web Services (AWS) enhanced AWS Cloud WAN to simplify inserting security services or VPC into these connections. This feature enables customers to integrate their Cisco security services into their network with AWS Cloud WAN, significantly simplifying how they add security into their network.

With the release of AWS’ service insertion feature as part of Cloud WAN, I am pleased to announce Cisco Secure Firewall Threat Defense Virtual and Cisco Multicloud Defense support for AWS Cloud WAN. With this support, customers can seamlessly integrate Cisco cloud firewalls into their Cloud WAN managed network topology, eliminating the need for complicated routing configurations to ensure the security of their environment. Instead, they can route traffic to their Cisco cloud firewall using the AWS Management Console or API.

Cisco’s cloud firewalls


Cisco provides two best-in-class solutions to help customers secure their cloud environments:

  • Cisco Secure Firewall Threat Defense Virtual (formerly FTDv) is the virtualized option of the Secure Firewall Threat Defense solution, enabling you to extend your network security capabilities from on-premises into the cloud, gaining a complete view of your network environment.
  • Cisco Multicloud Defense is a cloud-native security-as-a-service offering that automatically scales to secure your cloud applications wherever they’re deployed. Multicloud Defense offers the same infrastructure automation that you expect from a cloud service, making your security as easy to deploy as your application is.

Benefits of Cisco cloud firewalls with Cloud WAN


Utilizing Cisco cloud firewalls in conjunction with AWS Cloud WAN to enhance the protection of global network traffic offers customers significant operational benefits, including:

  • Unified Infrastructure for Security and Global Networking: AWS Cloud WAN offers a unified infrastructure designed for extensive AWS deployments worldwide. The integration of Cisco’s cloud firewalls with AWS Cloud WAN equips organizations with superior security measures for protecting traffic within regions, between regions, and from on-premises networks to cloud environments.
  • Simplified Multi-Regional Security Deployment: Many enterprises utilizing AWS Cloud WAN establish multi-regional networks to facilitate regional growth or implement disaster recovery strategies. The new service insertion feature streamlines the deployment across multiple regions, enabling straightforward traffic routing for both intra- and inter-regional flows through the security infrastructure, thereby eliminating the complexity associated with intricate multi-regional network arrangements.
  • Seamless integration: Customers often need inter-VPC, VPC-to-internet, or on-premises-to-VPC traffic inspected. With Cisco’s cloud firewalls supporting AWS Cloud WAN Services Insertion, customers can easily steer network traffic for inspection without creating and managing complex routing configurations.
  • Ease of management: Customers are constantly looking to simplify operational complexities. Cisco’s cloud firewall does all the heavy lifting in deployment and management, allowing customers to focus on their business priorities.

Cisco Simplifies Cloud Security with AWS Cloud WAN Service Insertion
Figure 1: Multicloud defense architecture in Cloud WAN

Cisco Cloud Firewall with AWS Cloud WAN


Because Cloud WAN operates globally, the best practice is to deploy your Cisco cloud firewalls within the same AWS regions as your application. This ensures that there aren’t any single region dependencies, latency, or bandwidth challenges when securing your network connectivity.

Wrap up


We’re excited for customers to take advantage of this new capability from Cisco and AWS, enabling them to simplify how they secure their increasingly complex cloud deployments.

Source: cisco.com

Wednesday, 12 June 2024

Cisco Secure Connect: The Turn-Key SASE Solution for Managed Service Providers

Cisco Secure Connect: The Turn-Key SASE Solution for Managed Service Providers

We understand that Managed Service Providers (MSPs) are always on the lookout for solutions that can streamline their service delivery while ensuring top-notch security for their clients. Cisco Secure Connect stands out as a turnkey Secure Access Service Edge (SASE) offering that simplifies the deployment and management of multi-customer SASE environments. Here’s why MSPs should be paying attention to Cisco Secure Connect and considering it for their managed service offerings.

What is Cisco Secure Connect?


Cisco Secure Connect is a unified SASE solution that enables secure access to applications and resources no matter where they are hosted, from any location and at any time. It is built on the robust Meraki platform, bringing together networking and security services through a single, user-friendly interface, simplifying the management of complex multi-cloud environments.

Why Should MSPs Care?


Secure Connect MSP portal capabilities are inherited from the existing Meraki MSP architecture. For MSPs, operational efficiency and the ability to provide a seamless service experience are critical. Cisco Secure Connect, with its new Meraki GUI, enhances the admin experience by streamlining workflows, allowing for easier deployment, usage, and management through a unified cloud dashboard. This improves agility, speed, and scalability, reducing operational complexities.

Cisco Secure Connect: The Turn-Key SASE Solution for Managed Service Providers
Cisco Secure Connect MSP Architecture

The Global Overview Page, replacing the older “MSP portal page” and offering a summary view of all customer environments. This allows MSP admins to manage multiple organizations with a single login, while still maintaining customer privacy as each organization’s licensing, inventory, users, and configurations are treated independently. The global dashboard is customizable to select and display the required columns. Also the view can change based on “Organisations”, “ Networks” or “Network Tags”.

Cisco Secure Connect: The Turn-Key SASE Solution for Managed Service Providers
Cisco Secure Connect Global Overview Page

Benefits of Adding Cisco Secure Connect to Your Managed Offering


Easy Operations: Raise support tickets directly from each organization’s page on Secure Connect. The platform provides unified support, making troubleshooting for both network (Meraki) and security (Umbrella) simpler.

Global Overview Page: serves as the command centre. This page has been enhanced with a new “Ticket” column, so MSP admins can view and manage support tickets for each organization with ease.

Dashboard Branding: Cisco Secure Connect allows MSPs to brand their dashboard, providing a personalized experience for clients. If this feature isn’t visible, MSPs can request activation through a support ticket.

Automation: Cisco is introducing an integrated API for Secure Connect, consolidating what used to require separate calls to Meraki and Umbrella APIs. This streamlines automation workflows and maintains a unified platform approach.

Monetization: Cisco Secure Connect is based on the Meraki cloud platform, enabling MSPs to upsell additional services without added management overhead. For instance, MSPs can extend their offerings to include physical security by provisioning Meraki smart cameras, all managed from the same portal.

Final Thoughts


Don’t hesitate to reach out to your existing Meraki SD-WAN customers and discuss layering security for secure internet and cloud access. With Cisco Secure Connect, you can augment your managed SD-WAN offering by adding security features with just a few clicks, providing a comprehensive SASE experience.

MSPs looking to simplify their operations while expanding their service portfolio should consider Cisco Secure Connect as a strategic addition to their managed services. It’s a solution that not only brings efficiency but also opens the door to new revenue opportunities.

Source: cisco.com

Tuesday, 11 June 2024

Security, the cloud, and AI: building powerful outcomes while simplifying your experience

Security, the cloud, and AI: building powerful outcomes while simplifying your experience

Over the past year, I’ve spoken with hundreds of professionals about what they expect from their network security. This question is mostly met with equal parts enthusiasm and angst. As we wrap up another successful Cisco Live, I’m eager to share the deep insights I’ve gathered from these extensive conversations and how Cisco is actively addressing your security needs.

As organizations navigate application transformations and grapple with the intricacies of defending increasingly complex networks, they’re also confronting a new wave of technological advancements.

Naturally, these advancements can be a double-edged sword. While they offer the potential for enhanced security measures, they also empower threat actors, who can now exploit vulnerabilities with alarming speed and efficiency.

The overwhelming message is twofold: Organizations need help bolstering their security, but also in streamlining their processes. Integrating too many security tools alone has become its own source of complexity, diluting the focus on threats and stretching resources too thin.

This point was poignantly made during a recent conversation with a Chief Information Security Officer (CISO), who expressed a sentiment all too common in the industry. Faced with the prospect of integrating yet another security solution, the CISO lamented, “I can’t ask my team to adopt the 212th tool in our portfolio!”

The CISO’s frustration illustrates a critical challenge for security leaders: They must balance the adoption of necessary security measures with the practical limitations of their teams’ capacity and the potential for tool sprawl.

In response to this complexity, organizations are hungry for a more streamlined approach to security, one that prioritizes the consolidation of tools and the simplification of security policies without compromising the efficacy of defense mechanisms.

Meanwhile, cybersecurity organizations must deliver solutions that are not just robust and cutting-edge, but also manageable and user-friendly. This way we can empower security teams to effectively combat the threats of tomorrow while keeping their operational sanity today.

Vendors, point products, and a transition to the cloud 


For many professionals, buying a specialized security product leads to something called “the Ferrari problem”. Like that expensive sports car, you’re purchasing something costly and specialized. The product may indeed do the specialized task very well. But security is not done in isolation—some level of integration will inevitability be required.

Thus, the expensive, specialized product opens the door to even more costly integrations (or, in the case of the car, costly repairs).

This doesn’t even count the disjointed security of working with different vendor solutions or the radical complexity of deploying a configuration or security policy across hundreds or thousands of branch offices.

There’s a reason many security professionals avoid updating their tools. With all this complexity, they’re afraid it will disrupt the business or the customer experience.

How Cisco is redefining effective, simplified security for the cloud  


It’s no secret that Cisco built the backbone of switching and routing across the globe for our one million+ customers and partner ecosystem. And we’re currently responsible for facilitating 85% of the world’s internet traffic.

Now, we’ve taken another giant leap by launching Cisco Security Cloud Control.

Cisco Security Cloud Control is designed to unify management for the Cisco Security Cloud, starting with a network security fabric.

Security Cloud Control delivers an AI-native approach to proactively surface actionable insights and automate resolution across hybrid environments. It is designed to help teams get the most of out their Cisco Security investment—saving time and benefiting from simpler and streamlined policies

Building robust security for complicated, ever-shifting cloud environments  


With too many tools and too much complexity to manage, the only answer is a security system that seamlessly ties everything together. We’ve answered the call, building a platform that blends Cisco Hypershield, multi-cloud defenses, advanced firewalls, and microsegmentation technologies.

This platform can collect information across the system and explain what it finds in reports, and via a natural language interface, show the risks to sensitive business assets like PCI databases. You can even ask the system about its own insights and next steps.

But at its heart is the promise of comprehensive visibility and complete detection across every facet of the network, whether it’s ingress/egress at a cloud edge, data center edge, campus, or branch, all the way down to every process and connection from your applications and workloads.

The level of visibility and management from Security Cloud Control helps leaders focus on delivering the outcomes their teams need. From taking intent-based policies in one place and translating them throughout all the control points in your network to streamlining, troubleshooting and recommending policies that span multiple solutions, Cisco Security Cloud Control helps with it all.

And Security Cloud Control’s ability to translate the complex language of cybersecurity delivers an added benefit: the ability to explain and articulate what’s happening–and what you need– to decision-makers. The simplicity and clarity of reports can help you keep leadership informed and engaged in your cybersecurity work.

At the core of this is, yes, AI technology but not just a prompt-based assistant—this is one driving proactive insights and sections across your network and will transform how you engage across the platform.

In essence, what we’ve built stands as a testament to the future of cybersecurity—a single platform that not only anticipates and neutralizes threats, it also empowers organizations to develop a more sophisticated, responsive, and resilient approach to protecting their digital assets.

It’s not just a powerful solution; it’s a strategic enabler for any enterprise looking to secure its future in an unpredictable cyber world, across network requirements that are only destined to become even more complex.

Source: cisco.com

Saturday, 8 June 2024

Cisco AI Assistant for Managing Firewall Policies Is Now Available

Cisco AI Assistant is now available for Cisco XDR and Cisco Defense Orchestrator


Managing firewall policies and locating relevant documentation can be daunting for firewall administrators. However, the AI Assistant integrated with the Cisco Defense Orchestrator (CDO) and the cloud-delivered Firewall Management Center simplifies these processes. With this powerful combination, administrators can effortlessly manage firewall devices, configure policies, and access reference materials whenever required, streamlining their workflow and boosting overall efficiency.

Prerequisites


Administrators need to ensure they have met the following prerequisites to use the AI Assistant:

User roles:

● CDO and cloud-delivered Firewall Management Center – Super Admin or Admin
● On-Prem FMC – Global Domain Admin

Upon successful login into your tenant, you will notice an AI Assistant button positioned in the top menu bar of the dashboard.

Cisco AI Assistant for Managing Firewall Policies Is Now Available

Click the AI Assistant button on the CDO or cloud-delivered Firewall Management Center home page to access the AI Assistant.

The Cisco AI Assistant interface contains the following components: Text Input Box, New Chat, Chat History, Expand View, and Feedback.

Cisco AI Assistant for Managing Firewall Policies Is Now Available

Cisco AI Assistant interface following the best Generative AI assistant practices.

AI Assistant interaction


AI Assistant completion with the prompt “Can you provide me with the distinct IP addresses that are currently blocked by our firewall policies?”

Cisco AI Assistant for Managing Firewall Policies Is Now Available

AI Assistant completion with the prompt “What access control rules are disabled?”

Cisco AI Assistant for Managing Firewall Policies Is Now Available

If you think that response is wrong, please click the thumbs-down button below for the related completion and fill out and submit the form.

Cisco AI Assistant for Managing Firewall Policies Is Now Available

AI Assistant can’t proceed with some prompts and questions. In this case, you can see the following completion:

Cisco AI Assistant for Managing Firewall Policies Is Now Available

It looks like the engineering team decided not to display answers if there is insufficient data to correct them or in cases where the model can hallucinate.

Source: cisco.com

Thursday, 6 June 2024

Funding a Whole of State Approach for your Community

Funding a Whole of State Approach for your Community

The funds are incentivizing states to provide cybersecurity services to local governments rather than the usual method (passing-through cash). At present, at least thirty states are providing cybersecurity services to local and Tribal governments with more states expected to announce the rollout of whole of state cybersecurity.

As you consider how to leverage SLCGP grants for a whole of state approach, there are five things I suggest Cisco account managers and partners should be aware of.

1. Understanding SLCGP funding


Cisco customers, account managers, and partners should be familiar with how the SLCGP allocates funding to states and how states distribute funds or services to local governments. The “whole of state” approach aims to ensure that cybersecurity funding is not just allocated to states for state use; instead, at least 80% of funds must benefit local governments and rural communities. Local government cost-share or matching funds begin at 10% in year one and rises to 40% in year four. SLCGP funds must supplement existing cybersecurity expenditures and may never supplant or replace approved and budgeted expenditures.

2. States select the vendors and cybersecurity services provided to local governments


Cisco account managers and partners should communicate to state customers why Cisco products and services ought to be available to local and rural governments. If a state creates a list of SLCGP-funded products and services for local governments, Cisco customers benefit most if Cisco products and services are on the list. States are not publishing the names of local governments awarded subgrants, nor details of cybersecurity services provided to named local governments.

3. Customer Cybersecurity Planning and Strategy


Development of comprehensive cybersecurity plans that include risk assessments, resource allocation, and incident response strategies is an eligible expense for state and local governments. Cisco account managers and partners should be prepared to contribute to these plans by offering their expertise in cybersecurity and by understanding the specific needs and challenges faced by their public sector clients.

4. Compliance and Best Practices


Recipients of SLCGP funds will be required to adhere to specified cybersecurity best practices and standards. Cisco account managers and partners need to be well-versed in these requirements, which may include frameworks like NIST (National Institute of Standards and Technology), to ensure that the solutions they are offering are compliant and can be funded by the grant.

5. Educational and Workforce Development


A portion of the grants may be allocated to cybersecurity education of the customer’s workforce. Cisco account managers and partners should be aware of Cisco’s own training and certification programs, such as the Cisco Networking Academy, which can be integrated into broader educational initiatives.

Funding a Whole of State Approach for your Community

As you research funding for whole of state and other needs, it’s also important to stay updated on the latest announcements by state governments of state grant programs, competitive subgrants, and application deadlines. For the most current information, Cisco account managers and partners should reach out to your Cisco Public Funding Advisor. They’ll be glad to help answer any questions you may have about whole of state or other funding opportunities.

Source: cisco.com

Tuesday, 4 June 2024

Cisco Defense Orchestrator’s Path to FedRAMP Authorization

Cisco Defense Orchestrator is a cloud-based multi-device manager that enables consistent policy implementation across highly distributed environments. CDO’s centralized management allows rapid deployment of policy changes when minutes matter, and reusing policy objects across all firewall form factors reduces both administrative effort and organizational risk. Security teams that adopt CDO spend less time deploying and maintaining their firewalls and more time optimizing policies and managing threats.

Moving forward on FedRAMP

Cisco has made great progress in moving a variety of our solutions through the FedRAMP process. Created to encourage use of cloud computing, FedRAMP serves to streamline the exchange of information and accelerate services within federal agencies, plus improve their interaction with the public. In 2023, the FedRAMP Authorization Act was passed, codifying the FedRAMP program as the authoritative standardized approach to security assessment and authorization for cloud products and offerings.

With FedRAMP, federal agencies are provided a uniform framework for evaluating, approving, and continually overseeing cloud services. This includes procedures for security assessments, authorizations, and ongoing surveillance of cloud services utilized by federal entities. In addition, you should understand the following:

  • The US General Services Administration (GSA) administers FedRAMP in collaboration with the Department of Homeland Security (DHS) and the Department of Defense (DoD).
  • The compliance parameters set by FedRAMP are in alignment with the National Institute of Standards and Technology (NIST) Special Publication 800-53, which outlines technical standards for cloud computing.
  • FedRAMP also promotes adherence to the Federal Information Security Management Act (FISMA) and the OMB Circular A-130 by federal agencies.

The FedRAMP process and Cisco Defense Orchestrator

FedRAMP Authorization can be pursued with an individual agency sponsor or multi-agency authorization. For CDO, Cisco is working with the United States National Institute of Health (NIH) as the individual agency sponsor.

Preparation Phase

The initial phase with individual agency sponsorship is known as the Preparation Phase. It consists of two key steps if no sponsor agency is available: conducting a Readiness Assessment and engaging in Pre-Authorization activities.

Preparation Step 1: Readiness Assessment

The Readiness Assessment is an optional stage aimed at helping cloud offerings obtain a sponsor. Readiness assessments are performed by certified Third-Party Assessment Organizations (3PAOs), who produce a Readiness Assessment Report (RAR) that shows potential sponsoring agencies that the solution is ready to meet the federal government’s security standards.

Cisco Defense Orchestrator’s Path to FedRAMP Authorization

Preparation Step 2: Pre-Authorization

If sponsoring agency is available, you can go straight to Pre-Authorization, skipping the Readiness Assessment stage. Cisco has completed Pre-Authorization with NIH. This means the CDO team has implemented the requisite technical and procedural requirements and compiled the security documentation necessary for the authorization process.

During this phase, Cisco accomplished the following tasks:

  • Demonstrated that the CDO for government solution is fully built and functional.
  • Completed a CSP Information Form.
  • Determined the security categorization of the data that will be placed within the system utilizing the FIPS 199 categorization template along with the appropriate guidance of FIPS 199 and NIST Special Publication 800-60 Volume 2 Revision 1 to correctly categorize the CDO system based on the types of information processed, stored, and transmitted.

After the successful completion of a kickoff meeting with NIH on February 22, 2024, CDO achieved the In Process status on the FedRAMP Marketplace.

Cisco Defense Orchestrator’s Path to FedRAMP Authorization

Authorization Phase

The next step is the Authorization Phase, which has two parts: Full Security Assessment and Agency Authorization Process.

Authorization Step 1: Full Security Assessment

The first authorization step is a full security assessment by a certified 3PAO. Before this assessment, Cisco completed the Site Security Plan (SSP) and reviewed it with NIH. Schellman Compliance, LLC is the 3PAO responsible for the Security Assessment Plan (SAP) for CDO and the Security Assessment Report (SAR) that will document test findings and suggestions relevant to attaining FedRAMP Authorization.

Once the 3PAO assessment is finished, Cisco develops a Plan of Action and Milestones (POA&M) outlining the plan to address the test findings in the SAR.

Cisco Defense Orchestrator’s Path to FedRAMP Authorization

Authorization Step 2: Agency Authorization Process

The second authorization step is Agency Authorization, in which NIH will review the complete authorization package and may hold a SAR debrief with the FedRAMP Project Management Office. NIH will also implement, test, and document the customer-responsible controls during this phase. Then the NIH will perform a risk analysis and issue an Approval to Operate (ATO) when identified risks are sufficiently addressed.

At this point, CDO will have agency authorization to operate but still require review by the FedRAMP PMO to be included in the FedRAMP Marketplace. When finished, the FedRAMP PMO will update the Marketplace listing to reflect FedRAMP Authorized Status and the date of Authorization. The security package will then be made available to agency information security personnel, who can issue subsequent ATOs, by completing the FedRAMP Package Access Request Form.

Cisco Defense Orchestrator’s Path to FedRAMP Authorization

Post-Authorization

Once CDO receives Authorization status in the FedRAMP Marketplace, it will enter a continuous monitoring phase to ensure ongoing protection of the system and government data. In this phase, Cisco submits regular security documentation—including vulnerability scans, refreshed Plans of Action and Milestones (POA&M), yearly security evaluations, reports on incidents, and requests for significant changes—to each of their agency clients. Cisco will make use of the FedRAMP secure repository to upload continuous monitoring content for all agencies that deploy CDO to review.

Cisco Defense Orchestrator’s Path to FedRAMP Authorization

Leveraging the Cisco Federal Ops Stack


Cisco is leveraging the Cisco Federal Operational Security Stack (Fed Ops Stack) as a core component of the CDO FedRAMP process to speed future FedRAMP development and assessments. The Cisco Fed Ops Stack is a centralized set of tools and services that cover approximately 50% of FedRAMP Moderate requirements. Once Fed Ops Stack has received authorization to operate, along with CDO, Cisco can leverage these shared services in future SaaS products to make audits and continuous monitoring simpler for Cisco and federal agencies.

Pushing forward on CDO FedRAMP compliance


Our team at Cisco is fully committed to getting CDO FedRAMP compliant, so federal agencies can simplify their management of distributed security policies. We are pleased to have completed the Agency Review with our agency sponsor NIH and achieved In Process status. Watch for more updates as we get closer to full FedRAMP Authorization for CDO, the Cisco Fed Ops Stack, and additional SaaS offers from Cisco.
    
Source: cisco.com