on - edited on by
Himanshu Varma
Extensive measures are implemented for Security and Data protection in DCP, both technical and other.
The below list summarizes the measures taken. Feel free to share this article with customers upon request. Alternatively you can download this pdf version.
Access Management
Category Implementation
| Authentication |
cisco.com User ID/password OAM Protected (Oracle Access Manager), LDAP based authentication and OBSSOCookie based authorization |
| Authorization | Based on the Role played in the project by the individual. |
| Access Management |
Single Sign-On (SSO) Role Based Access Control (RBAC) (Internal/External) (Internal -- All Cisco/AS-TS/Project team only) Usage and Metrics maintained in DB Content Actions tracked with CDP Logs for details activity logging |
| Privileged Access Management |
The access is specific to the client. One customer's data will not be exposed to another customer contact. Data can be protected within Cisco. Specific project data cannot be viewed by other engineers. |
Classification
Category Implementation
| Document Classification | Cisco Highly Confidential |
| Data Loss Prevention |
If a non-member of the project downloads the file, the Project Mgr gets notified. Download audit trails. Capability to archive documents in the database. Documents get hard deleted per ERIM schedule and corporate legal requirements. |
Certifications
Category Implementation
| Certifications | ISO 9001 policy/process support, ISO 27001 |
| Audit Requirements |
Internal Audits, Policy external audits for ISO9001, External audit for ISO27001 |
| Vulnerability and Patch Management | All the P1 applications (such as DCP) that Cisco IT maintains, undergo BAVA and DAVA analysis every year. (Applications undergoing enhancements like DCP have at least twice a year such analysis) |
Security
Category Implementation
| Encryption – at Rest | AES 256-bit |
| Encryption – Transmission | HTTPS encryption |
| Boundary Defense | Use of ASA and Firepower 9K at the DC gateways, vASA within the DC, vASA and vLAN policies to maintain separation of environments within the DC |
| Malware Defense | DCP is ACI enabled, where the ACI policies enable full white listing protection from potentially malicious interaction with other applications even within DC |
| Physical Security | Dedicated DC Building, Perimeter Fence, Onsite Security, Strategic Landscaping, Card Reader Controls, Biometric Verification |
| Platform/ Application Hardening | Cisco's LAE is used as platform and it has ACI enablement. Segregation is used between various layers. The metadata for this application is saved in a different database than the actual files, resulting in proper in-depth defense. |
Miscellaneous
Category Implementation
| Geo Location | Richardson, Texas, US |
| Incident Response | 24/7 monitoring per P1 application specifications. Stakeholders/users are notified during incidents. |
| Supplier Personnel Management | Cisco has extended background checks on the contracted Partner resources |
FAQ
Table of Content