Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
195
Views
0
Helpful
2
Replies

Secure Access ISMAP Registration and What the RBI Says Not

Translator
Community Manager
Community Manager

‎11-04-2025 01:28 AM

ISMAPWhen referring to the scope of the statement attached to the Cisco Secure Access Cloud Service List details, the RBI’s supplemental description included the following:

Remote Browser Isolation
This function is provided on the basis of using a cloud service that is not registered in ISMAP and is not subject to the statement.

I think that RBI uses the functions of Menlo, but Menlo seems to be registered in ISMAP.
Is there any particular reason for the content described in the supplementary explanation of the scope of the statement?

Are there any plans to remove the RBI restrictions in the future?


Cloud Services List Details
https://www.ismap.go.jp/csm?id=cloud_service_list_detail&sys_id=5f3c61ec2bdfaa10f0bbfd69fe91bf41
Cisco Secure Access_Statement Scope.pdf
https://www.ismap.go.jp/sys_attachment.do?sys_id=ea362a4c2b276a10f0bbfd69fe91bfe1

0 Helpful
2 Replies 2

Translator
Community Manager
Community Manager

‎11-04-2025 02:16 AM

That’s an insightful question and you’re absolutely right to notice the nuance in that ISMAP statement. The key point is that while Menlo Security (the RBI engine Cisco leverages) is itself ISMAP-registered, Cisco’s Secure Access RBI function is delivered as part of a broader, multi-service cloud platform. Because of that architecture, the specific Cisco-managed implementation of RBI hasn’t been independently registered under ISMAP, so it’s listed as “not subject to the statement.”

This doesn’t mean the RBI feature is insecure or non-compliant — it’s more about how the service boundary is defined in the ISMAP registration. As for future plans, Cisco has indicated ongoing efforts to expand ISMAP coverage across Secure Access components, so RBI registration or inclusion could come later as the service matures and audit scopes evolve.

0 Helpful

davidmubarak
Level 1
Level 1

‎11-04-2025 02:19 AM

Excellent question and very well spotted regarding the ISMAP listing details. The reason the RBI (Remote Browser Isolation) feature is noted as “not subject to the statement” is due to how Cisco defines the service boundary for ISMAP certification. While Menlo Security, which underpins the RBI capability, is ISMAP-registered, the Cisco Secure Access implementation of RBI runs as an integrated component within Cisco’s broader cloud framework — not as a standalone Menlo-managed service. Because of that architectural separation, the RBI portion isn’t directly covered under Cisco’s ISMAP registration scope.

0 Helpful
Customers Also Viewed These Support Documents