Adobe Offers CCF – an Open Source InfoSec Standard

The Common Control Framework (CCF) by Adobe is the cornerstone of our company-wide compliance strategy.  It is a comprehensive set of simple control requirements, rationalized from the alphabet soup of several different industry information security and privacy standards.  The CCF has enabled Adobe’s cloud products, services, platforms and operations to achieve compliance with various security certifications, standards, and regulations (SOC2, ISO, PCI, HIPAA, FedRAMP etc.).

This multi-year effort to implement the CCF across all business units was led by our Risk, Advisory and Assurance Services (RAAS) group.  As part of our ongoing efforts in knowledge sharing with the broader security community, we are releasing a generic version of CCF through a Creative Commons license to help drive ongoing innovation around compliance in the security industry.

Open source CCF contains a baseline set of control activities. These control activities are meant to assist organizations in meeting the requirements of ISO/IEC 27001, AICPA SOC Common Criteria, AICPA SOC Availability, and the security requirements of GLBA and FERPA. These common activities were identified and developed based on industry requirements. They have been adopted by Adobe product operations and engineering teams to achieve compliance with these standards. This information is only to be used as an illustrative example of common security controls that could be tailored to your organization’s security objectives.

Learn more in this exclusive Cyber Defense TV HotSeat Interview with Prasant Vadlamudi, Director Technology GRC at Adobe.

We are excited to share the CCF with the security and compliance community. However, potential users should note that it is more than just a unified compliance framework. Our goal with CCF is to help the industry realize more significant value by adopting a more collaborative implementation strategy within their business. This will help enable more scalable security, compliance, and operations processes to ensure ongoing success.

We hope you will take the opportunity to download CCF today and begin using it in your organization. We welcome feedback and questions about the framework. You can contact us on the Open Source CCF team directly at [email protected].

Abhi Pandit
Sr. Director, Risk Advisory and Assurance Services (RAAS)

Subscribe to Cyber Defense Magazine

Join our mailing list, no strings attached. We never sell your data. We'll send you monthly e-magazines, webinar invites from us and our partners, cybersecurity trade show updates, awards, infosec news, cybersecurity tips and so much more on all things cyber defense.
Subscribe

Related News

Protecting Government Data at The Intersection of Zero Trust and Open Source Source Code Protection Market Source Code Protection Market
December 8, 2019

CyberDefenseMagazine Follow 24,016 54,487

Cyber Defense Magazine - The Premier Source for IT Security and Compliance Information. https://t.co/748STKH6k0.

cyberdefensemag

cyber defense awardsWe are in our 11th year, and Global InfoSec Awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.
Cyber Defense Awards

12th Anniversary Global InfoSec Awards for 2024 are now Open! Take advantage of co-marketing packages and enter today!

Show Me!
X