Trust and Transparency Center

Reduce Supply Chain Vulnerability

Learn why Secure Boot is an effective, low-risk alternative to commercial solutions. (PDF - 495 KB)

Read Whitepaper

Reduce Supply Chain Vulnerability

Value Chain Security

Important to Cisco Cybersecurity

Cisco recognizes the important role of value chain security in our comprehensive cybersecurity strategy. Under that strategy, we deploy a capability that continually assesses, monitors, and improves the security of our value chains throughout the entire lifecycle of our solutions, striving to further enhance product integrity for our customers.

Our commitment is to strive to meet our customers' product integrity expectations. Namely, that Cisco solutions are genuine (not counterfeit) and operate as our customers direct them to (not secretly controlled by or transmitting data to unknown parties).

Protecting Customers with Supply Chain Security Throughout the Product Lifecycle (PDF - 220 KB) Adobe PDF file

Overview of Our Actions

Cisco's Value Chain Security Program spans our Value Chain Operations, Engineering, Worldwide Partner and Services departments, together with our suppliers and channel partners across the nodes of our value chain shown below:

This comprehensive security capability uses security technology together with physical and logical security across the value chain to:

  • Retain Cisco solutions in controlled development, manufacturing, channel and services environments, using approved components
  • Limit introduction of malware and/or rogue components that could compromise the manufacturing process
  • Innovate the technologies and deploy the processes that make it harder to produce undetectable counterfeit Cisco equipment

Value Chain Security Focus Areas

To afford our customers with enhanced confidence in us as their trusted IT partner, our Value Chain Security efforts are targeted to address three key focus areas:

  • Tainted products
  • Counterfeit products
  • Misuse of intellectual property

Foundational Three - Dimensional Elements of Value Chain

In each value chain, actual security practices vary but our approach to security makes use of three foundational elements:

  • Physical Security Practices: Physical aspects of security such as camera monitoring, security checkpoints, locking devices, alarms, electronic access control
  • Logical Security Processes: Systematic, repeatable, and auditable security processes designed to target areas of security risk and close them.
  • Security Technology: Applying technological innovation to enhance counterfeit detection, terminate functionality, or identify a non-authorized component or user. Smart chips, data extracting test beds, and proprietary holographic or intaglio security labels are a few of the technological innovations that we use in our value chain security.

Flexible Model of 10 Areas of Discipline

Because our supply chains are highly diverse, the way we apply value chain security is diverse. Every situation is unique and, as a result, one value chain security model does not fit all. While there are many aspects to value chain security, Cisco has identified 10 primary areas of security discipline through which we address our value chain security focus areas:

  • Secure development: A controlled set of practices and technologies deployed throughout the Cisco product development methodology; including product design requirements and policies that prohibit the inclusion of "back doors" to gain unauthorized access to any Cisco device
  • Information exchange and access control: Controls on how we share information, by what means, in what format, and who can have access to it
  • Physical plant security: Physical security requirements for the places where suppliers engage in hubbing, transport, manufacturing, repair, recycling, and destruction services
  • Talent security and integrity: Practices to help ensure that global value chain personnel are screened upon hire, understand our ethics policy, and all other key security practices
  • Protection of high-value IP containing components and finished goods: Practices focusing uniquely on this high-risk subset of our raw materials and final products
  • Supplier resiliency and crisis management: Comprehensive review, monitoring, and assurance of our suppliers' capabilities to swiftly react to natural disaster, geo-political disturbance, financial volatility and ensure our continuity of supply
  • Logistics security: Transport, storage and loss avoidance practices
  • Fabrication security: All aspects of security relating to the obtaining of components for, PCBA build and test, final assembly and final test of Cisco products
  • Scrap management: All aspects of managing scrap, which may contain intellectual property or key components or information within each node of the value chain
  • Service and end-of-life security management: Practices to help ensure security during the provision of repair or upgrade services, take-back and return of product and product disassembly, destruction and non-functional element recycling