The purpose of the Trusted Internet Connections (TIC) initiative, as outlined in the Office of Management and Budget (OMB) Memorandum M-19-26: Update to the Trusted Internet Connections (TIC) Initiative, is to enhance network and perimeter security across the Federal Government. Initially, this was done through the consolidation of external connections and the deployment of common tools at these access points. While this prior work has been invaluable in securing federal networks and information, the program must adapt to modern architectures and frameworks for government information technology (IT) resource utilization. Accordingly, OMB’s memorandum provides an enhanced approach for implementing the TIC initiative that provides agencies with increased flexibility to use modern security capabilities. OMB’s memorandum also establishes a process for ensuring the TIC initiative is agile and responsive to advancements in technology and rapidly evolving threats.
OMB Memorandum M-19-26 tasks the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) with modernizing the TIC initiative to help accelerate the adoption of cloud, mobile, and other emerging technologies. To further this effort, CISA is releasing draft guidance to assist federal civilian agencies in their transition to contemporary architectures and services.
The updated draft TIC guidance provides agencies with the flexibility to secure distinctive computing scenarios in accordance with their unique risk tolerance levels. Agencies are expected to reference the initiative’s Program Guidebook, Reference Architecture, and Security Capabilities Handbook to determine how to protect their environments to conform with their risk management strategy and the security considerations outlined in TIC Use Cases.
CISA is interested in gathering agency responses focused on the following key questions:
- How does your agency expect to utilize the updated TIC guidance to modernize and secure its environments?
- How does your agency expect to adopt the TIC Use Cases?
- Does your agency have any suggestions for other use cases?
- Are there additional documents or artifacts that would be helpful to agencies when implementing the TIC guidance?
You may contribute in two ways:
-
Issues (GitHub): Content discussions are welcome via “issues.” Each issue is a conversation initiated by a member of the public. We encourage you to join discussions about existing issues, or start a new conversation by opening a new issue (you may be prompted to log in).
-
Email: Send comments, content suggestions, or proposed revisions via email at tic@cisa.dhs.gov. Comments received via email may be posted publicly as a GitHub issue. (Contact information will not be shared, though names and any affiliation may be identified.)
The deadline for submitting comments is 11:59 PM EST on March 2, 2020.
The following documents are open for public comment and can be found on the TIC document repository page on the CISA website.
- Program Guidebook (Volume 1) – Outlines the modernized TIC program and includes its historical context
- Reference Architecture (Volume 2) – Defines the concepts of the program to guide and constrain the diverse implementations of the security capabilities
- Security Capabilities Handbook (Volume 3) – Indexes security capabilities relevant to TIC
- Use Case Handbook (Volume 4) – Introduces use cases, which describe an implementation of TIC for each identified use
- Traditional TIC Use Case – Describes the architecture and security capabilities guidance for the conventional TIC implementation
- Branch Office Use Case – Describes the architecture and security capabilities guidance for remote offices
- Service Provider Overlay Handbook (Volume 5) – Introduces overlays, which map the security functions of a service provider to the TIC capabilities
- Overlays are under development and will be released at a later date
- Pilot Process Handbook - Establishes a framework for agencies to execute pilots
- NCPS Cloud Reference Architecture - Begins to explains how agencies can satisfy CISA's EINSTEIN cloud requirements*
Additional information regarding TIC 3.0 documentation can be found on the CISA website. Historical TIC program documentation has been archived to the TIC page on OMB MAX.
*The National Cybersecurity Protection System (NCPS) is supporting the TIC modernization efforts via the release of its Cloud Interface Reference Architecture. Additional information regarding NCPS can be found on the program’s CISA web page.
Official TIC Homepage https://www.cisa.gov/trusted-internet-connections
TIC 3.0 Document Repository https://www.cisa.gov/publication/tic-documents-public-comment
TIC 3.0 Information for Federal Agencies https://community.max.gov/x/I4R_Ew
Service Provider Overlays https://github.com/cisagov/tic3.0/tree/SPOverlay