The purpose of the Trusted Internet Connections (TIC) initiative, as outlined in the Office of Management and Budget (OMB) Memorandum M-19-26: Update to the Trusted Internet Connections (TIC) Initiative, is to enhance network and perimeter security across the Federal Government. Initially, this was done through the consolidation of external connections and the deployment of common tools at these access points. While this prior work has been invaluable in securing federal networks and information, the program must adapt to modern architectures and frameworks for government information technology (IT) resource utilization. Accordingly, OMB’s memorandum provides an enhanced approach for implementing the TIC initiative that provides agencies with increased flexibility to use modern security capabilities. OMB’s memorandum also establishes a process for ensuring the TIC initiative is agile and responsive to advancements in technology and rapidly evolving threats.
OMB Memorandum M-19-26 tasks the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) with modernizing the TIC initiative to help accelerate the adoption of cloud, mobile, and other emerging technologies. To further this effort, CISA is releasing draft guidance to assist federal civilian agencies in their transition to contemporary architectures and services.
The updated draft TIC guidance provides agencies with the flexibility to secure distinctive computing scenarios in accordance with their unique risk tolerance levels. Agencies are expected to reference the initiative’s Program Guidebook, Reference Architecture, and Security Capabilities Handbook to determine how to protect their environments to conform with their risk management strategy and the security considerations outlined in TIC Use Cases.
On December 20, 2019, CISA released eight draft documents as TIC 3.0 guidance for public comments. A request for comments (RFC) period was opened to provide the public with the opportunity to provide their perspectives on the new guidance. Over the seven weeks following the release, approximately 30 combined government and industry organizations sent comments to CISA. CISA plans to release the final guidance documents in Summer 2020.
Please visit the CISA website for the latest information: https://www.cisa.gov/trusted-internet-connections
The following documents can be found on the TIC document repository page on the CISA website.
- Program Guidebook (Volume 1) – Outlines the modernized TIC program and includes its historical context
- Reference Architecture (Volume 2) – Defines the concepts of the program to guide and constrain the diverse implementations of the security capabilities
- Security Capabilities Handbook (Volume 3) – Indexes security capabilities relevant to TIC
- Use Case Handbook (Volume 4) – Introduces use cases, which describe an implementation of TIC for each identified use
- Traditional TIC Use Case – Describes the architecture and security capabilities guidance for the conventional TIC implementation
- Branch Office Use Case – Describes the architecture and security capabilities guidance for remote offices
- Service Provider Overlay Handbook (Volume 5) – Introduces overlays, which map the security functions of a service provider to the TIC capabilities
- Pilot Process Handbook - Establishes a framework for agencies to execute pilots
- NCPS Cloud Reference Architecture - Begins to explains how agencies can satisfy CISA's EINSTEIN cloud requirements*
Additional information regarding TIC 3.0 documentation can be found on the CISA website. Historical TIC program documentation has been archived to the TIC page on OMB MAX.
*The National Cybersecurity Protection System (NCPS) is supporting the TIC modernization efforts via the release of its Cloud Interface Reference Architecture. Additional information regarding NCPS can be found on the program’s CISA web page.
Official TIC Homepage https://www.cisa.gov/trusted-internet-connections
TIC 3.0 Document Repository https://www.cisa.gov/publication/tic-documents
TIC 3.0 Information for Federal Agencies https://community.max.gov/x/I4R_Ew