TIC 3.0 Comments from the SBA

[gvcavallo]

1. As a participant in a TIC 3.0 pilot, we expect to leverage the new guidance to assist in the documentation of our modernized TIC cloud platform. By leveraging the guidance to document our TIC 3.0 approach, it will be easier for us to share our reference case and lessons learned with other federal agencies.
2. We will leverage the use cases to implement a zero trust network with our district and other remote offices as we use our cloud based tools and move off of MTIPS.
3. A use case that ties the TIC, CDM, and Einstein together as an integrated cybersecurity approach would be a key win for all instead of treating each of those programs as independent silos.
4. As the cybersecurity industry and the attack vectors are continually evolving on a daily basis, the only change I would recommend is to not wait for final written documents to be published once a year or so, but to issue multiple drafts/versions throughout the year that are then finalized in an annual/or other set period report.