Author: Matt Hartman, Associate Director, Cybersecurity Division, Cybersecurity and Infrastructure Security Agency (CISA)
The times, they are a-changin’, and Trusted Internet Connections (TIC) is jumping on the bandwagon to embrace modernization. Today, the Cybersecurity and Infrastructure Security Agency (CISA) is releasing final versions of the TIC 3.0 core guidance documents: the Program Guidebook, Reference Architecture, and Security Capabilities Catalog (formerly known as the Security Capabilities Handbook). These documents collectively lay the baseline for agencies to modernize their architecture in a secure way.
Agencies Spoke, We Listened
After releasing the draft TIC 3.0 guidance in December 2019, CISA embarked on a campaign to solicit, analyze, and incorporate feedback from federal, industry, and public commenters. CISA opened a 50-day request for comments (RFC) period in January 2020 and we heard from our peers what was needed to hone the guidance. We traveled the National Capital Region, both physically and virtually, at one point pausing all work to release emergency TIC 3.0 Interim Telework Guidance in response to the unprecedented surge in federal telework. Through working sessions with our partners at the Office of Management and Budget (OMB) and the General Services Administration (GSA), CISA analyzed and adjudicated the nearly 500 comments and questions amassed during the RFC to finalize the TIC 3.0 core guidance documents. A summary of the comments and CISA’s response is available in the Response to Comments on Draft TIC 3.0 Guidance Documentation.
As cloud computing, strong encryption, and mobile devices become the norm, the demand for this finalized TIC 3.0 guidance grew by the day. The core artifacts released today offer baseline guidance on how to begin (or continue) implementing TIC 3.0 security standards within your agency. The final versions of these documents can be found at: https://www.cisa.gov/publication/tic-30-core-guidance-documents.
In the coming weeks and months, CISA will continue to work with agencies to support TIC pilots and develop use cases and overlays that will further enable the acceleration of key federal modernization efforts. With the added perspective gleaned through continued engagement, CISA expects to release the final versions of the Use Case Handbook, Overlay Handbook (formerly known as the Service Provider Overlay Handbook), Traditional TIC Use Case, and Branch Office Use Case later this summer.
We’re very pleased to release today’s artifacts as a necessary step to removing any legacy TIC barriers from agency modernization activities. But the real work begins now. We look forward to continued partnership with agencies and industry as we collectively embrace change to help forge a more secure tomorrow.