Final Version of TIC Use Cases Covering Cloud Services


By: Kevin Wortman, Senior Cybersecurity Engineer 

Highlighting unique considerations for Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), Software-as-a-Service (SaaS), and Email-as-a-Service (EaaS), the Cybersecurity and Infrastructure Security Agency (CISA) published the Trusted Internet Connections (TIC) 3.0 Cloud Use Case that provides common network and multi-boundary security guidance for agencies that operate in cloud environments. Today’s release of the final version incorporates feedback we received during the public comment period in 2022.

The Cloud Use Case outlines security patterns, applicable security capabilities, and telemetry requirements specific to this particular use case. This guidance also incorporates cloud-specific considerations, such as the shared services model and cloud security posture management principles outlined in the Cloud Security Technical Reference Architecture. Also, this use case is written from the vantage point of cloud-hosted services, as opposed to from the vantage point of the client accessing these services.

In addition to the final Cloud Use Case, CISA also published updates of the TIC Branch Office Use Case and the Remote User Use Case. These updates were based on new security capabilities updates in the Security Capabilities Catalog v3.0 that was also published today. 

The final Cloud Use Case satisfies the use case requirements prescribed under the Office of Management and Budget’s (OMB) Memorandum M-19-26 for the modernized TIC 3.0 initiative.

All of these new documents and other helpful reference materials, like frequently asked questions (FAQs) and trainings, can be found on the TIC homepage.