By: Eric Goldstein, Executive Assistant Director for Cybersecurity
The transition from IPv4 to IPv6 comes with a range of benefits, with simplicity and efficiency at the top of the list. However, this transition comes with security considerations for all agencies, including federal agencies. To help agencies in their secure transition to Internet Protocol version 6 (IPv6), CISA has release a draft guidance document entitled, “IPv6 Considerations for TIC 3.0.” This publication is in support of the Office of Management and Budget (OMB) memorandum on completing the transition to IPv6 (M-21-07) and focuses on security considerations for the modernized protocol as they relate to agencies’ TIC 3.0 implementation.
IPv6 is the next generation of IP standards slated to replace the current IPv4. An IP address is a numerical identifier assigned to every device that connects to the internet. The big difference between IPv4 and IPv6 is that IPv6 offers (a lot) more addresses; from 4.3 billion addresses with IPv4 to over 340 trillion trillion trillion (specifically 2128) with IPv6.
CISA’s role in this transition is to ensure agencies are aware of pertinent security considerations when implementing the new network protocol. To make it applicable for all agencies, this IPv6 guidance is architecture-agnostic and broadly supports the government-wide deployment and use of the IPv6 network protocol. The document explains the background of IPv6, lists security considerations for the protocol in relation to the TIC 3.0 security capabilities, and provides awareness of IPv6 security features according to TIC guidance.
Additionally, “IPv6 Considerations for TIC 3.0” focuses on:
- Providing IPv6 protocol information to enable a general understanding of potential security threats and preventative measures,
- Informing agencies of their responsibilities concerning OMB M-21-07,
- Aligning TIC 3.0 security objectives and capabilities to securely support IPv6, and
- Offering awareness and guidance regarding IPv6 security considerations.
From Thursday, September 23 until Friday, October 15, CISA is pleased to open the document for a public comment period to collect critical feedback from the public, agencies, industry, and academia. Our goal is to ensure the guidance fully addresses security considerations for the modernized protocol as they relate to agencies’ TIC 3.0 implementation. Comments can be submitted to firstname.lastname@example.org.
Following the close of the comment period, CISA, in coordination with OMB, the General Services Administration (GSA), and the Federal Chief Information Security Officers (CISO) Council TIC Subcommittee, will adjudicate comments to produce a finalized version of the guidance.
For more information on TIC 3.0, including trainings and webinars, check out the CISA’s TIC webpage.