CISA has released final versions of three of the TIC 3.0 core guidance documents, representing the conclusion of the request for comments (RFC) and adjudication period following the issuance of the draft documents in December 2019. A summary of the comments, and CISA's response, is available in the Response to Comments on Draft TIC 3.0 Guidance Documentation.
The final Program Guidebook, Reference Architecture, and Security Capabilities Catalog (formerly known as the Security Capabilities Handbook) are available below. The final versions of the Use Case Handbook, Overlay Handbook (formerly known as the Service Provider Overlay Handbook), Traditional TIC Use Case, and Branch Office Use Case are expected to be released later this summer.
The TIC 3.0 core guidance includes:
- Program Guidebook (Volume 1) – Outlines the modernized TIC program and includes its historical context
- Reference Architecture (Volume 2) – Defines the concepts of the program to guide and constrain the diverse implementations of the security capabilities
- Security Capabilities Catalog (Volume 3) – Indexes security capabilities relevant to TIC
- Draft Use Case Handbook (Volume 4) – Introduces use cases, which describe an implementation of TIC for each identified use
- Draft Traditional TIC Use Case – Describes the architecture and security capabilities guidance for the conventional TIC implementation
- Draft Branch Office Use Case – Describes the architecture and security capabilities guidance for remote offices
- Draft Service Provider Overlay Handbook (Volume 5) – Introduces overlays, which map the security functions of a service provider to the TIC capabilities
- Overlays are under development and will be released at a later date
- Pilot Process Handbook - Establishes a framework for agencies to execute pilots
- Response to Comments on Draft TIC 3.0 Guidance Documentation – Summarizes the comments, and modifications in response to, the feedback received for the draft core documents