Trusted Internet Connections (TIC) 3.0 core guidance documents are intended to be used collectively in order to achieve the goals of the program. The documents are additive; each builds on the other like chapters in a book. The current versions of guidance are available below.
The TIC 3.0 core guidance are sequential in nature and include:
The purpose of the Cloud Security Technical Reference Architecture (TRA) is to illustrate recommended approaches to cloud migration and data protection, as outlined in Section 3(c)(ii) of Executive Order 14028. As the Federal Government continues to transition to the cloud, the TRA will be a guide for agencies to leverage when migrating to the cloud securely. Additionally, the document explains considerations for shared services, cloud migration, and cloud security posture management.
Zero trust provides a collection of concepts and ideas designed to minimize uncertainty in enforcing accurate, least privilege per-request access decisions in information systems and services in the face of a network viewed as compromised. The goal is to prevent unauthorized access to data and services and make access control enforcement as granular as possible. Zero trust presents a shift from a location-centric model to a more data-centric approach for fine-grained security controls between users, systems, data and assets that change over time; for these reasons.
Readout of CISA Call with Critical Infrastructure Partners on Log4j Vulnerabilities and the Need for Increased Vigilance this Holiday Season
WASHINGTON – This afternoon, the Cybersecurity and Infrastructure Security Agency (CISA) held a call with critical infrastructure entities from the public and private sectors to emphasize the importance of remaining vigilant against cyber threats over the holiday season, particularly with the widespread exploitation of vulnerabilities in the Log4j software, which pose a severe risk to network security. The call was led by CISA Director Jen Easterly and included updates from CISA’s Executive Assistant Director for Cybersecurity, Eric Goldstein.
December 17, 2021
This page contains a web-friendly version of the Cybersecurity and Infrastructure Security Agency’s Emergency Directive 22-02, “Mitigate Apache Log4j Vulnerability”.