Trusted Internet Connections

TIC Guidance Quick Links

Program Guidebook (Volume 1) (pdf, 1.79MB)
Reference Architecture (Volume 2) (pdf, 1.34MB)
Security Capabilities Catalog (Volume 3) (pdf, 2.26MB)
Use Case Handbook (Volume 4) (pdf, 985.45KB)
Overlay Handbook (Volume 5) (pdf, 1.35MB)
Traditional TIC Use Case (pdf, 5.34MB)
Branch Office Use Case (pdf, 3.86MB)
Remote User Use Case (pdf, 4.56MB)
Pilot Process Handbook (pdf, 1.4MB)
Cloud Use Case (pdf, 7.79MB)

Since 2007, the Trusted Internet Connections (TIC) initiative has redefined federal cybersecurity by consolidating network connections and enhancing visibility and security measures throughout the federal network. In accordance with the Office of Management and Budget (OMB) Memorandum (M) 19-26: "Update to the TIC Initiative," TIC 3.0 expands on the original initiative by leveraging modern security practices and technology to secure a wide range of agency network architectures. Compared to previous iterations of the TIC program, TIC 3.0 is highly iterative, meaning the guidance continually reflects modern processes and technological innovations as they become available. TIC 3.0 recognizes shifts in modern cybersecurity and assists agencies in adoption, while recognizing their challenges and constraints in modernizing IT infrastructure.

Latest Updates:

On June 16, 2022, CISA released the draft TIC Cloud Use Case (pdf, 7.79MB). The Cloud Use Case provides common network and multi-boundary security guidance for agencies that operate in cloud environments, while also highlighting unique considerations for Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), Software-as-a-Service (SaaS), and Email-as-a-Service (EaaS) deployments.

Core Guidance Documents

OMB M-19-26 tasks the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) with modernizing the TIC initiative to help accelerate the adoption of cloud, mobile, and other emerging technologies. To further this effort, CISA has released guidance to assist federal civilian agencies in their transition to contemporary architectures and services.


The updated TIC guidance provides agencies with the flexibility to secure distinctive computing scenarios in accordance with their unique risk tolerance levels. Agencies are expected to reference the initiative’s Program Guidebook, Reference Architecture, and Security Capabilities Catalog to determine how to protect their environments to conform with their risk management strategy and the security considerations outlined in TIC use cases.

The use cases, overlays, and security capabilities will continue to be developed, including those listed in OMB M-19-26. CISA expects to post updates to the Security Capabilities Catalog, and additional TIC use cases, to this site as they become available. CISA is coordinating with the Federal Chief Information Security Officers (CISO) Council TIC Subcommittee to develop use cases above and beyond those listed in the memoranda, including use cases for zero trust, partner networks, and other pertinent scenarios. The TIC use cases posted to this site are not an exhaustive representation of all the scenarios agencies may wish to consider when securing their environments. Agencies are encouraged to combine uses cases, as appropriate, to suit their needs.

Quick links directly to pdf versions of the TIC guidance can be found at the top of the page. Historical TIC program documentation is archived to the TIC page on OMB MAX.

Complementary Implementation Guidance

In addition to the core guidance documents, CISA has developed and released complementary guidance to address exigent needs or support agencies during TIC 3.0 implementation.

IPv6 Considerations for TIC 3.0

CISA’s "IPv6 Considerations for TIC 3.0" supports federal agencies as they implement Internet Protocol version 6 (IPv6) network protocol, in accordance with OMB Memorandum (M) 21-07: "Completing the Transition to Internet Protocol Version 6." The "IPv6 Considerations for TIC 3.0" explains the background of IPv6, lists security considerations for the protocol in relation to the TIC 3.0 security capabilities, and provides awareness of IPv6 security features according to TIC guidance. This document is intended to be architecture-agnostic and broadly supports the government-wide deployment and use of the IPv6 network protocol.

TIC 3.0 Interim Telework Guidance

The TIC 3.0 Interim Telework Guidance was produced to support OMB M-20-19 and the surge in teleworking. This document provides security capabilities for remote federal employees securely connecting to private agency networks and cloud environments. The guidance is short-term for Calendar Year (CY) 2020. Best practices from this guidance have been incorporated into the Remote User Use Case.

Capacity Enhancement Guide for Remote Vulnerability and Patch Management

In support of the TIC 3.0 Interim Telework Guidance released in April 2020, CISA released a Capacity Enhancement Guide (CEG) for Remote Vulnerability and Patch Management. The purpose of this document is to assist federal agencies with patching roaming devices (i.e., remote devices outside agency campus networks). This guide assists federal agencies in leveraging the TIC 3.0 Interim Telework Guidance to improve remote vulnerability management efforts to meet the growing demands on network capacity that may otherwise require an increase in bandwidth for existing internet service providers (ISP) or virtual private network (VPN) services.

Zero Trust Maturity Model

TIC 3.0 provides agencies with flexibility to adopt modern security concepts, like zero trust architecture (ZTA). ZTA is defined by seven tenets (outlined in NIST SP 800-207, and explained below) which are a set of ideal goals; these goals are further explained in CISA's Zero Trust Maturity Model. TIC 3.0 applies security capabilities in a "holistic" approach that can be aligned with zero trust principals.

Cloud Security Technical Reference Architecture

OMB M-19-28 outlines the need for a TIC use case that provides guidance related to cloud deployments, such as Infrastructure-as-as-Service (IaaS), Platform-as-a-Service (PaaS), Software-as-Service (SaaS), and Email-as-a-Service (EaaS). The Cloud Security Technical Reference Architecture complements this use case, illustrate recommended approaches to cloud migration and data protection, as outlined in Section 3(c)(ii) of Executive Order 14028.

Guidance Release Schedule

The TIC 3.0 guidance is designed to be dynamic and readily adaptable to keep pace with technological innovation. CISA will continue to produce and update the guidance through collaboration with agencies and vendors to maintain relevancy.

While most of the TIC 3.0 guidance will be updated on an annual or semiannual basis, some of the TIC guidance documents will be updated on a more regular or ongoing basis, namely the Security Capabilities Catalog. The table below indicates the current versions and statuses of the TIC 3.0 guidance.



Version and Released Date

Program Guidebook (Volume 1)


1.1 (July 2021)

Reference Architecture (Volume 2)


1.1 (July 2021)

Security Capabilities Catalog (Volume 3)

Regularly Updated

2.0 (October 2021)

Use Case Handbook (Volume 4)


1.1 (July 2021)

Traditional TIC Use Case


1.0 (April 2021)

Branch Office Use Case


1.0 (April 2021)

Remote User Use Case


1.0 (October 2021)

Overlay Handbook (Volume 5)


1.1 (July 2021)

Pilot Process Handbook


1.0 (October 2021)

Cloud Use Case


1.0 (June 2022)

    TIC Pilots

    Agencies are encouraged to participate in TIC pilots that may be developed into use cases to help identify the security capabilities required to protect different types of modern computing scenarios. CISA, in coordination with the OMB and the Federal CISO Council, established a framework for agencies to execute pilots. Each pilot is expected to:  

    • Address technology that can be used by the broader federal government,  
    • Identify applicable security capabilities to secure their environments, 
    • Explain how the applicable security capabilities requirements are met, 
    • Follow a defined and structured timeline, 
    • Be carefully considered and planned, and 
    • Be supported by agency leadership. 

    The piloting process is a collaborative and iterative process that ensures consistency in the execution of each pilot. Sponsoring agencies are the primary executors of this process, while other key stakeholders, like CISA, the Office of Management and Budget (OMB), the General Services Administration (GSA), and the Federal Chief Information Security Officer (CISO) Council TIC Subcommittee, will review submissions, provide feedback and offer ongoing support in accordance with OMB M-19-26.

    Following the conclusion of TIC pilots, CISA leverages the findings and lessons learned to develop TIC use cases. It should be noted that the TIC use cases are agency-agnostic and technology-agnostic to provide the broadest applicability across the .gov.

    Pilots and agency best practices combine to result in TIC use cases. One pilot could include CSP #1 and agency A. A second pilot could include CSP #2, agency B, and a CASB.

    Agencies interested in piloting TIC 3.0 architectures in diverse scenarios should review the process outlined in the Pilot Process Handbook. Pilot proposals should be submitted to the Federal CISO Council TIC Subcommittee. Additional pilot information can be found on the TIC Pilot Process page on OMB MAX.

    TIC Use Cases

    The modernized initiative, M-19-26, no longer requires agencies to route traffic through TIC access points if they have a TIC alternative. The purpose of TIC use cases is to provide agencies with guiderails for implementing TIC 3.0 in scenarios that do not necessarily require the use of a TIC access point. The use cases supplement the guidance detailed in the Reference Architecture.

    TIC use cases provide guidance on the secure implementation and configuration of specific platforms, services, and environments. The guidance is derived from TIC pilots and best practices from the public and private sector. Each use case identifies security architectures, data flows, and environments applicable in a given scenario and describes the implementation of relevant TIC security capabilities. TIC use cases articulate:

    • Network scenarios for TIC implementation,
    • Security patterns commonly used within the federal civilian enterprise, and
    • Technology-agnostic methods for securing current and emerging network models.

    This graphic shows TIC use cases becoming agency solution architectures. The graphic shows solution architectures for agency A, agency B, agency C, agency D, and agency E.

    TIC use cases are designed to be general architectures for securing specific scenarios that agencies can use as a framework to build their own use cases custom to their mission needs and risk tolerances.

    Agencies must understand the inherent risks in implementing scenarios that do not leverage TIC access points. Agencies must leverage the use cases, in coordination with guidance from their senior officials accountable for risk management, to implement compensating controls that fortify their network and cloud environments. Additional information on use cases can be found in the Use Case Handbook.

    CISA expects to continuously generate TIC use cases as new and emerging technologies are implemented across the .gov.

    The TIC Use Cases available to agencies for reference are listed below.

    • Traditional TIC Use Case – Describes the architecture and security capabilities guidance for the conventional TIC implementation
    • Branch Office Use Case – Describes the architecture and security capabilities guidance for branch offices
    • Remote User Use Case – Describes the architecture and security capabilities guidance for remote users
    • Cloud Use Case (draft) – Describes the architecture and security considerations for deploying different cloud services. 

    CISA is actively working to develop additional use cases. CISA is prioritizing the development of the use cases outlined in M-19-26. After those use cases are complete, CISA will work with agencies to develop other use cases widely applicable across the .gov.

    Other use cases under consideration for development include:

    • Zero Trust Architecture
    • Internet of Things (IoT)
    • Partner Networks
    • General Services Administration (GSA) Enterprise Infrastructure Solutions (EIS) Managed Security Service (MSS)
    • Unified Communications

    TIC & National Cybersecurity Protection System

    As outlined in the TIC 3.0 Program Guidebook, TIC and the National Cybersecurity Protection System (NCPS) initiatives will continue to support and complement each other in accordance with the Federal Cybersecurity Act of 2015. However, CISA will provide independent guidance for each of the respective programs.

    NCPS is supporting the TIC modernization efforts via the release of its Cloud Interface Reference Architecture (NCIRA). NCIRA is being released as two individual volumes. NCIRA Volume One (pdf, 4.06MB) provides an overview of changes to NCPS that accommodate collection of relevant data from agencies’ cloud environments and provides general reporting patterns for sending cloud telemetry to CISA. NCIRA Volume Two (pdf, 3.61MB) (currently in draft) builds on the concepts presented in NCIRA Volume One and provides an index of common cloud telemetry reporting patterns and characteristics for how agencies can send cloud-specific data to NCPS. Individual cloud service providers can refer to the reporting patterns in this volume to offer guidance on their solutions that allow agencies to send cloud telemetry to CISA in fulfillment of NCPS requirements.

    As agencies architect their networks to adopt the TIC 3.0 use cases, agencies are required to engage with the NCPS Program to determine the appropriate telemetry that is being shared with CISA. Please visit CISA's NCPS page for more information.

    FAQ, Training, and Additional Resources

    CISA encourages agencies to read and review the core guidance for TIC 3.0 linked above as the primary avenue to answer outstanding questions. However, to aid agencies in implementing the guidance, CISA maintains a list of frequently asked questions for agencies’ reference.

    CISA released the TIC 3.0 Training course to provide the overview and goals of the modernized TIC initiative as defined by the Office of Management and Budget (OMB) Memorandum (M) 19-26. The training explains how agencies can leverage the new TIC 3.0 guidance to secure their network and securely transition to a hybrid, cloud, and/or zero trust environment.

    The training is hosted on the Federal Virtual Training Environment (FedVTE) which is accessible to federal, state, local, tribal, and territorial government employees, federal contractors, and US military veterans.

    CISA also has partnered with the General Services Administrations (GSA) to create webinars on TIC 3.0’s integration with Enterprise Infrastructure Solutions (EIS). The webinars dives into updates on TIC 3.0, the National Cybersecurity Protection System, and EIS.

    The most recent version of the webinar is hosted on GSA's Acquisition Gateway and accessible to federal employees only. A publicly-accessible version of the webinar can be found on GSA's YouTube channel.

    Check out the TIC Webinar here (federal only) or here (public)!



    For questions concerning the TIC Program, please contact:

    Sean Connelly, Trusted Internet Connections Program Manager

    Was this webpage helpful?  Yes  |  Somewhat  |  No