Trusted Internet Connections Guidance Repository

Trusted Internet Connections (TIC) 3.0 core guidance documents are intended to be used collectively in order to achieve the goals of the program. The documents are additive; each builds on the other like chapters in a book. The current versions of guidance are available below.

The TIC 3.0 core guidance are sequential in nature and include:

The current TIC use cases available, as generally described by the Use Case Handbook, are:

  • Traditional TIC Use Case v1.0 (pdf, 5.34MB) – Describes the architecture and security capabilities guidance for the conventional TIC implementation
  • Branch Office Use Case v1.0 (pdf, 3.86MB) – Describes the architecture and security capabilities guidance for remote offices
  • Remote User Use Case v1.0 (pdf, 4.56MB) – Describes the architecture and security capabilities guidance for remote users
  • Cloud Use Case (draft) (pdf, 7.79MB) – Describes the architecture and security considerations for deploying different cloud services. It is OPEN for Public comment until 22 July 2022.

In addition to the core guidance, the program also provides complementary guidance.

CISA released the version 2 of “Cloud Security Technical Reference Architecture (TRA)” guidance document, in accordance with Executive Order (EO) 14028 - "Improving the Nation's Cybersecurity." The Cloud Security TRA is designed to guide agencies’ secure migration to the cloud by defining and clarifying considerations for shared services, cloud migration, and cloud security posture management.

This page houses other pertinent references, such as:

Additional information regarding TIC 3.0 documentation can be found on the TIC homepage.

Legacy and Deprecated TIC Guidance

To keep pace with technological innovation and emerging cybersecurity trends, CISA continues to produce and update the core guidance through collaboration with agencies and vendors to maintain relevancy. This section houses a repository of draft and deprecated versions of the TIC 3.0 guidance for comparative purposes.

Historical TIC program documentation has been archived to the TIC page on OMB MAX.

Note: The Security Capabilities Handbook below is now known as the Security Capabilities Catalog.

  • Program Guidebook (Volume 1)
  • Reference Architecture (Volume 2) 
  • Security Capabilities Catalog (Volume 3) 
  • Use Case Handbook (Volume 4) 
  • Overlay Handbook (Volume 5) 
  • Traditional TIC Use Case
  • Branch Office Use Case
  • Remote User Use Case
  • Pilot Process Handbook
  • IPv6 Considerations for TIC 3.0
  • Cloud Security Technical Reference Architecture
    • v1.0 (pdf, 2.48MB)

Prior to the release of OMB M-19-26 and the TIC 3.0 guidance in 2019, the security guidance for the legacy version of TIC (2017) was captured in the TIC Reference Architecture 2.2 (pdf, 3.02MB).


For questions concerning the TIC Program, please contact:

Sean Connelly, Trusted Internet Connections Program Manager

Was this webpage helpful?  Yes  |  Somewhat  |  No