[CDP-development] FW: CISA’s Trusted Internet Connections (TIC)

Mon Oct 11 08:13:51 PDT 2021

FYI

CISA is happy to announce<https://cisa.gov/blog/2021/10/07/person-remote-and-hybrid-oh-my-securing-your-new-reality-tic-30> the release of the finalized version of the Remote User Use Case<https://www.cisa.gov/publication/tic-30-core-guidance-documents>. The Remote User Use Case rescinds and replaces the TIC 3.0 Interim Telework Guidance<https://www.cisa.gov/publication/tic-30-interim-telework-guidance> with guidance on applying network and multi-boundary security for agencies that permit remote users on their networks. CISA developed the Remote User Use Case in collaboration with the Office of Management and Budget (OMB), the General Services Administration (GSA), the Federal Chief Information Security Officer (FCISO) Council, and several agencies and industry experts that contributed their feedback during the public comment period.

While developing the Remote User Use Case, CISA produced new TIC 3.0 security capabilities, which necessitated a refresh to the Security Capabilities Catalog. Version 2.0 of the Security Capabilities Catalog<https://www.cisa.gov/publication/tic-30-core-guidance-documents> provides an updated list of deployable security controls, security capabilities, and best practices, including capability identifiers and four new security capabilities: User Awareness and Training, Domain Name Monitoring, Application Container, and Remote Desktop Access.

The release of these documents represents the conclusion of the adjudication period following the issuance of draft Remote User Use Case in December 2020. The feedback was adjudicated, and the draft use case was modified to address the comments’ prevailing themes. A summary of the comments and CISA’s response is available in the Response to Comments on TIC 3.0 Remote User Use Case<https://www.cisa.gov/publication/tic-30-core-guidance-documents>.

CISA also worked with the FCISO Council to finalize the Pilot Process Handbook<https://www.cisa.gov/publication/tic-30-core-guidance-documents>. The handbook describes the process by which agencies will conduct TIC 3.0 pilots, in accordance with OMB Memorandum M-19-26.

CISA continues to work with agencies to support TIC pilots and to guide industry in developing TIC overlays. CISA is also actively working to develop the Cloud Use Case, as outlined in M-19-26<https://www.whitehouse.gov/wp-content/uploads/2019/09/M-19-26.pdf>, and plans to release the draft later this year. Please reference the TIC page<http://www.cisa.gov/trusted-internet-connections> for updates and additional information on the TIC program.

Theresa A. Masse
Cyber Security Advisor, Region 10 (Oregon)
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Phone: (503) 930-5671
Email: theresa.masse at cisa.dhs.gov<mailto:theresa.masse at cisa.dhs.gov>

[cid:image002.png at 01D7BC14.D87B5C50]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20211011/0b449a9b/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 16152 bytes
Desc: image002.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20211011/0b449a9b/attachment-0001.png>