The Office of Management and Budget’s Trusted Internet Connections (TIC) guidance has officially been updated, Federal CIO Suzette Kent announced Thursday morning during her remarks at the Dell Technologies Forum.
The revamped guidance aims to increase network security across the government, while at the same time giving agencies more flexibility to utilize new security options. Goodbye to the days of a required physical TIC access point, hello modern alternatives. The memo also seeks to implement “a process for ensuring the TIC initiative is agile and responsive to advancements in technology and rapidly evolving threats.”
“It still requires agencies to meet all the security requirements that have always been a priority and are even more of a priority now,” Kent said Thursday. “But it includes new pathways to take advantage of modern technology, the capabilities of software that wasn’t even imagined when that original policy was written.”
The document approves three new “TIC use cases” out of the gates — cloud, agency branch office and remote users. Agencies will still need the Department of Homeland Security to sign off on TIC alternatives before they can be widely used.
The memo also sets in motion a process that, OMB hopes, will lead to the approval of further use cases down the line. The memo directs DHS, in coordination with the Federal CISO Council at OMB and the General Services Administration, to set up a procedure for initiating, overseeing and approving TIC pilot projects within the next 60 days.
A draft of this TIC 3.0 guidance was released in December 2018. The final version is very similar. And agencies haven’t been waiting around in the interim — for example the Small Business Administration has been working on an effort to marry the cloud with software-defined networking and cybersecurity.
The completion of this policy document marks a major milestone for Kent and her office. “The publication of this update marks the final piece of major policy that was over five years old,” she said. “Some of it was almost a decade.”
Other big policy updates include the release of Cloud Smart, the Trump administration’s reworking of the Cloud First initiative.