Cyber

First TIC 3.0 use cases finalized

The Traditional TIC and Branch Office use cases, delayed by the November presidential election, have been approved by the Federal Chief Information Security Officer Council.

By Dave Nyczepir

April 7, 2021

(Getty Images)

The first finalized Trusted Internet Connections 3.0 use cases helping agencies secure external connections to federal networks were released by the Cybersecurity and Infrastructure Security Agency on Wednesday.

The Traditional TIC Use Case details the “castle-and-moat” security architecture that most major agencies have used for a decade, while the Branch Office Use Case outlines networking directly to the cloud or an external trust zone — rather than directing internet traffic through a TIC access point or headquarters first.

CISA released draft versions of the two use cases in December 2019, but the November presidential election delayed final approval by the Federal Chief Information Security Officer Council until 2021.

TIC Program Manager Sean Connelly said zero-trust and partner research and development use cases might also come in 2021. And CISA already plans to release infrastructure-as-a-service (IaaS), software-as-a-service (SaaS), platform-as-a-service (PaaS), and email use cases at some point.

Remaining guidance rounds out CISA’s effort to support multiple architectures for securing agency networks as they increasingly move their data to the cloud and their users off premise during the COVID-19 pandemic.

A draft Remote User Use Case released in December replaced Interim Telework Guidance that CISA released in April 2020 in response to vendor requests for help aiding agencies with the pandemic surge in telework. And a draft Volume 2 of the National Cybersecurity Protection System (NCPS) Cloud Interface Reference Architecture (NCIRA) was released at the same time providing an index of common cloud telemetry reporting patterns and characteristics, so agencies can send cloud-specific data to NCPS cloud-based architecture.

Finalized versions of initial TIC 3.0 core guidance — the Program Guidebook, Reference Architecture: Volume 1 and Security Capabilities Catalog — were released in July. The first two documents will be fairly static and the latter a living document that adds capabilities and controls into use cases as they’re announced.

First TIC 3.0 use cases finalized

More Like This

GSA taps Login.gov deputy director to take top role next month

404 page: the error sites of federal agencies

CISA’s chief data officer: Bias in AI models won’t be the same for every agency

Top Stories

DOJ seeks public input on AI use in criminal justice system

DHS picks OMB official to lead its new AI Corps

Scientists must be empowered — not replaced — by AI, report to White House argues

White House hopeful ‘more maturity’ of data collection will improve AI inventories

Generative AI could raise questions for federal records laws

More Scoops

Federal CIO Council working group addressing zero trust funding challenges: CISA cyber official

CISA releases second version of secure cloud migration guidance for agencies

TIC program releases draft Cloud Use Case

Final, cloud TIC 3.0 use case expected in months

CISA releases finalized IPv6 security considerations for TIC 3.0 implementation

Deploying cloud connectivity in federal agencies more securely

CISA issues third TIC use case covering remote users

Latest Podcasts

First TIC 3.0 use cases finalized

GSA’s Login.gov platform gets a new director

DOD’s Ashley Elizabeth Evans on effectively implementing AI

DHS’ Chris Kraft on emerging trends in AI and automation

Tech

Defense

Cyber

Acquisition