The Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) has released the final versions of three of the Trusted Internet Connections (TIC) 3.0 guidance documents today.
The TIC program, established to assist agencies with protecting their modern IT architectures and services, sees the release of these final versions as “the conclusion of their adjudication period following the issuance of draft documents in December 2019.”
“Nearly 500 comments and questions were collected during the RFC period. Additionally, awareness of the newly-released guidance was generated through engagement in agency roadshows, all-agency webinars, and large industry events, reaching over 1,000 government and industry professionals and representing about 70 Federal agencies and several vendors,” CISA said in a media release. “After several working session with our partners at the Office of Management and Budget and the General Services Administration, CISA addressed major comments related to the central strategy and concepts of the modernized guidance.”
In an interview with MeriTalk earlier this year, Program Manager Sean Connelly explained how agencies can incorporate the guidance into risk management strategies. “The TIC 3.0 guidance is intentionally high-level to provide agencies with flexibility to interpret,” he said. “Agencies are encouraged to adapt the TIC use cases to suit the needs of their enterprise.”
According to the release, CISA will continue to work with agencies to support TIC programs and with added learned lessons “the final versions of the Use Case Handbook, Overlay Handbook (formerly known as the Service Provider Overlay Handbook), Traditional TIC Use Case, and Branch Office Use Case are expected to be released later this summer.”
At the start of the COVID-19 pandemic, CISA released an interim TIC 3.0 guidance on telework set to expire at the end of this calendar year.