Federal agencies are on the clock to transition networks and systems to using Internet Protocol version 6 (IPv6), and the Cybersecurity and Infrastructure Security Agency’s (CISA) Trusted Internet Connection (TIC) program office released draft guidance to help agencies transition securely.
The TIC program office, the lead office advising how Federal employees connect to agency networks, developed guidance for agencies rearchitecting to enable IPv6.
The draft guidance released Sept. 23 offers agencies baseline technical guidance to enhance relevant security and resilience programs and services to fully support the deployment of IPv6 across Federal IT systems, as well as additional cybersecurity issues to consider.
“This document is intended to be architecture-agnostic and broadly support the government-wide deployment and use of the IPv6 network protocol. It is not intended to be prescriptive but rather facilitate decision-making in determining the appropriate level of security in IPv6 environments,” the draft states.
The Office of Management and Budget reissued the IPv6 transition mandate in March 2020, giving agencies until 2025 to shift at least 80 percent of systems to the new standard. That transition, which has been ongoing since 2005, requires extensive work.
In its current state, the draft:
- Provides IPv6 protocol information to enable a general understanding.
- Informs agencies of their responsibilities concerning OMB M-21-07.
- Aligns TIC 3.0 security objectives and security capabilities to support IPv6 securely.
- Offers awareness and guidance regarding IPv6 security considerations.
The draft is out for public comment until Oct. 15, and TIC officials are primarily interested in feedback related to:
- Are there other TIC 3.0 IPv6-related considerations and/or security challenges that should be considered?
- While “IPv6 Considerations for TIC 3.0” is designed to be high-level, CISA may produce additional IPv6 guidance related to TIC 3.0 in the future. Is there specific guidance on IPv6 as it pertains to TIC 3.0 that your agency would find helpful?