The Cybersecurity and Infrastructure Security Agency (CISA) has released version 1.0 of its Trusted Internet Connections (TIC) 3.0 Remote User Use Case to provide guidance on securely implementing and configuring specific platforms, services, and environments.
According to the document released by CISA, each TIC use case is intended to “identify the applicable security architectures, data flows, and policy enforcement points and to describe the implementation of the security capabilities in a given scenario.”
The purpose of the Remote User Use Case will be to define how network and multi-boundary security should be applied when an agency allows remote users on its network. CISA identifies two characteristics for a remote user scenario, including:
- Remote user devices aren’t directly connected to network infrastructure managed and maintained by the agency; and
- Remote user devices are intended for individual use.
“The Remote User Use Case helps agencies preserve security while they gain application performance (e.g., latency, throughput, jitter, etc.); reduce costs through reduction of private links; and improve user experience by facilitating remote user connections to agency-sanctioned cloud services and internal agency services as well as supporting additional options for agency deployment,” CISA wrote. “This use case is also intended to support policy enforcement parity for devices and connectivity options.”
The Remote User Use Case includes three network security patterns. An agency may implement a subset of these patterns, but not necessarily all three. They include:
- Secure remote user access to agency campus;
- Secure remote user access to agency-sanctioned cloud service providers; and
- Secure remote user access to web.
Additionally, this use case references TIC 3.0 Security Capabilities Catalog v2.0, while rescinding and replacing the TIC 3.0 Interim Telework Guidance.