OMB revises Trusted Internet Connection policy
- By Adam Mazmanian
- Sep 13, 2019
A new policy governing how agencies connect to the internet was released by the Office of Management and Budget Sept. 12. The update to the Trusted Internet Connection policy aims to make it easier for agencies to take advantage of current cloud and managed services technologies while still maintaining secure connections.
The new policy "includes pathways to take advantage of modern technology and capabilities and software that wasn't even imagined with that original policy was written," Federal CIO Suzette Kent said at a FedScoop event.
The traditional TIC policy was designed to reduce and consolidate agency connections to the internet and manage connections emanating from a single building or office. As a practical matter, this policy set up a series of checkpoints that introduced latencies that worked against cloud's advantages of speed and scale.
The new policy adds three new uses cases and security controls for internet traffic that may not be required to flow through a TIC endpoint. The cloud use case supports managed services in infrastructure-, platform-, software- and email-as-a-service models. A use case to support agency branch offices that use headquarters' services for web traffic is designed to accommodate the use of software-defined wide-area networking technology. The third use case supports telework and advances how remote users connect to their agency's network and cloud.
The TIC policy calls on the Department of Homeland Security to outline requirements for the use cases and draw on "proven, secure scenarios, where agencies have met requirements for government-wide intrusion detection and prevention efforts, such as the National Cybersecurity Protection System (including the EINSTEIN suite), without being required to route traffic through a [Trusted Internet Connection Access Provider or Managed Trusted Internet Protocol Services] solution."
Activity on the revised TIC policy will proceed along multiple paths. The Federal Chief Information Security Officer Council will put out a solicitation to industry for TIC pilots to add more detail and documentation to the individual use cases. DHS, the General Services Administration and the CISO Council will manage those pilots. GSA will update key contracting vehicles to include new TIC policies.
Under the new guidance, agencies are expected to have updates to their network policies completed within one year.
A version of this article was first posted to FCW, a sibling site to GCN.
Adam Mazmanian is executive editor of FCW.
Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.
Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.