CISA seeks comments on TIC 3.0 remote user use case
The Cybersecurity and Infrastructure Security Agency (CISA) is looking for comments on a draft of the Trusted Internet Connections (TIC) 3.0 Remote User Use Case.
The Remote User Use Case applies to remote agency users accessing government resources in either agency-hosted or cloud environments. It provides configuration guidance for remote user data flows and applying relevant TIC security capabilities. The draft use case extends the definition of remote users to mobile devices, including personal or bring your own devices used by employees teleworking from home or connecting from a hotel while traveling.
In April 2020, CISA issued interim TIC guidance to address the explosion of remote connections taking place during the COVID-19 crisis. This document provides security capabilities for remote federal employees securely connecting to private agency networks and cloud environments. CISA said it recognized that the short-term guidance was not comprehensive; the scope was limited to scenarios in which teleworkers accessed sanctioned cloud services.
The December draft use case considers three network security patterns: secure remote user access to the agency campus, secure remote user access to agency-sanctioned cloud service providers and secure remote user access to the web.
“The draft use case is designed to help agencies preserve security as they move away from traditional network scenarios in support of the maximized telework environment,” said Matt Hartman, acting assistant director of CISA’s Cybersecurity Division. “CISA expects the security guidance will help agencies improve application performance, reduce costs through reduction of private links and improve user experience by facilitating remote user connections to agency-sanctioned cloud services and internal agency services.”
CISA also released a draft of the National Cybersecurity Protection System (NCPS) Cloud Interface Reference Architecture (NCIRA): Volume 2, which provides an index of common cloud telemetry reporting patterns and characteristics for how agencies can send cloud-specific data to the NCPS cloud-based architecture.
An official request for comments period runs until Jan. 29. Comments and feedback for both documents should be submitted to [email protected].
Connect with the GCN staff on Twitter @GCNtech.