“The Cybersecurity and Infrastructure Security Agency is preparing to release an update to its Trusted Internet Connection program that will focus on the recent surge in telework among federal employees, FCW has confirmed.”
“According to multiple sources, including a CISA official, the emergency interim update could be released as early as this week. Another source outside of government said the guidance will be temporary and is set to expire at the end of the year. It will not be part of the TIC 3.0 document set and will not support any use cases for the program. According to those who have seen draft, the guidance is technical and will address capabilities such as email, networking, DNS, intrusion detection, data protection and other issues.”
“Late last year, CISA released five new draft documents designed to offer a ‘less prescriptive, more descriptive’ approach to the TIC program, which has historically struggled to adapt in tandem with the government’s expanding use of cloud computing. The latest iteration, TIC 3.0 was specifically designed to address the reality of more federal employees working remotely or connecting to off-premise cloud environments. Those documents are expected to be finalized this spring.”
“The 3.0 guidance diverges from previous iterations of the program by emphasizing a distributed architecture rather than a securing a single federal network.”
“An industry source who has reviewed the new guidance told FCW it is designed to augment, not substantially alter, that approach. Rather than wait for use cases or feedback from bodies like the CIO Council, CISA wanted to put out guidance now that would address the explosion of remote connections taking place during the COVID-19 crisis…” Read the full article here.
Source: CISA to release emergency TIC guidance for telework surge – By Derek B. Johnson, April 7, 2020. FCW.