FedScoop: A closer look at TIC telework guidance reveals not all cloud providers are eligible

“The recent Trusted Internet Connections (TIC) 3.0 interim telework guidance not only addressed agencies’ remote access security amid the coronavirus pandemic but also specified the type of cloud service providers (CSPs) they can use.”

“Released by the Cybersecurity and Infrastructure Security Agency on April 8, the guidance says teleworkers can access cloud services directly using transport layer security, a virtual private network (VPN) or virtual desktop infrastructure.”

“But reading between the lines, the guidance also says providers must be able to send telemetry data to the National Cybersecurity Protection System’s EINSTEIN team, says Stephen Kovac, a vice president at cybersecurity company Zscaler. This allows agencies to work with nontraditional CSPs, so long as they can deliver that data.”

“Historically, only providers that have gone through the existing Networx contract’s validation process could provide Managed Trusted Internet Protocol Services (MTIPS) — TIC-compliant cybersecurity services.”

“’We still need to make sure that the agencies’ new providers are accountable,’ Kovac told FedScoop. ‘This is going to be an opportunity for people to come after the current TIC providers under the Networx contract, the service providers that provide MTIPS, but they still must meet this requirement for telemetry data.’ Telemetry data contains the who, what, when, where and how of remote transactions— and people tend to miss that requirement, Kovac said.”

“Three access providers were authorized under the Networx contract to provide TIC-compliant cybersecurity services: AT&T, CenturyLink and Verizon. MTIPS contracts were additionally awarded to some of the primes — Core Technologies, Granite Telecommunications and MetTel — on Networx’s $50 billion successor contract, Enterprise Infrastructure Solutions.”

“What new CSPs agencies choose to work with remain to be seen but they’ll likely offer telework services like Zoom videoconferencing or data handling, storage and use.”FedRAMP is in there (even if you don’t see it)

Nowhere in the TIC guidance is the Federal Risk and Authorization Management Program (FedRAMP) program — established to authorize and continuously monitor CSP offerings governmentwide — mentioned by name. But that doesn’t mean it’s absent…” Read the full article here.

Source: A closer look at TIC telework guidance reveals not all cloud providers are eligible – By Dave Nyczepir, April 16, 2020. FedScoop.

0
Tags:

This topic contains 0 replies, has 1 voice, and was last updated by  Jackie Gilbert 5 months, 1 week ago.

  • Author
    Posts
  • #95443

    Replies viewable by members only

    0

You must be logged in to reply to this topic.

CONTACT US

Questions?. Send us an email and we'll get back to you, asap.

Sending

©2020 G2Xchange all rights reserved | Community and Member Guidelines | Privacy Policy | About G2Xchange FedCiv

Opportunities. Starting Points.

About our Data

The Vault is a listing of expiring contracts, task orders, etc. within a certain set of parameters, to include:

  • Have an initial total estimated contract value of $10 million or above
  • Federal Civilian Only – DHS, Transportation, Justice, Labor, Interior, Commerce, Energy, State, and Treasury Actions
  • NAICS codes include: 511210, 518210, 519130, 519190, 541511,
    541512, 
    541513, 541519, 541611, 541618,
    541690, 541720, 541990
  • Were modified within the last 12 calendar months
  • The data represented is based on information provided by the government

Who has access? Please note that ALL G2Xchange FedCiv Members will receive access to all basic and much of the advanced data. G2Xchange FedCiv Corporate Members will receive access to ALL Vault content (basic and advanced).

Feedback/Suggestions? Contact us at Vault@G2Xchange.com and let us know what you think. 

G2Xchange FedCiv

Log in with your credentials for G2Xchange FedCiv

Forgot your details?