The Cybersecurity and Infrastructure Security Agency (CISA) released core guidance documentation for the Trusted Internet Connections (TIC) program, developed to assist agencies in protecting modern information technology architectures and services.
CISA released final versions of three of the TIC 3.0 core guidance documents, representing the conclusion of their adjudication period following the issuance of draft documents in December 2019. The Program Guidebook, Reference Architecture, and Security Capabilities Catalog (formerly known as the Security Capabilities Handbook) are amended and improved thanks to the hundreds of recommendations, comments, and questions CISA received during the 50-day request for comments period in early 2020. The final versions of these documents can be found at: www.cisa.gov/publication/tic-30-core-guidance-documents.
Request for Comments Summary
CISA opened a request for comments (RFC) period upon release of the draft core guidance documents on December 20, 2020, lasting from January through February 2020. Nearly 500 comments and questions were collected during the RFC period. Additionally, awareness of the newly-released guidance was generated through engagement in agency roadshows, all-agency webinars, and large industry events, reaching over 1,000 government and industry professionals and representing about 70 federal agencies and several vendors.
After the RFC period ended, CISA worked diligently to analyze the collected feedback, comments, and questions to incorporate into the TIC 3.0 core guidance. After several working session with our partners at the Office of Management and Budget (OMB) and the General Services Administration (GSA), CISA addressed major comments related to the central strategy and concepts of the modernized guidance. A summary of the comments and CISA’s response is available in the Response to Comments on Draft TIC 3.0 Guidance Documentation.
Next Steps
CISA continues to work with agencies to support TIC pilots and guiding industry in developing TIC overlays. With the added lessons-learned, CISA expects to release the final versions of the Use Case Handbook, Overlay Handbook (formerly known as the Service Provider Overlay Handbook), Traditional TIC Use Case, and Branch Office Use Case later this summer.
The TIC PMO can be reached at [email protected].
