Trusted Internet Connections (TIC) Program Office chief Sean Connelly said Dec. 8 that his office remains on track to issue several additional use cases over the coming months for the TIC 3.0 security initiative that Federal agencies can employ to advance their security postures.
Speaking at Zscaler’s Zenith Live Virtual Cloud Summit event, Connelly reaffirmed that his office is due to release a remote-user case at the end of this year. That use case will build on interim TIC guidance issued earlier this year to help agencies in their quick migration to widespread telework, and will be of high interest to agencies as they face a lengthy continued period of telework because of the coronavirus pandemic. The interim guidance is set to run through the end of this year.
Also expected in the near term are final releases of the program’s Traditional TIC and Remote Office use cases which the agency made available in draft form late last year.
Further down the pipeline are additional use cases dealing with infrastructure as a service, software as a service, platform as a service, and email, Connelly said.
Potential use cases after that may focus on zero trust, and internet of things, among others, Connelly said. He added that the program office views its work as near the end of the first phase of its efforts, and beginning the second phase.
Over the longer term, he explained, the General Services Administration will take lessons learned from Federal agency TIC pilots and use those to develop acquisition vehicles that can create “stronger and more secure” civilian agency networks.
Connelly also discussed with Stephen Kovac, Zscaler’s Vice President of Global Government and Head of Corporate Compliance, the Cloud Log Aggregation Warehouse (CLAW) reference architectures maintained by CISA’s National Cybersecurity and Protection System (NCPS) that focus on identity for cloud-native security. He said NCPS is due to have a second volume of CLAW guidance ready to release “pretty shortly.”
In connection with that effort, Connelly discussed TIC overlays that security vendors can create to map their services to TIC capabilities. “The overlays are a work in progress,” he said. “We are just seeing where they are going … there is a lot of opportunity going forward on this.”