CISA Posts Cloud Security Guidelines for Federal Agencies

The Cybersecurity and Infrastructure Security Agency has published the finalized Trusted Internet Connections guidelines for agencies that utilize cloud environments. Titled “TIC 3.0 Cloud Use Case,” it details security and telemetry practices for software-as-a-service, infrastructure-as-a-service and similar delivery models and is informed by public feedback collected in 2022.

Sean Connelly, program manager of the TIC 3.0 program, previously explained that, unlike prior use cases, the document will focus on providing guidance to cloud services instead of their clients.

It is meant to fulfill TIC requirements laid out by the Office of Management and Budget in a 2019 memorandum, CISA said.

Managed by CISA, OMB and the General Services Administration, TIC is an initiative aimed at standardizing baseline security practices across the federal government.

The latest version of the program, 3.0, is defined by continual guidance updates as relevant technologies develop and mature. It is meant to account for constraints faced by individual agencies regarding adoption and information technology infrastructure modernization.