Security guidance

CISA Releases TIC 3.0 Guidance for Remote Working Scenarios

The Cybersecurity and Infrastructure Security Agency has released a Trusted Internet Connections 3.0 document addressing how agencies can secure remote working scenarios.

The guidance covers employees performing sanctioned business functions outside of physical agency premises and remote user devices not directly connected to network infrastructure that is managed and maintained by agencies.

CISA details ways to configure data flows and apply TIC capabilities when remote users access a campus, agency-sanctioned cloud service providers, or the internet, FedScoop reported.

According to CISA, remote users access agency-hosted resources by establishing protected connections via virtual private networks, transport layer security, virtual desktop infrastructure or through a cloud access security broker and security as a service providers.

Regardless of the option exercised by remote users, agencies have to practice due diligence to ensure that their information is being protected in line with their risk tolerances, CISA stated.

The document comes with an updated security capabilities catalog that agencies can refer to.

Applicable capabilities recommended by CISA for remote working scenarios include backup and recovery, strong authentication, time synchronization, vulnerability and patch management, dynamic threat discovery, data loss prevention, anti-phishing and spam protections, email transmission encryption and link click-through protection.

“The Remote User Use Case helps agencies preserve security while they gain application performance; reduce costs through reduction of private links; and improve user experience by facilitating remote user connections,” the document said.