CISA to Launch Cloud Use Case to Complete TIC 3.0 Architecture
According to Sean Connelly, program manager of TIC 3.0 at the Cybersecurity and Infrastructure Security Agency, the cloud use case is more focused on the application side whereas the earlier use cases were focused on the client side. He noted that the cloud use case will focus on zero trust security, especially with President Joe Biden’s emphasis on zero trust in his cybersecurity executive order.
The latest use case will cover software-as-a-service, platform-as-a-service, infrastructure-as-a-service and emails, FedScoop reported.
It will also meet the requirements for CISA that were set in the TIC 3.0 memorandum, which was laid out in September 2019. The guidance is designed to increase network security while giving agencies more flexibility to use new security options and the chance to eliminate physical access points.
A zero trust reference architecture may follow, and Connelly is working with the Office of Management and Budget to see how architecture would align with the use case. However, a zero trust architecture may not be necessary after agencies submit their own architecture implementation plans as required by the OMB.
The cloud use case is the first one released since October 2021, when TIC officials released the remote user use case. The remote user use case defines how network and multi-boundary security should be applied when agencies allow remote users.
Category: Digital Modernization
Tags: cloud cloud use case Cybersecurity and Infrastructure Security Agency digital modernization FedScoop Sean Connelly TIC 3.0 Trusted Internet Connections