OMB has updated guidance under the Trusted Internet Connection initiative to enhance network security across the government, saying its new policies will provide agencies with “increased flexibility to use modern security capabilities” and establish a process for ensuring the TIC initiative “is agile and responsive to advancements in technology and rapidly evolving threats.”
The new policy, in memo M-19-26, supersedes policies dating to 2008 which focused on consolidation of external connections and the deployment of common tools at those access points. “While this prior work has been invaluable in securing federal networks and information, the program must adapt to modem architectures and frameworks for government IT resource utilization,” it says.
Among other things, under the new guidance:
* DHS is to define requirements in documentation called TIC Use Cases, outlining which security controls, such as endpoint and user based protections, must be in place for specific scenarios.
* In coordination with OMB, DHS and the Chief Information Security Council, agencies are to develop pilot projects to meet their technology needs while promoting appropriate security controls.
* Agency chief information officers are to maintain “an accurate inventory of agency network connections, including details on the service provider, cost, capacity, traffic volume, logical/physical configurations, and topological data for each connection in the event OMB, DHS, or others request this information to assist with governmentwide cybersecurity incident response or other cybersecurity matters.”