CISA Opens IPv6 Guidance to Public Feedback

The United States Cybersecurity and Infrastructure Security Agency (CISA) on Thursday announced that it’s asking for public feedback on new IPv6 guidance for federal agencies.

Named IPv6 Considerations for TIC 3.0, the document was issued in line with Office of Management and Budget (OMB) Memorandum 21-07, which mandates CISA to enhance the Trusted Internet Connections (TIC) program to ensure Internet Protocol version 6 (IPv6) is implemented within federal IT systems.

The new IPv6 guidance is meant to provide information on IPv6 itself, to inform agencies of their responsibilities in regard to OMB M-21-07, to share security considerations regarding the protocol and the TIC 3.0 security capabilities, and to raise awareness on IPv6 security features.

“This document is intended to be architecture-agnostic and broadly supports the government-wide deployment and use of the IPv6 network protocol,” CISA explains.

Starting September 23, the document is open for public comment, and will remain so until October 15.

CISA encourages agencies, industry experts, and academic researchers to provide feedback on the document to “help support the successful deployment of IPv6 across federal information technology (IT) systems.”

Specifically, CISA seeks to learn whether there are other TIC 3.0 IPv6 considerations or security challenges that it should take into account, and what other TIC 3.0 IPv6 guidance agencies would be interested in receiving from CISA.

“CISA encourages IT decision-makers and administrators in all federal government agencies and organizations to review IPv6 Considerations for TIC 3.0 to facilitate advancing IPv6 networks and ensuring future growth and innovation in internet services and technology,” CISA notes.

Those interested in submitting feedback can do so via email, at tic(at)cisa.dhs.gov. After reviewing the comments, CISA will produce the final version of the guidance.

Related: CISA, Microsoft Issue Guidance on Recent Azure Cosmos DB Vulnerability

Related: CISA Details Additional Malware Targeting Pulse Secure Appliances

Related: CISA Details Malware Used in Attacks Targeting Pulse Secure Devices