Security Experts:

Connect with us

Hi, what are you looking for?


Identity & Access

CISA Releases Remote Access Guidance for Government Agencies

The United States Cybersecurity and Infrastructure Security Agency (CISA) last week announced the release a new guidance document: Trusted Internet Connections (TIC) 3.0 Remote User Use Case.

The United States Cybersecurity and Infrastructure Security Agency (CISA) last week announced the release a new guidance document: Trusted Internet Connections (TIC) 3.0 Remote User Use Case.

Meant to provide federal agencies with guidance on securing their networks while ensuring that remote users do have access to internal resources, the document was produced in collaboration with the Office of Management and Budget (OMB), the Federal Chief Information Security Officer Council (FCISO) Trusted Internet Connections (TIC) Subcommittee, and the General Services Administration.

The TIC 3.0 Remote User Use Case is based on the TIC 3.0 Interim Telework Guidance that was released in the spring of 2020, and falls in line with the OMB Memorandum M-19-26, CISA explains.

CISA says the document was finalized after public feedback was received on it. The agency has already published a summary of the received comments and of the modifications that were made, along with additional TIC 3.0 guidance.

A total of four new security capabilities were included in TIC 3.0 Remote User Use Case, namely user awareness and training, domain name monitoring, application container, and remote desktop access.

The TIC 3.0 Remote User Use Case defines the manner in which agencies should apply network and multi-boundary security when an agency user connects to the network from outside of a physical agency premises. Examples include personnel working from home or from a hotel, or connecting from another location.

Three network security patterns were included in the use case: securing remote user access to agency campuses, to agency-sanctioned cloud service providers, and to the web.

“The Remote User Use Case helps agencies preserve security while they gain application performance; reduce costs through reduction of private links; and improve user experience by facilitating remote user connections to agency-sanctioned cloud services and internal agency services as well as supporting additional options for agency deployment,” the document explains.

Related: CISA Opens IPv6 Guidance to Public Feedback

Related: CISA, Microsoft Issue Guidance on Recent Azure Cosmos DB Vulnerability

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


Twenty-one cybersecurity-related M&A deals were announced in December 2022.

Management & Strategy

Microsoft making a multiyear, multibillion dollar investment in the artificial intelligence startup OpenAI, maker of ChatGPT and other tools.