Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Identity & Access

CISA Releases Remote Access Guidance for Government Agencies

The United States Cybersecurity and Infrastructure Security Agency (CISA) last week announced the release a new guidance document: Trusted Internet Connections (TIC) 3.0 Remote User Use Case.

The United States Cybersecurity and Infrastructure Security Agency (CISA) last week announced the release a new guidance document: Trusted Internet Connections (TIC) 3.0 Remote User Use Case.

Meant to provide federal agencies with guidance on securing their networks while ensuring that remote users do have access to internal resources, the document was produced in collaboration with the Office of Management and Budget (OMB), the Federal Chief Information Security Officer Council (FCISO) Trusted Internet Connections (TIC) Subcommittee, and the General Services Administration.

The TIC 3.0 Remote User Use Case is based on the TIC 3.0 Interim Telework Guidance that was released in the spring of 2020, and falls in line with the OMB Memorandum M-19-26, CISA explains.

CISA says the document was finalized after public feedback was received on it. The agency has already published a summary of the received comments and of the modifications that were made, along with additional TIC 3.0 guidance.

A total of four new security capabilities were included in TIC 3.0 Remote User Use Case, namely user awareness and training, domain name monitoring, application container, and remote desktop access.

The TIC 3.0 Remote User Use Case defines the manner in which agencies should apply network and multi-boundary security when an agency user connects to the network from outside of a physical agency premises. Examples include personnel working from home or from a hotel, or connecting from another location.

Three network security patterns were included in the use case: securing remote user access to agency campuses, to agency-sanctioned cloud service providers, and to the web.

“The Remote User Use Case helps agencies preserve security while they gain application performance; reduce costs through reduction of private links; and improve user experience by facilitating remote user connections to agency-sanctioned cloud services and internal agency services as well as supporting additional options for agency deployment,” the document explains.

Advertisement. Scroll to continue reading.

Related: CISA Opens IPv6 Guidance to Public Feedback

Related: CISA, Microsoft Issue Guidance on Recent Azure Cosmos DB Vulnerability

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Stephanie Crowe has been appointed head of the Australian Cyber Security Centre (ACSC).

Cloud security giant Wiz has named Fazal Merchant as President and Chief Financial Officer.

Cybersecurity and data protection company Acronis has appointed Gerald Beuchelt as CISO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.