Last week, the US Cybersecurity and Infrastructure Security Agency (CISA) announced the release of Trusted Internet Connections (TIC) 3.0 Remote User Use Case, a new guideline paper.
The document was created in collaboration with the Office of Management and Budget (OMB), the Federal Chief Information Security Officer Council (FCISO) Trusted Internet Connections (TIC) Subcommitte, and the General Services Administration to provide federal agencies with guidance on securing their networks while ensuring that remote users have access to internal resources.
According to CISA, the TIC 3.0 Remote User Use Case is based on the TIC 3.0 Interim Telework Guidance, which was released in the spring of 2020, and follows OMB Memorandum M-19-26.
The document was finalised, according to CISA, after public feedback was received. The agency has already released a summary of the comments received and the changes implemented, as well as additional TIC 3.0 guidelines.
The TIC 3.0 Remote User Use Case includes four new security capabilities: user awareness and training, domain name monitoring, application container, and remote desktop access.
When an agency user connects to the network from outside of a physical agency premises, the TIC 3.0 Remote User Use Case describes how agencies should implement network and multi-boundary security. Personnel working from home or a hotel, or connecting from another place, are examples.
The use case featured three network security patterns: safeguarding remote user access to agency campuses, agency-sanctioned cloud service providers, and the internet.
“The Remote User Use Case assists agencies in preserving security while gaining application performance; reducing costs by reducing private links; and improving user experience by facilitating remote user connections to agency-sanctioned cloud services and internal agency services, as well as supporting additional options for agency deployment,” according to the document.