CISA Releases Finalized IPv6 Guidance for Agencies

The Cybersecurity and Infrastructure Security Agency on Thursday published guidance meant to provide federal agencies with security considerations regarding Trusted Internet Connections 3.0 implementations as they transition to IPv6.

The guidance follows a years-long effort spanning multiple administrations to securely transition agencies to IPv6—the current standard for identifying devices and systems communicating over the web—from the previous standard, IPv4. The guidance reflects feedback provided during a public comment period adjudicated by CISA, in partnership with the General Services Administration, Federal Chief Information Security Officers Council TIC subcommittee and the Office of Management and Budget.

“To keep pace with fast-moving technology, the federal government is expanding and enhancing its strategic commitment to IPv6,” Eric Goldstein, executive assistant director of cybersecurity at CISA, said in a statement. “With our federal partners, we thoroughly reviewed and assessed public comment to ensure this finalized guidance informs and prepares federal agencies on how to properly implement the IPv6. We greatly appreciate every person and organization that took the time to provide comment, which reflects the community’s focus on strong and usable security practices and CISA’s commitment to robust partnership.”

The guidance includes security considerations and relationships to TIC 3.0 security objectives and capabilities for approximately one dozen IPv6 characteristics federal agencies are apt to run into as they transition. CISA also released a fact sheet with the guidance and noted in a statement that the guidance “is just a starting point for agencies transitioning to IPv6.”

“CISA will continue to work with the Federal IPv6 Task Force to support agencies in this transition,” the guidance states.