CISA Seeks Public Feedback on TIC 3.0 Cloud Use Case

The Cybersecurity and Infrastructure Security Agency is seeking public feedback on its Trusted Internet Connections (TIC) 3.0 draft cloud use case.

Released last week, the use case covers infrastructure-, platform- and software-as-a-service offerings, as well as email-as-a-service deployments. As with previous use cases offered under the third iteration of the TIC policy that governs how federal agencies set up their networks to secure traffic and data, the cloud use case outlines security patterns, applicable security capabilities and telemetry requirements. According to a blog post authored by Eric Goldstein, executive assistant director for cybersecurity at CISA, this use case contains additional guidance.

“This guidance also incorporates cloud-specific considerations, such as the shared services model and cloud security posture management principles outlined in the Cloud Security (Technical Reference Architecture),” Goldstein said. “Another unique aspect of this use case is that it was written from the vantage point of cloud-hosted services, as opposed to from the vantage point of the client accessing these services.”

TIC 3.0 is required to produce use cases to support agencies under the Office of Management and Budget’s Memorandum M-19-26.

Public comments must be received by July 22, after which CISA will review feedback and publish a finalized version of the guidance.