Trusted Internet Connection

From MgmtWiki
Jump to: navigation, search

Full Title

Trusted Internet Connections (TIC), originally established in 2007, is a federal cybersecurity initiative intended to enhance network and perimeter security across the Federal Government.


Trusted Internet Connections 3.0 Remote User Use Case[1]

  • This initiative is based on trust zones and so is not directly compatible with a Zero Trust Architecture
  • The TIC 3.0 Remote User Use Case (Remote User Use Case) defines how network and multi-boundary security should be applied when an agency permits remote users on their network. A remote user is an agency user that performs sanctioned business functions outside of a physical agency premises. The remote user scenario has two distinguishing characteristics:
  1. Remote user devices are not directly connected to network infrastructure that is managed and maintained by the agency. These device are either
    1. EMM Enterprise (agency) owned and maintained.
    2. DCD - like BYOD which is employee owned.
  2. Remote user devices are intended for individual use (i.e., not a server)


  • Policy Enforcement Location (or point - PEP) = The security posture of agency user devices changes when the agency user is working outside the agency network. This may lead an agency to rethink the locations where security policies are enforced. In a traditional on-premises environment, agencies retain significant control and visibility into agency user devices, and these devices can support rigorous enforcement of agency policies. Under these conditions agencies’ risk tolerances might allow the deployment of capabilities to the agency user devices, grant the agency users more direct access to agency services, and allow the devices a greater ability to retrieve, process, and store agency data. However, as depicted in Figure 4, as this control and visibility of agency user devices decrease, agencies may look to move these capabilities further upstream from the endpoints, closer to the services or data. PEP Security capabilities:
  1. Files,
  2. Web,
  3. Networking,
  4. Resiliency,
  5. DNS,
  6. Intrusion Detection,
  7. Enterprise,
  8. Unified Communications and Collaboration (UCC), and
  9. Data Protection.
  • Universal Security Capabilities
  1. Backup and Recovery
  2. Central Log Management with Analysis#
  3. Configuration Management
  4. Incident Response Plan and Incident Handling
  5. Inventory
  6. Least Privilege
  7. Secure Administration
  8. Strong Authentication
  9. Time Synchronization
  10. Vulnerability Management
  11. Patch Management
  12. Auditing and Accounting
  13. Resilience
  14. Enterprise Threat Intelligence
  15. Situational Awareness
  16. Policy Enforcement Parity
  17. Effective Use of Shared Services
  18. Integrated Desktop, Mobile, ang Remote Policies
  19. User Awareness and Training


  1. Cybersecurity and Infrastructure Security Agency Version 1.0 Remote User Use Case (2021-10)