Difference between revisions of "Trusted Internet Connection"

From MgmtWiki
Jump to: navigation, search
(References)
(Solutions)
Line 12: Line 12:
  
 
==Solutions==
 
==Solutions==
* Policy Enforcement Location (or point - PEP) = The security posture of agency user devices changes when the agency user is working outside the agency
+
* Policy Enforcement Location (or point - PEP) = The security posture of agency user devices changes when the agency user is working outside the agency network. This may lead an agency to rethink the locations where security policies are enforced. In a traditional on-premises environment, agencies retain significant control and visibility into agency user
network. This may lead an agency to rethink the locations where security policies are enforced. In a
+
devices, and these devices can support rigorous enforcement of agency policies. Under these conditions agencies’ risk tolerances might allow the deployment of capabilities to the agency user devices, grant the agency users more direct access to agency services, and allow the devices a greater ability to retrieve, process, and store agency data. However, as depicted in Figure 4, as this control and visibility of agency user devices decrease, agencies may look to move these capabilities further upstream from the endpoints, closer to the services or data.
traditional on-premises environment, agencies retain significant control and visibility into agency user
 
devices, and these devices can support rigorous enforcement of agency policies. Under these conditions,
 
agencies’ risk tolerances might allow the deployment of capabilities to the agency user devices, grant the
 
agency users more direct access to agency services, and allow the devices a greater ability to retrieve,
 
process, and store agency data. However, as depicted in Figure 4, as this control and visibility of agency
 
user devices decrease, agencies may look to move these capabilities further upstream from the endpoints,
 
closer to the services or data.  
 
 
 
  
 
==References==
 
==References==

Revision as of 14:36, 6 October 2022

Full Title

Trusted Internet Connections (TIC), originally established in 2007, is a federal cybersecurity initiative intended to enhance network and perimeter security across the Federal Government.

Context

Trusted Internet Connections 3.0 Remote User Use Case[1]

  • This initiative is based on trust zones and so is not directly compatible with a Zero Trust Architecture
  • The TIC 3.0 Remote User Use Case (Remote User Use Case) defines how network and multi-boundary security should be applied when an agency permits remote users on their network. A remote user is an agency user that performs sanctioned business functions outside of a physical agency premises. The remote user scenario has two distinguishing characteristics:
  1. Remote user devices are not directly connected to network infrastructure that is managed and maintained by the agency. These device are either
    1. EMM Enterprise (agency) owned and maintained.
    2. DCD - like BYOD which is employee owned.
  2. Remote user devices are intended for individual use (i.e., not a server)

Solutions

  • Policy Enforcement Location (or point - PEP) = The security posture of agency user devices changes when the agency user is working outside the agency network. This may lead an agency to rethink the locations where security policies are enforced. In a traditional on-premises environment, agencies retain significant control and visibility into agency user

devices, and these devices can support rigorous enforcement of agency policies. Under these conditions agencies’ risk tolerances might allow the deployment of capabilities to the agency user devices, grant the agency users more direct access to agency services, and allow the devices a greater ability to retrieve, process, and store agency data. However, as depicted in Figure 4, as this control and visibility of agency user devices decrease, agencies may look to move these capabilities further upstream from the endpoints, closer to the services or data.

References

  1. Cybersecurity and Infrastructure Security Agency Version 1.0 Remote User Use Case (2021-10) https://www.cisa.gov/sites/default/files/publications/CISA%20TIC%203.0%20Remote%20User%20Use%20Case_1.pdf