The Cybersecurity and Infrastructure Security Agency (CISA) released a draft of the Trusted Internet Connections (TIC) 3.0 Remote User Use Case and the draft National Cybersecurity Protection System (NCPS) Cloud Interface Reference Architecture (NCIRA): Volume 2.

In support of the Office of Management and Budget (OMB) Memorandum (M) 19-26: Update to the TIC Initiative, the TIC 3.0 Remote User Use Case is a new addition to the TIC 3.0 core guidance, released in July 2020. The use case builds off of the TIC 3.0 Interim Telework Guidance, defining network and multi-boundary security guidance for agencies that allow users to work remotely. These users could be personnel working from home, connecting from a hotel, or telecommuting from a non-agency-controlled location. The use case also extends the definition of remote users to mobile devices, including Bring Your Own Device (BYOD).

“The draft use case is designed to help agencies preserve security as they move away from traditional network scenarios in support of the maximized telework environment,” said Matt Hartman, Assistant Director (Acting) of the CISA Cybersecurity Division. “CISA expects the security guidance will help agencies improve application performance, reduce costs through reduction of private links and improve user experience by facilitating remote user connections to agency-sanctioned cloud services and internal agency services.”

The draft NCIRA Volume 2 builds upon the concepts presented in NCIRA Volume 1. It provides an index of common cloud telemetry reporting patterns and characteristics for how agencies can send cloud-specific data to the NCPS cloud-based architecture.

An official request for comments (RFC) period will begin today and conclude on Friday, January 29, 2021. During the RFC period, comments and feedback for both documents should be submitted to tic@cisa.dhs.go.