CISA Requests Public Comment on CISA’s TIC 3.0 Cloud Use Case

06/16/2022 12:00 PM EDT

Original release date: June 16, 2022

CISA has released Trusted Internet Connections (TIC) 3.0 Cloud Use Case for public comment. TIC is a federal cybersecurity initiative intended to secure federal data, networks, and boundaries while providing visibility into agency traffic, including cloud communications.

TIC use cases provide guidance on the secure implementation and configuration of specific platforms, services, and environments, and are released on an individual basis. TIC 3.0 Cloud Use Case defines how network and multi-boundary security should be applied in cloud environments, focusing on cloud deployments for Infrastructure-as-a-Service, Platform-as-a-Service, Software-as-a-Service, and Email-as-a-Service. This is the last of the Initial Common Trusted Internet Connections Use Cases outlined in OMB Memorandum M-19-26.

CISA encourages federal government stakeholders to review Executive Assistant Director Goldstein’s blog post and TIC 3.0 Cloud Use Case and share it broadly within their networks. 

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Releases Secure Cloud Business Applications (SCuBA) Guidance Documents for Public Comment

04/18/2022 09:21 PM EDT

Original release date: April 18, 2022 | Last revised: April 19, 2022

CISA has released draft versions of two guidance documentsalong with a request for comment (RFC)that are a part of the recently launched Secure Cloud Business Applications (SCuBA) project:

  • Secure Cloud Business Applications (SCuBA) Technical Reference Architecture (TRA) 
  • Extensible Visibility Reference Framework (eVRF) Program Guidebook 

The public comment period for the RFC guidance documents closes on May 19, 2022.

In accordance with Executive Order 14028, which is aimed at improving security for federal government networks, CISA’s SCuBA project aims to develop consistent, effective, modern, and manageable security that will help secure agency information assets stored within cloud operations.  

CISA encourages interested parties to review the SCuBA documents and provide comment. 
See CISA Blog: SCuBA? It means better visibility, standards, and security practices for government cloud for more information and for links to the RFC guidance documents. 

This product is provided subject to this Notification and this Privacy & Use policy.

CISA’s Zero Trust Guidance for Enterprise Mobility Available for Public Comment

03/07/2022 03:53 PM EST

Original release date: March 7, 2022

CISA has released a draft version of Applying Zero Trust Principles to Enterprise Mobility for public comment. The paper guides federal agencies as they evolve and operationalize cybersecurity programs and capabilities, including cybersecurity for mobility. The public comment period will close April 18, 2022.

Executive Order 14028:  Improving the Nation’s Cybersecurity, issued May 12, 2021, requires Federal Civilian Executive Branch departments and agencies to adopt Zero Trust (ZT) architectures to protect the government’s information resources, of which federal mobility is an integral part. The guidance highlights the need for special consideration for mobile devices and associated enterprise security management capabilities due to their technological evolution and ubiquitous use.

CISA encourages interested parties to review Applying Zero Trust Principles to Enterprise Mobility and provide comment. See CISA Blog: Maturing Enterprise Mobility Towards Zero Trust Architectures for more information.  

This product is provided subject to this Notification and this Privacy & Use policy.