CISA and NSA Publish Open Radio Access Network Security Considerations

09/15/2022 09:52 AM EDT

Original release date: September 15, 2022

CISA and the National Security Agency (NSA) have published Open Radio Access Network Security Considerations. This product—generated by the Enduring Security Framework (ESF) Open Radio Access Network (RAN) Working Panel, a subgroup within the cross-sector working group— assessed the benefits and security considerations associated with implementing an Open RAN architecture. Focusing on current designs and specification standards, the ESF Open RAN Working Panel examined how security compares with, and is distinct from, traditional, proprietary RANs.

CISA encourages users, network operators, vendors, and stakeholders to review the considerations. For more information, see the ESF’s Open Radio Access Network Security Considerations, peruse CISA’s 5G Library, and visit Securing 5G Open RAN Architecture from Cybersecurity Risks.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Releases Final Version of Guidance: IPv6 Considerations for TIC 3.0

01/20/2022 09:51 AM EST

Original release date: January 20, 2022

CISA has released the final version of Internet Protocol version 6 (IPv6) Considerations for Trusted Internet Connections (TIC) 3.0. This guidance supports the federal government-wide deployment and use of the modernized network protocol. The final version includes feedback provided during the public comment period that ended in October 2021. See the fact sheet Response to Comments on Guidance: IPv6 Considerations for TIC 3.0 for a comprehensive analysis of comments received. This release is in accordance with Office of Management and Budget (OMB) Memorandum 21-07, which entrusts CISA with enhancing the TIC program to support IPv6 implementation in federal IT systems.

CISA encourages IT decision-makers and administrators in all federal government agencies and organizations to review the Internet Protocol version 6 (IPv6) Considerations for Trusted Internet Connections (TIC) 3.0 for guidance in facilitating IPv6 implementation in federal IT systems.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Releases Guidance: IPv6 Considerations for TIC 3.0

09/23/2021 09:45 AM EDT

Original release date: September 23, 2021

The federal government has prioritized the transition of federal networks to Internet Protocol version 6 (IPv6) since the release of Office of Management and Budget (OMB) Memorandum 05-22 in 2005. In 2020, OMB renewed its focus on IPv6 through the publication of OMB Memorandum 21-07. That memorandum specifically entrusts CISA with enhancing the Trusted Internet Connections (TIC) program to fully support the implementation of IPv6 in federal IT systems. 

In accordance with this OMB mandate, CISA has issued IPv6 Considerations for TIC 3.0 to provide federal agencies with guidance to help them use IPv6 to secure their networks by:

  • Providing IPv6 protocol information to enable a general understanding,
  • Informing agencies of their responsibilities concerning OMB M-21-07,
  • Aligning TIC 3.0 security objectives and security capabilities with IPv6, and
  • Offering awareness and guidance regarding IPv6 security considerations.

CISA encourages IT decision-makers and administrators in all federal government agencies and organizations to review IPv6 Considerations for TIC 3.0 to facilitate advancing IPv6 networks and ensuring future growth and innovation in internet services and technology.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Insights on Risk Considerations for Managed Service Provider Customers

09/03/2021 11:37 AM EDT

Original release date: September 3, 2021

CISA has released a new CISA Insights, Risk Considerations for Managed Service Provider Customers (MSPs), which provides Managed Service Provider (MSP) customers a framework for reducing risk.

This framework is designed for government and private sector organizations of all sizes, and it suggests considerations for IT management planning, best practices, and tools for reducing overall risk. This resource divides guidance across these areas: (1) senior executives and boards of directors (strategic decision-making); (2) procurement professionals (operational decision-making); and (3) network administrators, systems administrators, and front-line cybersecurity staff (tactical decision-making).

Read CISA’s latest blog, visit: CISA.gov/blog/2021/09/02/going-beyond-assessing-security-practices-it- service-providers.

To view this CISA Insights, please visit: CISA.gov/publication/risk-considerations-msp-customers. For additional supply chain risk management information or resources, visit CISA.gov/ict-supply-chain-library.

This product is provided subject to this Notification and this Privacy & Use policy.