CISA Requests Public Comment on CISA’s TIC 3.0 Cloud Use Case

06/16/2022 12:00 PM EDT

Original release date: June 16, 2022

CISA has released Trusted Internet Connections (TIC) 3.0 Cloud Use Case for public comment. TIC is a federal cybersecurity initiative intended to secure federal data, networks, and boundaries while providing visibility into agency traffic, including cloud communications.

TIC use cases provide guidance on the secure implementation and configuration of specific platforms, services, and environments, and are released on an individual basis. TIC 3.0 Cloud Use Case defines how network and multi-boundary security should be applied in cloud environments, focusing on cloud deployments for Infrastructure-as-a-Service, Platform-as-a-Service, Software-as-a-Service, and Email-as-a-Service. This is the last of the Initial Common Trusted Internet Connections Use Cases outlined in OMB Memorandum M-19-26.

CISA encourages federal government stakeholders to review Executive Assistant Director Goldstein’s blog post and TIC 3.0 Cloud Use Case and share it broadly within their networks. 

This product is provided subject to this Notification and this Privacy & Use policy.

FBI Releases PIN on Ransomware Straining Local Governments and Public Services

03/31/2022 11:00 AM EDT

Original release date: March 31, 2022

The Federal Bureau of Investigation (FBI) has released a Private Industry Notification (PIN) to inform U.S. Government Facilities Sector partners of cyber actors conducting ransomware attacks on local government agencies that have resulted in disrupted operational services, risks to public safety, and financial losses.

CISA encourages local government officials and public service providers to review FBI PIN: Ransomware Attacks Straining Local U.S. Governments and Public Services and apply the recommended mitigations.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA’s Zero Trust Guidance for Enterprise Mobility Available for Public Comment

03/07/2022 03:53 PM EST

Original release date: March 7, 2022

CISA has released a draft version of Applying Zero Trust Principles to Enterprise Mobility for public comment. The paper guides federal agencies as they evolve and operationalize cybersecurity programs and capabilities, including cybersecurity for mobility. The public comment period will close April 18, 2022.

Executive Order 14028:  Improving the Nation’s Cybersecurity, issued May 12, 2021, requires Federal Civilian Executive Branch departments and agencies to adopt Zero Trust (ZT) architectures to protect the government’s information resources, of which federal mobility is an integral part. The guidance highlights the need for special consideration for mobile devices and associated enterprise security management capabilities due to their technological evolution and ubiquitous use.

CISA encourages interested parties to review Applying Zero Trust Principles to Enterprise Mobility and provide comment. See CISA Blog: Maturing Enterprise Mobility Towards Zero Trust Architectures for more information.  

This product is provided subject to this Notification and this Privacy & Use policy.