Almost seven years after the last major revision, the OMB released the third iteration of the Trusted Internet Connection policy, a roadmap for how agencies can ensure secure system access with the proliferation of cloud-based systems and other types of networks.
The original 2007 TIC policy and its 2012 revision focused on offering agencies a set list of specific connectivity options, designed to exclude potentially dangerous connections. However, those policies were incredibly proscriptive, and have not translated well in the cloud-based networks the administration is pushing agencies to adopt.
The new policy creates a set of use cases that outline the different ways agencies set up networks, and how employees should connect to those networks. These include the traditional use of approved, established connections; cloud-based “as a service” systems; agency branch offices using standard web connections; and remote users connecting government devices through third-party connections.