The Trusted Internet Connections (TIC) initiative was mandated in OMB Memorandum M-08-05 issued in November 2007. The memorandum was meant to optimize (and reduce) individual external connections, including internet points of presence currently in use by the federal government. In 2008, the Department of Homeland Security's (DHS) National Cybersecurity Protection System (NCPS), operationally known as Einstein, became mandatory for federal agencies as part of TIC.
TIC includes a program for improving the federal government's incident response capability through a centralized gateway monitoring at a select group of TIC Access Providers (TICAP). Identified as one of the Administration's three priorities to improve cybersecurity and the security of Federal information systems, the TIC initiative aims to further improve agencies' security posture and incident response capabilities through enhanced monitoring and situational awareness of all external network connections.
The goals of TIC are to secure federal agencies’ external network connections, including Internet connections, and improve the government’s incident response capability by reducing the number of agencies’ external network connections and implementing security controls over the connections that remain. In implementing TIC, agencies could either provide their own access points by becoming an access provider or seek service from these providers or an approved vendor. To achieve the initiative's goals, agencies were required to:
- inventory external connections
- establish a target number of TIC access points
- develop and implement plans to reduce their connections
- implement security capabilities (if they chose to be an access provider) addressing such issues as encryption and physical security, and
- demonstrate to DHS the consolidation of connections and compliance with the security capabilities (if they chose to be an access provider).
As of September 2009, none of the 23 agencies had met all of the requirements of the TIC initiative. Although most agencies reported that they have made progress toward reducing their external connections and implementing critical security capabilities, most agencies have also experienced delays in their implementation efforts.
See also Edit
- Trusted computer system
- Trusted Computer System Evaluation Criteria
- Trusted computing base
- Trusted system
- Trusted third party
External reading Edit
- GAO, Information Security: Concerted Effort Needed to Consolidate and Secure Internet Connections at Federal Agencies (GAO-10-237) (Mar. 12, 2010).
|This page uses Creative Commons Licensed content from Wikipedia (view authors).|