A memo issued Thursday says the updated TIC guidance will no longer require agencies to flow internet traffic through a physical TIC access point in order to provide them more flexibility in ensuring their cybersecurity posture as they move to the cloud.
“[The memo] still requires agencies to meet all the strict security requirements that have always been a priority and are even more of a priority now,” Suzette Kent, federal chief information officer and a 2019 Wash100 winner, said Thursday at the Dell Technologies Forum. “But it includes new pathways to take advantage of modern technology, the capabilities of software, that wasn’t even imagined when that original policy was written.”
The memo requires the Department of Homeland Security to issue guidance on the development and management of pilot programs and approve use cases to “promote flexibility while maintaining a focus on security outcomes.”
The document states the four use cases approved by OMB: cloud, agency branch office, remote users and traditional TIC or the default use case.
The White House issued a draft of the updated TIC policy in December.