TIC 3.0: Great Work, but Not Zero Trust
DHS recently published version 3.0 of the Trusted Internet Connection (TIC) architecture. A response to changing IT conditions, Executive Orders, and OMB mandates, the new architecture seeks to support IT modernization through cloud adoption while keeping security as a top priority. The comprehensive set of documents includes an overview, a catalog of security capabilities, a reference architecture, guidance for pilot programs, advice for service providers, and a very helpful set of use cases relevant to agency needs.
Analysis: DHS Domain Name System Breach Directive
DHS Designates New Protections for U.S. Election Infrastructure
On the same day that U.S. intelligence agencies issued a non-classified report citing that Russian state-sponsored influence campaigns sought to “undermine public faith in the U.S. democratic process…” using a blend of covert activity (such as cyber activity) with overt efforts (state-funded media, paid trolls, etc.) the Department of Homeland Security took steps to protect the bedrock of our voting system – the nation’s election infrastructure.
FedRAMP Serves up a New User Experience
FedRAMP (The Federal Risk and Authorization Management Program) is changing. By the end of 2015, FedRAMP, aka the FISMA for the cloud, is anticipated to add high-impact cloud systems (it currently only authorizes low- and moderate-impact levels).
While only 12% of all federal systems are labeled as high impact (mostly DoD and DHS), as more agencies move to use cloud services, the need for a high-impact baseline standard is growing.
The Need for Clarity about FedRAMP Processes