DHS recently published version 3.0 of the Trusted Internet Connection (TIC) architecture. A response to changing IT conditions, Executive Orders, and OMB mandates, the new architecture seeks to support IT modernization through cloud adoption while keeping security as a top priority. The comprehensive set of documents includes an overview, a catalog of security capabilities, a reference architecture, guidance for pilot programs, advice for service providers, and a very helpful set of use cases relevant to agency needs.
On the same day that U.S. intelligence agencies issued a non-classified report citing that Russian state-sponsored influence campaigns sought to “undermine public faith in the U.S. democratic process…” using a blend of covert activity (such as cyber activity) with overt efforts (state-funded media, paid trolls, etc.) the Department of Homeland Security took steps to protect the bedrock of our voting system – the nation’s election infrastructure.
FedRAMP (The Federal Risk and Authorization Management Program) is changing. By the end of 2015, FedRAMP, aka the FISMA for the cloud, is anticipated to add high-impact cloud systems (it currently only authorizes low- and moderate-impact levels).
While only 12% of all federal systems are labeled as high impact (mostly DoD and DHS), as more agencies move to use cloud services, the need for a high-impact baseline standard is growing.
The Need for Clarity about FedRAMP Processes