“The government’s cybersecurity leads released the final version of guidance for how agencies can ensure employees connecting to government networks from remote locations—like from home while teleworking—do so securely.
Thursday’s release marks the third of four use cases that together constitute the basis of the government’s Trusted Internet Connection 3.0 policy, the policy developed to govern how agencies and their employees connect to the internet…”
“‘These users could be personnel working from home, connecting from a hotel or telecommuting from a non-agency-controlled location,’ the comments response summary states. ‘Collectively, the TIC 3.0 guidance is key in offering flexibility to agencies that are modernizing and securing the connections between the internet, agencies, the cloud, and mobile—remote—users.’
“Commentors broadly asked for four things from the final version:
- For CISA to add clarity around telemetry—the network data used by the agency and CISA to monitor the security posture of a given system.
- Additional guidance for security capabilities.
- Integrating zero trust architecture concepts to align with other TIC and governmentwide initiatives.
- Additional guidance on other topics, ‘such as expanding definitions, aligning security capabilities to other cybersecurity guidance and including new security patterns.’
CISA officials said they took all of these comments into consideration and incorporated the first three into the final guidance. However, the fourth request was determined to be out of scope for the remote user use case, though officials might include some of those considerations when finalizing outstanding draft use cases…” Read the full article here.
Source: CISA Finalizes Guidance for Securing Federal Networks for Remote Users – By Aaron Boyd, October 8, 2021. Nextgov.
