The Network and Infrastructure Security (NIS) branch leads the development and execution of the Trusted Internet Connections (TIC) Initiative. The purpose of the TIC Initiative, as outlined in OMB Memorandum M-08-05 (PDF, 1 page - 28 KB), is to optimize and standardize the security of individual external network connections currently in use by federal agencies, including connections to the Internet. The initiative will improve the federal government's security posture and incident response capability through the reduction and consolidation of external connections and provide enhanced monitoring and situational awareness of external network connections.
TIC Reference Architecture 2.0
DHS, in collaboration with federal agencies, developed the Trusted Internet Connections (TIC) Reference Architecture v2.0 which introduces new capabilities and clarifies existing mandatory critical capabilities. In addition to mandatory critical capabilities, the TIC Reference Architecture v2.0 includes recommended capabilities based on evolving technologies and threats.
TIC Strategic Components:
- Reduce and consolidate external access points across the federal enterprise,
- Manage the security requirements for Network and Security Operations Centers (NOC/SOC)
- Establish a compliance program to monitor department and agency adherence to TIC policy (addressed in detail below).
The TIC v2.0 Reference Architecture applies to:
- agencies designated as TIC Access Providers (TICAPs);
- commercial carriers designated as Managed Trusted IP Service (MTIPS) providers; and
- all federal executive civilian agencies procuring Networx MTIPS or using TICAP services.
As of September 30, 2012, all executive branch civilian departments and agencies and MTIPS vendors will be assessed on TIC v2.0 Critical Capabilities.
More information is available on the TIC OMB MAX Page.
Please e-mail firstname.lastname@example.org with any questions
TIC Plan of Action and Milestones
The Office of Management and Budget (OMB) Memo M-09-32 Update on the Trusted Internet Connections Initiative outlines agency responsibility to prepare their TIC plan of action and milestones (POA&M) and provide updated status to the Department of Homeland Security every six months. The Department of Defense, Legislative Branch entities, and Judicial Branch entities do not need to submit a TIC POA&M.
The Department of Homeland Security requested all civilian executive departments and agencies, including executive departments, independent establishments, government corporations, and the U.S. Postal Service, update their TIC POA&Ms based on current progress regarding compliance with the TIC initiative.
POA&M templates are sent via e-mail to agencies, who then provide, update, and verify information in their POA&M templates and make any necessary changes.
TIC Historical Information
The Network and Infrastructure Security branch directly supports the goals of the Comprehensive National Cybersecurity Initiative (CNCI). CNCI Initiative One is commonly referred to as the Trusted Internet Connections (TIC) Initiative. The TIC initiative calls for a government-wide "reduction of our external connections, including our Internet points of presence." On November 20, 2007, the Office of Management and Budget (OMB) designated the Department of Homeland Security's Office of Cybersecurity and Communications as the coordinator of the TIC initiative via Memorandum M-08-05 (PDF, 1 page - 28 KB). The Network and Infrastructure Security branch continues the oversight of the TIC initiative.
Milestone #1: Inventory the external connections for your agency
In accordance with M-08-05, all agencies should identify external connections. Appendix A of the "TIC Reference Architecture" clarifies the definition of external connection. This information is used to establish the starting baseline for the Initiative. All agencies should maintain up to date inventories of their external connections, including service provider, cost, location, capacity, and traffic volumes throughout the TIC Initiative.
Milestone #2: Determine your agency's capability to meet the TIC critical technical capabilities
In accordance with M-08-16, TICAP agency CIOs should determine the gap between their agency's current capabilities and the 51 capabilities identified in the Statement of Capability document. Appendix B of the TIC Reference Architecture explains the 51 critical technical capabilities. This information was used by OMB to select designated TICAP agencies and is now completed.
Milestone #3: Develop a plan to reduce and consolidate your agency's external connections through approved access points and a plan to implement the TIC critical capabilities at your agency
A Plan of Action and Milestones (POA&M) was due to the Department of Homeland Security by 8/14/09 and must be up updated every 6 months thereafter until complete.
Milestone #4: Acquire telecommunications connectivity through the Networx Contract
OMB Memo M-08-26 states that all agencies utilize the Networx Contract to acquire telecommunications connectivity. In order to improve your agency's security posture with TIC-compliant managed security services, agencies are encouraged to purchase the Managed Trusted Internet Protocol Services (MTIPS) CLIN through the Networx Contract. TICAP agencies are also encouraged to purchase the MTIPS CLIN, but may also utilize Networx services to customize their security capabilities.
Milestone #5: Implement the plan to reduce and consolidate your agency's external connections through approved access points and the plan to meet the TIC critical capabilities at your agency
In addition to the four milestones mentioned above, all agency Chief Information Officers (CIOs) need to sign a Memorandum of Agreement (MOA) and execute a Service Level Agreement (SLA) with the Department of Homeland Security. TICAP Agency CIOs also need to sign an Interconnection Security Agreement (ISA) and collaborate with the Department to establish their TICAP locations. The end-state of the TIC initiative is for each agency to meet the following targets: 100% compliance with the TIC critical technical capabilities and 100% of external connections routed through an approved TICAP.
Milestone #6: Collaborate with DHS to measure and validate your compliance with the TIC Initiative
The Comprehensive National Cyber Security Initiative directs the Department of Homeland Security, in partnership with OMB, to validate agency compliance with the TIC initiative. This initiative and OMB memo M-08-27 provide further guidance to agencies on the steps necessary to complete the TIC Compliance Validation (TCV). The Department also assesses the capabilities of the Networx TICAPs prior to the service being available. All 20 TICAP agencies were required to schedule, with the Department, the on-site portion of their initial TIC compliance validation assessments by June 30 2009. All other agencies were required to submit Enclosure (5) - the TIC Compliance Validation Self Assessment form - to the Department by December 31, 2009, in order to complete their initial TIC compliance validation self-assessments.
John Streufert, Director, Federal Network Resilience division
Danny Toler, Deputy Director, Federal Network Resilience division
Sara Mosley, Branch Chief, Federal Network Resilience division, Network and Infrastructure Security branch