The Trusted Internet Connections (TIC) Initiative commenced in November 2007 with the issuance of Office of Management and Budget (OMB) Memorandum M-08-05. Implementation of TIC optimizes federal agency's network services into a common solution for the federal enterprise and establishes guidelines for agencies to provide a Plan of Action and Milestones (POA&Ms) for meeting TIC deadlines.
The purpose of the POA&Ms is to document the agency's existing connections as of January 2008 and provide plans to reduce and consolidate those connections. Additionally, with the release of OMB Memorandum M-08-16: Guidance for Trusted Internet Connection Statement of Capability Form (SOC) on April 4, 2008, agencies were requested to propose their solution and outline their ability to become a Single or Multi-Agency TIC Access Provider (TICAP). On May 1, 2008, agencies also provided a business justification that outlines the number of TICs that are necessary in order to support their current mission requirements and customer base.
Purpose and Authority
The purpose of a TIC Capability Validation (TCV) is to leverage an objective, repeatable, and consistent methodology to measure federal agency/departmental compliance with the TIC Initiative and related Office of Management and Budget (OMB) directives and guidance.
OMB established the authority for the TCV Initiative through:
- OMB Memo: M-08-05 - Implementation of Trusted Internet Connections
- OMB Memo: M-08-16 - Guidance for Trusted Internet Connection Statement of Capability Form (SOC)
Benefits of TCV
The TIC Capability Validation (TCV) offers federal agencies and departments a number of benefits, the most visible of these is the promotion of TICAP compliance awareness with senior level decision makers and the satisfaction of agency/departmental requirements stemming from the Comprehensive National Cybersecurity Initiative (CNCI) and relevant OMB memos. A standardized assessment process allows for a greater understanding and level of confidence in the overall security of the federal network as a whole. Additionally, the TCVs offer agencies and departments the opportunity to identify specific gaps in compliance in order to assist with prioritizing their workload and budgetary requirements.
The scope of the TIC Capability Validation (TCV) is determined by the capabilities developed and outlined by the TIC Working Group. Currently, these capabilities address TIC services and devices and Network and Security Operations Centers (NOC/SOC) services and operations. On-site assessments are limited to interviews and observations of personnel at primary TIC Access Provider (TICAP) service/device locations or at back-up locations.
The TIC Capability Validation (TCV) assessment consists of:
- Assessment Planning
- On-site Assessment
Assessment planning includes establishing communication, providing the TICAP with a pre-assessment package, and conducting a series of planning, logistics, and briefing meetings.
Pre-assessment activities include the TICAP completing the pre-assessment package and a meeting to discuss the results with the TCV team.
The on-site assessment incorporates interviews, documentation review, and direct observations or demonstrations of NOC/SOC activities to collect objective evidence of the TICAP’s compliance with the TIC Initiative.
At the conclusion of a TIC Capability Validation (TCV), federal agencies and departments receive:
- A signed memo from the Department of Homeland Security indicating the level of compliance with the TIC initiative, a list of follow-up actions and next steps, and a compliance designation (either Initial or Mature Operating Capability)
- A formal final report outlining: a summary of activities and findings, the degree to which critical TIC capabilities are met, and the degree to which reduction and consolidation has occurred
Primary Contact: firstname.lastname@example.org
Branch Chief, Compliance & Assurance Program: email@example.com