New TIC 3.0 Guidance Grounded in Zero Trust, CDM
CISA is creating a cohesive cybersecurity approach for federal agencies.
The Cybersecurity Infrastructure and Security Agency released new TIC 3.0 remote user case guidance to help federal agencies secure their networks in a teleworking environment.
The new draft guidance, which is open to public comment, comes almost 10 months after federal agencies shifted to remote work due to the COVID-19 pandemic.
Zero trust and Continuous Diagnostics and Mitigation (CDM) principles ground CISA’s recommendations in the draft guidance, pointing to the agency’s consistent, interconnected approach to cybersecurity for federal agencies.
CISA recommends federal agencies collect device logs of all devices connected to their networks, including personal devices, and track data sent and received from remote user devices.
“These logs should, when possible, be integrated with the agency’s central log management solution,” CISA said.
CISA also recommends ongoing monitoring of devices connected to the network and constantly verifying compliance with security standards and procedures, which is a central tenet of CISA’s CDM program.
“When possible, agencies should verify device configuration compliance when authorizing access to agency networks, services and data,” CISA said. “This compliance should be verified in an ongoing manner while a device maintains access to agency networks or services.”
In a remote working environment, CISA advises a zero trust approach to security controls.
“Agency users’ access to agency services and data should consider the security of the device being used to access the service or data, enabling higher levels of access to users with more secure devices,” according to the draft guidance. “If agencies permit the administration of services by remote users, they should employ MFA and should account for device security and compliance before authorizing administrative access. Agencies should track and analyze administrative logins and activities, especially when inconsistent with normal usage, and should have procedures in place for quickly revoking administrative access.”
When patching devices, CISA also recommends a zero trust approach. “Assume that remote devices have not been patched until confirmed otherwise. Based upon agency risk tolerances, unpatched devices may merit follow up with the remote user and access restrictions on those devices until patched, particularly if active exploits are known,” CISA said in its recommendations.
Aligning desktop, mobile and remote policies is also key, CISA added, as is continuous monitoring for “changes or discrepancies” in remote users’ “use of agency services or data.”
These security measures, CISA added, are especially important when so many federal employees are now teleworking.
In addition to these recommendations, CISA advised caution when sharing information and materials in virtual meetings.
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
New HHS CIO Prioritizes Cybersecurity, CX in 2025
HHS CIO Jennifer Wendel outlines plans to boost cybersecurity, improve workforce training and enhance customer experience in the new year.
4m read -
Robotics is ‘Transforming’ Maritime Power, Navy Secretary Says
Carlos Del Toro calls for investment in digitization, robotics and tech that have transformed shipyards, ship production and operations.
3m read -
Trump's FBI Pick Calls for Increased Cyber Resiliency
Trump's pick for FBI Director Kash Patel has expressed his plans for bolstering the nation's cyber resiliency if confirmed by the Senate.
3m read -
DOE Cyber Pilot Takes Centralized Approach to Threat Monitoring
DOE's cyber pilot drives a centralized approach to threat monitoring and builds robust defenses to defend the nation's energy infrastructure.
5m read