GSA unveils plan to allow TIC compliance for FedRAMP services

FedRAMP logo. (Update 2014)

The General Services Administration rolled out a draft template on April 2 aimed at giving commercial cloud providers a faster way to deliver secure Internet connections to federal agencies.

The Department of Homeland Security, collaborating with GSA's Federal Risk Authorization Management Program, released a draft overlay for the Trusted Internet Connection (TIC) that meets FedRAMP requirements. The draft, said GSA, is the initial step to update the TIC reference architecture to give agencies more choices in adopting cloud services from commercial providers.

"This overlay is the result of more than 18 months of collaboration between the TIC Initiative and the FedRAMP [Program Management Office] to find alternative solutions to enable federal agencies to more easily and effectively comply with both FedRAMP and TIC," FedRAMP Director Matthew Goodrich wrote in an email to FCW. "This draft overlay is an exciting development not only in that it creates a new alternative to meeting the TIC Initiative for cloud providers, but it also combines the assessment process for both programs eliminating duplication in effort for agencies and cloud providers."

The Office of Management and Budget set up the TIC Initiative in 2008 to standardize how the federal government secures external network connections, including Internet links.

Currently, agencies must use a TIC to connect to cloud services, and can establish that connection via three paths. The first is to implement their own external connections and become designated as a TIC Access Provider (TICAP). The second is to go through GSA's Networx telecommunications services contract to buy external network connections and network perimeter security through commercial carriers that have been designated as Managed Trusted IP Service providers. The third is to work with another agency already designated as a TICAP, and "leverage their external connections perimeter security."

That network-level compliance, however, means federal users must access their cloud services only through a TIC-compliant agency network -- an approach that is increasingly unwieldy for mobile access.

Once finalized, GSA said, the overlay will allow federal agencies to ensure the cloud services themselves meet TIC as well as FedRAMP requirements. The coordination of the two programs will provide for data security in the cloud environments and the security of the network connections between agency networks and cloud services. 

The overlay is the first that the FedRAMP PMO is releasing as part of its FedRAMP Forward initiative. Comments on the overlay are due May 2, emailed to [email protected], with the subject line: "FedRAMP-TIC Overlay Feedback."

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at [email protected] or follow him on Twitter at @MRockwell4.


  • FCW Perspectives
    zero trust network

    Why zero trust is having a moment

    Improved technologies and growing threats have agencies actively pursuing dynamic and context-driven security.

  • Workforce
    online collaboration (elenabsl/

    Federal employee job satisfaction climbed during pandemic

    The survey documents the rapid change to teleworking postures in government under the COVID-19 pandemic.

Stay Connected