Cloud

GSA unveils plan to allow TIC compliance for FedRAMP services

FedRAMP logo. (Update 2014)

The General Services Administration rolled out a draft template on April 2 aimed at giving commercial cloud providers a faster way to deliver secure Internet connections to federal agencies.

The Department of Homeland Security, collaborating with GSA's Federal Risk Authorization Management Program, released a draft overlay for the Trusted Internet Connection (TIC) that meets FedRAMP requirements. The draft, said GSA, is the initial step to update the TIC reference architecture to give agencies more choices in adopting cloud services from commercial providers.

"This overlay is the result of more than 18 months of collaboration between the TIC Initiative and the FedRAMP [Program Management Office] to find alternative solutions to enable federal agencies to more easily and effectively comply with both FedRAMP and TIC," FedRAMP Director Matthew Goodrich wrote in an email to FCW. "This draft overlay is an exciting development not only in that it creates a new alternative to meeting the TIC Initiative for cloud providers, but it also combines the assessment process for both programs eliminating duplication in effort for agencies and cloud providers."

The Office of Management and Budget set up the TIC Initiative in 2008 to standardize how the federal government secures external network connections, including Internet links.

Currently, agencies must use a TIC to connect to cloud services, and can establish that connection via three paths. The first is to implement their own external connections and become designated as a TIC Access Provider (TICAP). The second is to go through GSA's Networx telecommunications services contract to buy external network connections and network perimeter security through commercial carriers that have been designated as Managed Trusted IP Service providers. The third is to work with another agency already designated as a TICAP, and "leverage their external connections perimeter security."

That network-level compliance, however, means federal users must access their cloud services only through a TIC-compliant agency network -- an approach that is increasingly unwieldy for mobile access.

Once finalized, GSA said, the overlay will allow federal agencies to ensure the cloud services themselves meet TIC as well as FedRAMP requirements. The coordination of the two programs will provide for data security in the cloud environments and the security of the network connections between agency networks and cloud services. 

The overlay is the first that the FedRAMP PMO is releasing as part of its FedRAMP Forward initiative. Comments on the overlay are due May 2, emailed to info@fedramp.gov, with the subject line: "FedRAMP-TIC Overlay Feedback."

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at mrockwell@fcw.com or follow him on Twitter at @MRockwell4.


Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.