Cloud

GSA unveils plan to allow TIC compliance for FedRAMP services

FedRAMP logo. (Update 2014)

The General Services Administration rolled out a draft template on April 2 aimed at giving commercial cloud providers a faster way to deliver secure Internet connections to federal agencies.

The Department of Homeland Security, collaborating with GSA's Federal Risk Authorization Management Program, released a draft overlay for the Trusted Internet Connection (TIC) that meets FedRAMP requirements. The draft, said GSA, is the initial step to update the TIC reference architecture to give agencies more choices in adopting cloud services from commercial providers.

"This overlay is the result of more than 18 months of collaboration between the TIC Initiative and the FedRAMP [Program Management Office] to find alternative solutions to enable federal agencies to more easily and effectively comply with both FedRAMP and TIC," FedRAMP Director Matthew Goodrich wrote in an email to FCW. "This draft overlay is an exciting development not only in that it creates a new alternative to meeting the TIC Initiative for cloud providers, but it also combines the assessment process for both programs eliminating duplication in effort for agencies and cloud providers."

The Office of Management and Budget set up the TIC Initiative in 2008 to standardize how the federal government secures external network connections, including Internet links.

Currently, agencies must use a TIC to connect to cloud services, and can establish that connection via three paths. The first is to implement their own external connections and become designated as a TIC Access Provider (TICAP). The second is to go through GSA's Networx telecommunications services contract to buy external network connections and network perimeter security through commercial carriers that have been designated as Managed Trusted IP Service providers. The third is to work with another agency already designated as a TICAP, and "leverage their external connections perimeter security."

That network-level compliance, however, means federal users must access their cloud services only through a TIC-compliant agency network -- an approach that is increasingly unwieldy for mobile access.

Once finalized, GSA said, the overlay will allow federal agencies to ensure the cloud services themselves meet TIC as well as FedRAMP requirements. The coordination of the two programs will provide for data security in the cloud environments and the security of the network connections between agency networks and cloud services. 

The overlay is the first that the FedRAMP PMO is releasing as part of its FedRAMP Forward initiative. Comments on the overlay are due May 2, emailed to info@fedramp.gov, with the subject line: "FedRAMP-TIC Overlay Feedback."

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at mrockwell@fcw.com or follow him on Twitter at @MRockwell4.


Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.