GSA unveils plan to allow TIC compliance for FedRAMP services

FedRAMP logo. (Update 2014)

The General Services Administration rolled out a draft template on April 2 aimed at giving commercial cloud providers a faster way to deliver secure Internet connections to federal agencies.

The Department of Homeland Security, collaborating with GSA's Federal Risk Authorization Management Program, released a draft overlay for the Trusted Internet Connection (TIC) that meets FedRAMP requirements. The draft, said GSA, is the initial step to update the TIC reference architecture to give agencies more choices in adopting cloud services from commercial providers.

"This overlay is the result of more than 18 months of collaboration between the TIC Initiative and the FedRAMP [Program Management Office] to find alternative solutions to enable federal agencies to more easily and effectively comply with both FedRAMP and TIC," FedRAMP Director Matthew Goodrich wrote in an email to FCW. "This draft overlay is an exciting development not only in that it creates a new alternative to meeting the TIC Initiative for cloud providers, but it also combines the assessment process for both programs eliminating duplication in effort for agencies and cloud providers."

The Office of Management and Budget set up the TIC Initiative in 2008 to standardize how the federal government secures external network connections, including Internet links.

Currently, agencies must use a TIC to connect to cloud services, and can establish that connection via three paths. The first is to implement their own external connections and become designated as a TIC Access Provider (TICAP). The second is to go through GSA's Networx telecommunications services contract to buy external network connections and network perimeter security through commercial carriers that have been designated as Managed Trusted IP Service providers. The third is to work with another agency already designated as a TICAP, and "leverage their external connections perimeter security."

That network-level compliance, however, means federal users must access their cloud services only through a TIC-compliant agency network -- an approach that is increasingly unwieldy for mobile access.

Once finalized, GSA said, the overlay will allow federal agencies to ensure the cloud services themselves meet TIC as well as FedRAMP requirements. The coordination of the two programs will provide for data security in the cloud environments and the security of the network connections between agency networks and cloud services. 

The overlay is the first that the FedRAMP PMO is releasing as part of its FedRAMP Forward initiative. Comments on the overlay are due May 2, emailed to [email protected], with the subject line: "FedRAMP-TIC Overlay Feedback."

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at [email protected] or follow him on Twitter at @MRockwell4.


  • Management
    shutterstock image By enzozo; photo ID: 319763930

    Where does the TMF Board go from here?

    With a $1 billion cash infusion, relaxed repayment guidelines and a surge in proposals from federal agencies, questions have been raised about whether the board overseeing the Technology Modernization Fund has been scaled to cope with its newfound popularity.

  • IT Modernization
    shutterstock image By enzozo; photo ID: 319763930

    OMB provides key guidance for TMF proposals amid surge in submissions

    Deputy Federal CIO Maria Roat details what makes for a winning Technology Modernization Fund proposal as agencies continue to submit major IT projects for potential funding.

Stay Connected