White House updates Trusted Internet Connection policy


The White House released a new Trusted Internet Connection policy Sept. 12 to bring the rules governing how federal agencies connect to the internet in line with current cloud and managed services technology.

The new policy "includes pathways to take advantage of modern technology and capabilities and software that wasn't even imagined with that original policy was written," Federal CIO Suzette Kent said at a FedScoop event. The TIC policy, she said, was the final major technology policy rewrite of rules that were more than five years old.

Under the new guidance, agencies are expected to have updates to their network policies completed within one year.

The traditional TIC policy was designed to reduce and consolidate agency connections to the internet and manage connections emanating from a single building or office. As a practical matter, this policy set up a series of checks and blocks that introduce latencies that work against the speed and scale of cloud.

"Today, government traffic runs through an open internet connection and a virtual private network client," Stephen Kovac, vice president of global government and compliance at Zscaler, wrote in an April 2019 op-ed in FCW. "It then travels back through the agency data center and a stack of on-prem security devices, and out through the TIC, where it traverses another stack of security appliances to its final destination -- sites in the open internet."

The new policy adds three new uses cases to the traditional TIC. The cloud use case supports managed services in infrastructure, software, email and platform. A use case to support agency branch offices is designed to accommodate the use of Software-Defined Wide Area Network technology. The third is designed to support telework and advances how individual users outside a network perimeter connect to their agency's network and cloud.

Activity on the revised TIC policy will proceed along multiple lines. The Federal Chief Information Security Officer Council will put out a solicitation to industry for TIC pilots to put more detail and documentation on the individual use cases. The Department of Homeland Security, the General Services Administration and the CISO Council will manage those pilots. GSA will update key contracting vehicles to include new TIC policies.

Essentially, the move is way to put managed services providers that service government agencies on the hook for collecting and managing security data.

"We are setting a set of outcomes—security outcomes and requirements for the cloud provider," Cybersecurity and Infrastructure Security Agency Director Chris Krebs said at a March 2019 House hearing. "[We're] saying, 'This is the kind of information we need. You guys need to send it back to us and then we can analyze it.'"

Krebs added: "We are ultimately going to shift from a model where we own the infrastructure, we own the sensors and instead, we're putting out a baseline policy in a series of outcomes that we're looking to achieve and so we have everybody playing by our rules rather than we're doing the operations and maintenance on equipment…. Ultimately I think we're going to be more effective, I think we're going to be able to do it faster and I think we're going to be able to use the private sectors agility to get better security."

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


  • People
    Federal CIO Suzette Kent

    Federal CIO Kent to exit in July

    During her tenure, Suzette Kent pushed on policies including Trusted Internet Connection, identity management and the creation of the Chief Data Officers Council

  • Defense
    Essye Miller, Director at Defense Information Management, speaks during the Breaking the Gender Barrier panel at the Air Space, Cyber Conference in National Harbor, Md., Sept. 19, 2017. (U.S. Air Force photo/Staff Sgt. Chad Trujillo)

    Essye Miller: The exit interview

    Essye Miller, DOD's outgoing principal deputy CIO, talks about COVID, the state of the tech workforce and the hard conversations DOD has to have to prepare personnel for the future.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.