The Inner Circle

 View Only

CISA Trusted Internet Connections 3.0 Cloud Use Case June 2022 Version 1.0

  • 1.  CISA Trusted Internet Connections 3.0 Cloud Use Case June 2022 Version 1.0

    Posted Jun 16, 2022 08:28:00 AM
      |   view attached
    Hi All,

    CISA just published Trusted Internet Connections 3.0 Cloud Use Case June 2022 Version 1.0 

    The TIC 3.0 Cloud Use Case (Cloud Use Case) defines how network and multi-boundary security should be applied in cloud environments. The use case is broken into two distinct components, focusing on cloud deployments for:

    1. Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS) (Section 4), and
    2. Email-as-a-Service (EaaS) (Section 5).

    Appendix C contains definitions of common terms that are used to describe cloud computing throughout this use case.

    Executive Order 140283, "Improving the Nation's Cybersecurity," defines a prioritization of the Federal Government "to improve its efforts to identify, deter, protect against, detect, and respond to these actions and actors." To achieve this, "the Federal Government must adopt security best practices; advance toward Zero Trust Architecture; accelerate movement to secure cloud services, including Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS); …" Additionally, the OMB Zero Trust Strategy Memo 4 (M-22-09) encourages agencies to use the risk security features in cloud infrastructure, requires agencies to meet certain cybersecurity baselines for zero trust, and have a long term implementation plan in place to move towards a zero-trust architecture. This use case can be used by agencies to make use of cloud infrastructure and to secure their SaaS, IaaS, PaaS, and EaaS environments. While this use case can be leveraged as agencies move towards Zero Trust Architectures, implementation of zero trust requires additional controls, additional rigor in applying security capabilities, and measures beyond those detailed in this use case.

    ------------------------------
    Michael Roza CPA, CISA, CIA, MBA, Exec MBA
    ------------------------------

    Attachment(s)