AGENCY:

Office of Management and Budget.

ACTION:

Notice of public comment period.

SUMMARY:

The Office of Management and Budget (OMB) is seeking public comment on a draft memorandum titled, “Update to the Trusted Internet Connections Initiative.”

DATES:

The 30-day public comment period on the draft memorandum begins on the day it is published in the Federal Register and ends 30 days after date of publication in the Federal Register.

ADDRESSES:

Interested parties should provide comments at the following link: https://policy.cio.gov/​tic-draft/​. The Office of Management and Budget is located at 725 17th Street NW, Washington, DC 20503.

FOR FURTHER INFORMATION CONTACT:

The Office of the Federal Chief Information Officer at ofcio@omb.eop.gov or James Massot at (202-395-3030) or Tim Wang at (202-395-6464).

SUPPLEMENTARY INFORMATION:

The Office of Management and Budget (OMB) is proposing a policy revision to improve and modernize a Federal Cybersecurity Initiative.

In 2007, OMB Memorandum M-08-05 established the Trusted Internet Connections (TIC) initiative to standardize the implementation of security capabilities across the Federal Executive Branch by implementing controlled connections to external networks and reducing the overall number of those external network connections. As the information technology landscape has evolved, the implementation requirements of the TIC initiative have created obstacles for agencies to adopt modern cloud solutions.

Pursuant to the Report to the President on Federal IT Modernization, OMB, in close partnership with DHS and GSA, has worked with a number of Federal agencies on agency-led TIC pilots that have been used to identify solutions to current barriers to agency cloud adoption. These pilot results have directly informed the contents of the Update to the Trusted Internet Connections (TIC) Initiative memorandum.

The draft OMB M-Memorandum included in this package, Update to the Trusted Internet Connections (TIC) Initiative, updates the TIC initiative by focusing on three goals:

I. Remove Barriers to Cloud and Modern Technology Adoption—Agencies will have increased flexibility in how they meet TIC initiative security objectives. In some cases, the TIC initiative may entail implementing alternative security controls rather than routing traffic through a physical TIC access point.

II. Ensure the TIC Initiative Remains Agile—Due to the rapid pace that technology and cyber threats evolve, this memorandum establishes a collaborative and iterative process, which includes input from both industry and Federal agencies, for continuously updating the TIC initiative's implementation guidance. This process includes ongoing piloting and approval of new and innovative methods to achieve TIC initiative security objectives in the most effective and efficient manner.

III. Streamline and Automate Verification Processes—The goal is to shift from burdensome, point-in-time, manual spot checks to a scalable, comprehensive, and continuous validation process.

OMB is seeking public comment on this draft memorandum titled “Update to the Trusted Internet Connections (TIC) Initiative”. OMB's authority to issue this guidance and obtain public comments is in the Federal Information Security Modernization Act of 2014.