Department of Defense
High Performance Computing Modernization Program

TIC Initiative History

The Trusted Internet Connection (TIC) Initiative, was announced in 2007 by Office of Management and Budget (OMB) memorandum M-08-05 and updated in 2009 by OMB memorandum M-09-32. A TIC Reference Architecture Document, Version 2.2, was released in June 2017. This document is applicable to all United States (US) Federal government civilian agencies, but particularly to those acting as TIC Access Providers (TICAPs) -- agencies responsible for managing their TIC internet access point's physical location and corresponding security capabilities, and those which have been designated as Multi-Service TICAPs -- agencies providing services to other agencies through a shared services model. The process for an agency to be designated as a Multi-Service TICAP by completing a TIC Statement of Capability (SOC) Form is set forth in this attachment to OMB memorandum M-08-16. All network connections external to an agency are to be monitored by a Department of Homeland Security (DHS) National Cyber Protection System (NCPS) sensor, operationally known as an EINSTEIN Enclave.

In Sept 2019 OMB Memorandum M-19-26 announced an update to the TIC Initiative called “TIC 3.0”. In accordance with OMB memorandum M-17-26 Reducing Burden for Federal Agencies by Rescinding and Modifying OMB Memoranda, June 2017, earlier memoranda related to the TIC Initiative (M-08-05, M-08-16 and M-08-27, and M-09-32) were rescinded by the OMB. Also, a new home page was established for the TIC Initiative (authentication required).

Rather than requiring agencies to employ only physical TIC access points, they may now use alternative security controls identified by TIC Use Cases contained in Appendix A of M-19-26 and additional alternative security controls to be subsequently identified by the process set forth in section D of M-19-26.

In Mar 2020, the DHS Cybersecurity and Infrastructure Security Agency (CISA) released five updated draft Guidance Documents for TIC 3.0. These draft Guidance Documents, guidance for their use, and directions for submitting comments on the draft documents are available here.

In Feb 2020, the National Institute of Standards and Technology (NIST) released a second draft Special Publication (SP) 800-207 Zero Trust Architecture (ZTA) document. Section 6 of that document discusses other Federal policies and programs including the TIC 3.0 Initiative and the older DHS EINSTEIN Program, and how the NIST ZTA complements them.

Available Managed Trusted Internet Protocol Services Providers

The General Services Administration (GSA) authorized, or will authorize pending TIC Initiative certification, multiple Networx and Enterprise Infrastructure Solutions (EIS) vendors to be Managed Trusted Internet Protocol Services (MTIPS) providers. The alignment of MTIPS with the TIC Initiative is described by this GSA web page. The list of vendors authorized to be MTIPS providers that are accessible via Internet Protocol version 6 (IPv6) is available here. MTIPS are available as a separate managed security service, or as part of an agency’s specific statement of work directly with the vendor. GSA has also provided answers to Networx IPv6 Frequently Asked Questions.

(Note: The GSA is in the midst of an EIS acquisition. The Networx contract (and others) are transitioning to EIS. See this GSA web page describing the on-going multi-year transition.)

Additional United States Government Requirements for IPv6

US government organizations' requirements for IPv6 as part of the TIC Initiative are specified in:

  1. Critical Capabilities line item TM.TC.03 of the TIC Reference Architecture Document, Version 2.2
  2. paragraph C.2.3.1.2 Standards of an EIS Statement of Work (SOW) (see sample SOW here), and
  3. paragraph C.2.4.1.5.1.2 Standards, item 29, of a Networx SOW (see sample SOW here).

The requirements of the Federal Acquisition Regulations as amended Dec, 2009 (described in the IPv6 Boiler Plate Acquisitions Language article in the Deployment section) apply. Verify that connectivity via IPv6 to the MTIPS provider’s locations is available from the geographic locations included in your IPv6 deployment effort.


Top