TIC Initiative History
The Trusted Internet Connection (TIC) Initiative, was announced in 2007 by Office of Management and Budget (OMB) memorandum M-08-05 and updated in 2009 by OMB memorandum M-09-32. A TIC Reference Architecture Document, Version 2.2, was released in June 2017. This document is applicable to all United States (US) Federal government civilian agencies, but particularly to those acting as TIC Access Providers (TICAPs) -- agencies responsible for managing their TIC internet access point's physical location and corresponding security capabilities, and those which have been designated as Multi-Service TICAPs -- agencies providing services to other agencies through a shared services model. The process for an agency to be designated as a Multi-Service TICAP by completing a TIC Statement of Capability (SOC) Form is set forth in this attachment to OMB memorandum M-08-16. All network connections external to an agency are to be monitored by a Department of Homeland Security (DHS) National Cyber Protection System (NCPS) sensor, operationally known as an EINSTEIN Enclave.
In Sept 2019 OMB Memorandum M-19-26 announced an update to the TIC Initiative called “TIC 3.0”. In accordance with OMB memorandum M-17-26 Reducing Burden for Federal Agencies by Rescinding and Modifying OMB Memoranda, June 2017, earlier memoranda related to the TIC Initiative (M-08-05, M-08-16 and M-08-27, and M-09-32) were rescinded by the OMB. Also, a new home page was established for the TIC Initiative (authentication required).
Rather than requiring agencies to employ only physical TIC access points, they may now use alternative security controls identified by TIC Use Cases contained in Appendix A of M-19-26 and additional alternative security controls to be subsequently identified by the process set forth in section D of M-19-26.
In Mar 2020, the DHS Cybersecurity and Infrastructure Security Agency (CISA) released three updated Guidance Documents for TIC 3.0. The core Guidance Documents are available here, and guidance for their use is available here. A TIC 3.0 Frequently Asked Questions is available here. In Jan 2022, the DHS CISA released an IPv6 Considerations for TIC 3.0 document.
The CISA also released a 2-volume NCPS Cloud Interface Reference Architecture (CIRA) describing requirements for data sharing at TIC access points in cloud computing environments. The CIRA is in 2 volumes:
Volume 1 – General Guidance, May 2021, provides an overview of changes to enable NCPS to share data
with TIC 3.0, and
Volume 2 – Reporting Pattern Catalog, June 2021 draft, provides details for vendor-specific changes to enable
In Aug 2020, the National Institute of Standards and Technology (NIST) released Special Publication (SP) 800-207 Zero Trust Architecture (ZTA) document. Section 6 of that document discusses other Federal policies and programs including the TIC 3.0 Initiative and the older DHS EINSTEIN Program, and how the NIST ZTA complements them.
Available Managed Trusted Internet Protocol Services Providers
The General Services Administration (GSA) authorized, or will authorize pending TIC Initiative certification, multiple Networx and Enterprise Infrastructure Solutions (EIS) vendors to be Managed Trusted Internet Protocol Services (MTIPS) providers. The alignment of MTIPS with the TIC Initiative is described by this GSA web page. The list of vendors authorized to be MTIPS providers that are accessible via Internet Protocol version 6 (IPv6) is available here. MTIPS are available as a separate managed security service, or as part of an agency’s specific statement of work directly with the vendor. GSA has also provided answers to Networx IPv6 Frequently Asked Questions.
(Note: The GSA is in the midst of an EIS acquisition. The Networx contract (and others) are transitioning to EIS. See this GSA web page describing the on-going multi-year transition.)
Additional United States Government Requirements for IPv6
US government organizations' requirements for IPv6 as part of the TIC Initiative are specified in:
- Critical Capabilities line item TM.TC.03 of the TIC 3.0 Core Guidance Volume 2: Reference Architecture,
- paragraph C.126.96.36.199 Standards of an EIS Statement of Work (SOW) (see sample SOW here), and
- paragraph C.188.8.131.52.1.2 Standards, item 29, of a Networx SOW (see sample SOW here).
The requirements of the Federal Acquisition Regulations as amended Dec, 2009 (described in the IPv6 Boiler Plate Acquisitions Language article in the Deployment section) apply. Verify that connectivity via IPv6 to the MTIPS provider’s locations is available from the geographic locations included in your IPv6 deployment effort.