The Cybersecurity and Infrastructure Security Agency (CISA) is seeking comments on “remote user” provisions in the Trusted Internet Connections 3.0 guidance and the second volume of the National Cybersecurity Protection System Cloud Interface Reference Architecture.
The draft Remote User Use Case provisions build on the TIC’s Interim Telework Guidance, which covers multiboundary and network security recommendations for agency personnel working remotely. CISA released an updated version of TIC 3.0 in July.
Modifications in the remote-user use case include expanded definitions of mobile devices to include Bring Your Own Device provisions.
NCIRA Volume 1 standards on common cloud telemetry-based reporting patterns will be used as a basis for the draft NCIRA Volume 2 guidance.
Matt Hartman, acting assistant director of CISA's cybersecurity division, said the draft use-case guidances are meant to help agencies ensure the security of their systems upon their transition to telework approaches.
CISA also seeks to improve user experience by subjecting remote user connections to internal agency services as well as agency-sanctioned cloud services, he noted.
The agency will accept feedback on the draft TIC updates through Jan. 29, 2021.