From FISMApedia

M-08-27 Guidance for Trusted Internet Connection (TIC) Compliance

September 30, 2008

M-08-27

MEMORANDUM FOR THE CHIEF INFORMATION OFFICERS

FROM:	Karen S. Evans Administrator E-Government and Information Technology
SUBJECT:	Guidance for Trusted Internet Connection (TIC) Compliance

In November 2007, OMB announced the implementation of Trusted Internet Connections (TIC) in Memorandum M-08-05, “Implementation of Trusted Internet Connections (TIC).” The TIC initiative progress continues to be demonstrated by the agencies’ reduction in external connections, including internet points of presence.

In the effort to improve the federal government’s incident response capability, I am providing you with additional guidance and clarification as you coordinate with the Department of Homeland Security’s (DHS’s) National Cyber Security Division (NCSD).

As you know, the Office of Management and Budget (OMB) and DHS have hosted several technical meetings regarding the TIC technical architecture. The products from these meetings should be used by your agency to address questions regarding your consolidation and optimization of your network and its associated access points.

Moving forward, for those agencies that have been identified as a TIC Access Provider, compliance with the TIC initiative includes the agency taking the following actions:

Complying with critical TIC technical capabilities per the agencies’ Statement of Capability;
Continuing reduction and consolidation of external connections to identified TIC access points;
Collaborating with NCSD in determining agency technical readiness to coordinate/schedule installation of Einstein;
Executing a Memorandum of Agreement (MOA) between DHS and your agency Chief Information Officer (CIO); and
Executing a Service Level Agreement (SLA) between DHS and your agency CIO.

We are requesting an update for all agencies’ current Plan of Action and Milestones (POA&Ms) to include the pending modification to the NETWORX contract for TIC services which is scheduled for award on/or about November 15, 2008. The TIC Access Providers’ updated POA&Ms should include the above outlined steps. DHS will work with your agency to complete setup/installation activities for Einstein and other DHS specific TIC tasks based on prioritized needs for each agency. We will not

consider your agency fully compliant until DHS has provided notification to OMB of completion of the necessary activities for TIC. OMB is requesting your updated POA&Ms be submitted by October 15, 2008 to tic@dhs.gov.

Policy References:

M-08-05, “Implementation of Trusted Internet Connections (TIC)”

http://www.whitehouse.gov/omb/memoranda/fy2008/m08-05.pdf

Planning Guidance for Trusted Internet Connections (TIC)

http://www.whitehouse.gov/omb/egov/documents/TIC_ImplementationPlanningGuidance.pdf

Final Trusted Internet Connections (TIC) Initiative Statement of Capability Evaluation Report, dated June 4, 2008

http://www.whitehouse.gov/omb/egov/documents/2008_TIC_SOC_EvaluationReport.pdf