CISA issues secure telework guidance

On April 10, the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) issued Trusted Internet Connections 3.0 Interim Telework Guidance to help federal agencies conduct secure telework during the current telework surge.

CISA is monitoring the evolving coronavirus disease 2019 (COVID-19) situation closely, taking part in interagency and industry coordination calls, and working with critical infrastructure partners to prepare for possible disruptions to critical infrastructure that may stem from widespread illness. As federal civilian agencies respond to the COVID-19 situation, the number of federal agency employees working remotely has increased dramatically. In order to support agencies as they respond to this surge in teleworking, CISA is issuing this interim Trusted Internet Connections (TIC) guidance1 to help agencies leverage existing resources to secure their networks.

The purpose of this document is to help federal civilian agencies address the telework surge concerns by:

  • Providing awareness that the security patterns outlined under Agency Teleworker Options 1 and 2 (below) align to TIC architecture capabilities as presented in the draft TIC 3.0 guidance (December 2019).
    • Agencies should ensure that appropriate data sharing is maintained with Agency Security Operations Centers.
    • Agencies should be prepared to discuss the availability of log and telemetry features in order to determine what relevant information will need to be provided to CISA for cybersecurity analytical purposes.
  • Informing agencies that the interim guidance provided under Agency Teleworker Option 3 provides additional temporary relief with additional security patterns.
  • Suggesting security capabilities for agencies to consider when creating or expanding their teleworking platforms.
  • Allowing vendors to map the cybersecurity capabilities provided by their services to the TIC security capabilities that support secure teleworking.

Read the guidance here.

Source: CISA