b'HHow is Trusted Internet Connection policy (TIC) 3.0 changing youragencys IT modernization priorities?Brian Gattoni: We know that improving our network security is not merely about enhancing our ability to respond to cyber incidents. We also need to make it harder for the bad guy to get in. One way we could do so is by modernizing and implementing cybersecurity standards across the federal government, which is one of the tasks laid out in the presidents executive orders. The order mandates the deployment of a multi-factor authentication and encryption across the enterprise. As weve discussed a couple of times already, modernization may not be cheap, but the cost of not doing so is unacceptably too high. To kick start the adoption of cloud and new technology, last year [CISA] released the final versions of the TIC 3.0 core guidance documents. That included the program guide book, reference architecture, and the security capabilities catalog with a use-case handbook and an overlay handbook to assistfederal civilian agencies in their transition to these contemporary architectures andservices TIC 3.0 helps departments and agencies across the federal enterprise, be better positioned to drop their current or add new capabilities as the environment changes and evolves. It helps them adapt to all those dynamic needs. Sean Connelly: Weve been working heavily with the Office of Management and Budget (OMB) and the General Services Administration (GSA) to promote TIC 3.0 across the federal government. By talking to agencies and vendors, theyre recognizing how TIC 3.0 adoption is becoming more critical to their environments. The benefits of TIC 3.0 are that it improves flexibility of agencies, it improves security of agencies, and improves visibility. Before, [TIC] was really built around that traditional castle-moat philosophy. Every asset was inside the agencys perimeter. Now, the perimeter is much more distributed. Agencies now have much more flexibility of where to place those security controls, [such as] closer to the data or asset theyre trying to secure. Steven Hernandez: When youre looking at how to fully deploy TIC 3.0, the fastest answer and the simplest answer is SASE Now, [SASE] isnt the only way to do it. The great news is that the good folks at CISA have been working through a bunch of different use cases. There are certain use cases where even if you have a CASB (Cloud access security broker), you canleverage that CASB as one way to get you a step closer towards what might be more of a SASE zero-trust approach. I think that based on my conversations with CISA and what were doing at the department [of Education], were only going to see more progress in this space.Trusted Internet Connections (TIC) 3.0 TIC 3.0 is non-prescriptive cybersecurity guidance developed to provide agencies with the flexibility to secure distinctive computing scenarios in accordance with their unique risk tolerance levels. 1TIC 3.0 recognizes shifts in modern cybersecurity and assists agencies in adoption, while recognizing their challenges and constraints in modernizing IT infrastructure. 21 https://www.cisa.gov/tic-faq#:~:text=TIC%203.0%20is%20non%2Dprescriptive,their%20unique%20risk%20tolerance%20levels2 https://www.cisa.gov/trusted-internet-connectionsGovernment Business Council Securing the Nations Network|Page 7'