The Cybersecurity and Infrastructure Security Agency is slated to release the third version of its Trusted Internet Connection guidance after receiving input from government and industry parties, Nextgov reported Tuesday.
In December, CISA issued a draft of the TIC 3.0 policy to include use cases encompassing traditional environments, cloud infrastructure, agency offices and remote users. TIC 3.0 introduces the concept of “trust zones”, which are intended to comply with agency-issued security guidelines for processing data with varying sensitivity levels.
“This trust zone concept is in line with the concepts of zero trust,” CISA said in the document. “A trust zone must adhere to the security outcomes as identified or described in the use case. A trust zone does not always inherit trust/security from an adjacent trust zone, nor does the trust and the subsequent security capabilities depend on the trust of the adjacent zone.”
Experts have raised concerns about the use of trust zones, which they said do not align with the concept of a zero-trust architecture.