Agencies have until Sept. 25 to file plans with the Office of Management and Budget on how they plan to comply with the Trusted Internet Connection initiative.
Federal Chief Information Officer Vivek Kundra has given agencies until Sept. 25 to report to the Office of Management and Budget and the Homeland Security Department on their plans, progress and milestones in implementing the Trusted Internet Connections initiative.
The memo to federal CIOs, dated Sept. 17, asks agencies to notify OMB and DHS how they will implement TIC requirements. Agencies certified as a TIC access provider (TICAP) may handle their own services. Other agencies may contract for the services from an agency certified as a multiservice TICAP or through the General Services Administration’s Networx Enterprise and Universal contracts. Four Networx carriers are certified to provide TIC services under Networx as a Managed Trusted Internet Protocol Service (MTIPS).
Agencies also must “undertake immediate responsibility for executing essential agreements and updating” plans and progress toward facilitating not only TIC preparations, but also due diligence for integrating the National Cyber Protection System Einstein Enclave intrusion detection system deployments and synchronizing with US-CERT.
Kundra’s memo set deadlines ranging from this week until year’s end.
By Sept. 25:
- All agencies must send an update of their TIC implementation status to DHS.
- DHS has contacted the 20 agencies certified as TICAPs to get an update on their progress.
- TICAPs must schedule initial TIC compliance on-site assessments with DHS.
- All other (non-TICAP) agencies must work with DHS to complete their initial TIC compliance self-assessments.
- Agencies planning to meet the TIC requirements through the purchase of MTIPS on the General Services Administration’s Networx Enterprise and Universal contracts, must submit estimated costs of implementing those services.
GSA’s Networx Enterprise and Universal contracts also won contract modifications
- An Einstein Enclave intrusion detection system.
- A security operations center.
- Transport from the agency WAN to the TIC portal.
- Redundant Internet access service.
- Supply chain risk management provisions.
- Other, optional features to meet unique agency requirements.