Federal customers that are part of the Trusted Internet Connection (TIC) initiative are using Microsoft Azure Government. Any Federal government agencies or departments can leverage Azure Government to build applications and services that comply with the TIC initiative.
What is TIC?
The TIC initiative is the common name for initiative number one of the Comprehensive National Cybersecurity Initiative (CNCI). On November 20, 2007, the Office of Management and Budget (OMB) designated the Department of Homeland Security (DHS) as the coordinator of the TIC initiative through Memorandum M-08-5 (with OMB continuing oversight).
The initial TIC initiative direction called for the consolidation of the Federal Government’s external access points (including those to the Internet) for resulting common security solutions such as baseline security capabilities and the ability to validate agency adherence. DHS has since published the current TIC Reference Architecture v2.0 (2013) which introduced new capabilities and clarifies critical capabilities for the optimization and standardization of Federal Government external network connections.
Most recently introduced is the TIC Overlay pilot program with a goal of optimized connectivity to FedRAMP compliant cloud service providers (such as Azure Government) with security capabilities to meet TIC initiative obligations.
Designing for TIC
System owners/designers have three possible approaches to take advantage of Azure Government cloud services while meeting their TIC obligations:
- Based on TIC Reference Architecture v2.0 Appendix H, Federal customers can access Azure Government as an extension of their department or agency network by utilizing Azure capabilities including ExpressRoute, VNETs, Network Security Groups, and User Defined Routes, to establish a managed boundary that does not require traffic to transit a TIC because no traffic is traversing the Internet.
- While the TIC Overlay is not finalized, Federal departments and agencies can seek support from DHS to begin their own TIC Overlay pilot with Microsoft Azure Government. We see this as having great potential for many if not all Federal departments and agencies to optimally utilize cloud services. If your agency or department is interested, please e-mail AzureBlueprint@microsoft.com and we will be happy to help you build a plan.
- Federal customers can access Azure Government cloud services from their existing agency network through their current TIC/TICAP resources. This requires that your current TIC/TICAP provides enough bandwidth to meet your application needs. This design meets all initial requirements of the TIC initiative.
We continue to partner with DHS, OMB, other Federal departments & agencies, along with other cloud service providers, to mature cyber security capabilities of cloud services for the Federal Government. As significant developments occur, we will be reporting updates and solutions through the Azure Government Blog and Azure Government Documentation site.
We welcome your comments and suggestions to help us continually improve your Azure Government experience. To stay up to date on all things Azure Government, be sure to subscribe to our RSS feed and to receive emails, click “Subscribe by Email!” on the Azure Government Blog. To experience the power of Azure Government for your organization, sign up for an Azure Government Trial.