AWS Government, Education, & Nonprofits Blog

FedRAMP-Trusted Internet Connection (TIC) Overlay Pilot Program

A new way of architecting the cloud to improve the accessibility, speed, and security for U.S. government users

AWS is excited to announce that we’ve successfully completed the testing phase of the FedRAMP-Trusted Internet Connection (TIC) Overlay pilot program. We’ve been working with the FedRAMP Program Management Office (PMO), Department of Homeland Security (DHS) PMO, GSA 18F, and FedRAMP third-party assessment organization (3PAO), Veris Group, to develop and test a new way of architecting the cloud that would maintain a high level of security. This will ultimately provide U.S government agencies and contractors with information to assist in the development of “TIC Ready” architectures on AWS.

Background on TIC

In November 2007, the Office of Management & Business (OMB) mandated that government users could only access their cloud provider through an agency connection, either a TIC Access Provider (TICAP) or Managed Trusted IP Service Provider (MTIPS). This can cause a slow connection and additional constraints on a government network or infrastructure. In today’s “anytime, anywhere” world, it’s important for government users to access their data hosted on their cloud provider from any device.

In May 2015, the FedRAMP PMO and DHS PMO invited AWS to participate in the FedRAMP-TIC Overlay pilot to develop an approach that balances the need for speed and security, while also removing the frustrations and headaches caused by slow connectivity. The goal of the pilot was to help develop and test a new way of architecting that would maintain a high level of security – mapped to FedRAMP security controls – and still make the government user experience more accessible and user-friendly.   AWS Pilot Results

As an initial analysis, we leveraged a TIC-capabilities-to-FedRAMP-Moderate mapping table provided for the pilot.  Based on that, our 3PAO determined that 80% of the TIC capabilities were covered within AWS’s existing FedRAMP Agency ATO. During the course of the pilot, in collaboration with DHS and FedRAMP, 17 of the TIC capabilities were excluded from the pilot as either not relevant or not appropriate to a cloud service provider (CSP).  Of the remaining 57 controls, we determined that responsibilities would be allocated as follows: shared between AWS and the customer (36); solely the responsibility of the customer (16);  and solely the responsibility of AWS (5).  Through the pilot activities, we successfully worked with GSA 18F and our 3PAO to identify and demonstrate implementation of the required capabilities through a combination of native AWS services and the use of technologies available from the AWS Marketplace.

Take Advantage of TIC Connectivity on AWS Today

Our government customers interested in following GSA 18F’s lead now have the capability to deploy and test their own TIC capabilities on AWS. While the FedRAMP TIC Overlay is being finalized, our customers can implement the TIC capabilities as part of their virtual perimeter protection solution using the evidence resulting from our TIC Mobile assessment and functionality provided by AWS (with a clear definition of the customer responsibility for implementation of the additional TIC capabilities).

Check out our TIC readiness whitepaper, which provides an overview of the TIC pilot and its goals, guidance on how customers can implement TIC, as well as appendices that provide detailed mappings of customer responsibility for the TIC capabilities.

Congrats to the Team!

AWS answered the call of the Department of Homeland Security (DHS) Trusted Internet Connections (TIC) Program Management Office (PMO) and FedRAMP PMO for CSPs to participate in their FedRAMP – TIC Overlay Pilots in order to help develop a solution towards data security and connections between federal agency mobile users and cloud service providers. AWS successfully completed the pilot and provided their assessment of addressing the controls identified in the Draft FedRAMP-TIC Overlay to DHS TIC and FedRAMP PMO to develop further guidance on a TIC Ready CSP solution.” –Matthew Goodrich, FedRAMP Director and Sara Mosley, TIC program manager at the Department of Homeland Security, Trusted Internet Connection

It’s been an absolute pleasure to work alongside the folks at the FedRAMP PMO, DHS, and GSA 18F during this pilot program. We are looking forward to working with our other government agency customers to help them leverage the cloud to better meet their mission!