The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency issued interim Trusted Internet Connections 3.0 telework guidance and Stephen Kovac, vice president of global government at Zscaler, said the document requires cloud service providers to submit telemetry data to the National Cybersecurity Protection System's EINSTEIN team, FedScoop reported Thursday.
“We still need to make sure that the agencies' new providers are accountable,“ Kovac told the publication. “This is going to be an opportunity for people to come after the current TIC providers under the Networx contract, the service providers that provide [Managed Trusted Internet Protocol Services], but they still must meet this requirement for telemetry data.“
Although the Federal Risk and Authorization Management Program was not mentioned in the interim TIC document, Kovac said agencies should note that FedRAMP is a government requirement.
“I think the agencies have to be careful because they're supposed to buy only FedRAMP-ready clouds,“ Kovac said. “So it'll be interesting to see how that plays out.“