
Trusted Internet Connection 3.0 [pdf] - equalunique
https://www.whitehouse.gov/wp-content/uploads/2019/09/M-19-26.pdf
======
chmielewski
"Removing barriers to cloud" worries me. Many government agencies have banned
USB storage devices due to the policy complication and security headaches it
invariably creates; I don't see this going any better than them announcing
that they're "removing barriers to USB".

Being a compromise between convenience and safety is a core aspect of
security, however when there's an administrative policy umbrella which covers
a few ways "cloud" may be used safely, when it may be used unsafely... it
seems like they need to create their own exclusive cloud or rethink this (yes,
I understand this is a very non-specific, high-level-view document, and that
the implementation details aren't outlined).

Hearing 'this involves a lot of risk, let's do this right' is one thing,
seeing an administrative guidance from the US Government saying they will be
implementing it is another thing entirely, and learning that this pertains to
"cloud-in-general" use during the year 2019... I mean, to be clear, the
document suggests that if they go through their own encryption funnel as
specified by policy, they can touch 3rd party storage and applications. No
matter how clandestinely you fill the safe, no matter how securely you hide
the location in which it's buried, you're still using this big corporation's
consumer grade junk. There's the saying "don't implement a technical solution
to solve an administrative problem" (and vice versa)... this is implementing
an administrative policy to acknowledge the technical problem, however what it
will "solve" before they jump to the next thing will have to be seen. I'm
willing to bet this will be scratched wholesale or change dramatically far
before 85% implementation.

------
equalunique
Trusted Internet Connection (TIC) guidance for US government agencies will
allow for network traffic to flow seperate from self-hosted physical TIC
infrastructure, opening the door for cloud-based solutions.

