AI & TechBusinessCybersecurityNewswireTechnology

CISA Guide Helps Agencies Adopt SASE for Zero Trust

Originally published on: June 26, 2026
▼ Summary

– CISA published guidance on June 24 for federal agencies to replace legacy internet gateways with SASE technology as part of the shift to zero trust.
– SASE bundles networking and security functions, like SD-WAN and zero trust network access, into a cloud-based service to replace the older TIC 2.0 model.
– The guidance is vendor-agnostic and helps agencies transition from MTIPS to the more flexible TIC 3.0, which is built on zero trust principles.
– Agencies must feed equivalent traffic data to CISA’s CLAW cloud service to maintain visibility after moving off central gateways where EINSTEIN sensors are located.
– CISA now recommends analyzing encrypted traffic for suspicious patterns instead of universally breaking and inspecting TLS traffic due to complexity and latency.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a new guide to help federal agencies transition from outdated internet gateways to Secure Access Service Edge (SASE) technology, a key step in the broader shift toward zero trust security models.

Released on June 24, the document details how agencies can adopt SASE to evolve from the perimeter-based Trusted Internet Connections (TIC) 2.0 framework to the more adaptable TIC 3.0 standard. CISA originally designed TIC 3.0 around zero trust principles, making it a natural fit for SASE adoption.

CISA explicitly states that SASE can replace the Managed Trusted Internet Protocol Services (MTIPS) that agencies have used for years.

Moving Beyond the Perimeter

Under the older TIC 2.0 model, agencies funneled all internet traffic through a limited number of centralized access points. This created bottlenecks that slowed performance for remote workers and branch offices, while also hindering the adoption of modern technologies. In contrast, TIC 3.0 allows for more distributed architectures as long as agencies maintain sufficient visibility into their traffic for CISA.

SASE combines networking and security into a single, predominantly cloud-based service. CISA’s definition includes software-defined wide area networking (SD-WAN) alongside security tools such as secure web gateways, cloud access security brokers, next-generation firewalls, and zero trust network access (ZTNA). The guidance remains vendor-agnostic, focusing on the architectural model rather than specific products.

Maintaining Visibility for CISA

Leaving MTIPS does come with a trade-off. As agency traffic no longer flows through the central gateways where CISA’s EINSTEIN sensors operate, the agency loses the telemetry it relies on for monitoring federal networks. To maintain that visibility, agencies must send equivalent data to CISA’s Comprehensive Log Aggregation Warehouse (CLAW), a cloud service designed to collect agency-provided telemetry.

The guidance also marks a notable shift in long-standing practice. CISA now advises against the universal recommendation to break and inspect encrypted TLS traffic, citing its complexity and the latency it introduces. Instead, the agency recommends analyzing encrypted traffic for suspicious patterns using methods like machine learning without fully decrypting the data.

While the guidance targets federal civilian executive branch (FCEB) agencies, CISA noted that state and local governments, critical infrastructure operators, and other organizations may also benefit. This document is part of a zero trust series CISA launched last year, which already includes a guide on microsegmentation.

Chris Butera, CISA’s acting executive assistant director for cybersecurity, said the guide “helps agencies realize the benefits of zero trust architectures.” The agency emphasized that achieving zero trust is a sustained transformation rather than a single product deployment.

(Source: Infosecurity Magazine)

Topics

sase technology 95% zero trust 93% cisa guidance 90% tic 3.0 88% legacy gateway replacement 86% network visibility 84% encrypted traffic analysis 82% cloud security 80% sd-wan 78% federal cybersecurity 76%