IMMEDIATE BAN OF INTERNET SOCIAL NETWORKING SITES (SNS) ON MARINE CORPS ENTERPRISE NETWORK (MCEN) NIPRNET

By | August 03, 2009

R 032022Z AUG 09
UNCLASSIFIED//
MARADMIN 0458/09
MSGID/GENADMIN/CMC WASHINGTON DC C4//
SUBJ/IMMEDIATE BAN OF INTERNET SOCIAL NETWORKING SITES (SNS) ON MARINE CORPS ENTERPRISE NETWORK (MCEN) NIPRNET//
REF/A/MSGID:MCO/STRATCOM/102315Z//
AMPN/REF A IS USSTRATCOM ORDER TO ADDRESS RISK OF USING NIPRNET CONNECTIVITY TO ACCESS INTERNET SNS.//
POC/MARK R SCHAEFER/LTCOL/UNIT:HQMC C4 IA/-/TEL:703-693-3490 /EMAIL:MARK.R.SCHAEFER@USMC.MIL//
POC/TIMOTHY LISKO/CTR/UNIT:HQMC C4 IA/-/TEL:703-693-3490 /EMAIL:TIMOTHY.LISKO.CTR@USMC.MIL//
GENTEXT/REMARKS/1. PURPOSE.  THIS MESSAGE ANNOUNCES AN IMMEDIATE BAN ON INTERNET SNS WITHIN THE MCEN UNCLASSIFIED NETWORK (NIPRNET).
2.  BACKGROUND.  INTERNET SNS ARE DEFINED AS WEB-BASED SERVICES THAT ALLOW COMMUNITIES OF PEOPLE TO SHARE COMMON INTERESTS AND/OR EXPERIENCES (EXISTING OUTSIDE OF DOD NETWORKS) OR FOR THOSE WHO WANT TO EXPLORE INTERESTS AND BACKGROUND DIFFERENT FROM THEIR OWN.  THESE INTERNET SITES IN GENERAL ARE A PROVEN HAVEN FOR MALICIOUS ACTORS AND CONTENT AND ARE PARTICULARLY HIGH RISK DUE TO INFORMATION EXPOSURE, USER GENERATED CONTENT AND TARGETING BY ADVERSARIES.  THE VERY NATURE OF SNS CREATES A LARGER ATTACK AND EXPLOITATION WINDOW, EXPOSES UNNECESSARY INFORMATION TO ADVERSARIES AND PROVIDES AN EASY CONDUIT FOR INFORMATION LEAKAGE THAT PUTS OPSEC, COMSEC, PERSONNEL AND THE MCEN AT AN ELEVATED RISK OF COMPROMISE.  EXAMPLES OF INTERNET SNS SITES INCLUDE FACEBOOK, MYSPACE, AND TWITTER.
3. ACTIONS.  TO MEET THE REQUIREMENTS OF REF A, ACCESS IS HEREBY PROHIBITED TO INTERNET SNS FROM THE MCEN NIPRNET, INCLUDING OVER VIRTUAL PRIVATE NETWORK (VPN) CONNECTIONS.
4. EXCEPTIONS.
A.  ACCESS MAY BE ALLOWED BY MCEN DESIGNATED ACCREDITATION AUTHORITY (DAA) THROUGH A WAIVER PROCESS.
B.  ACCESS IS ALLOWED TO DOD-SPONSORED SNS-LIKE SERVICES INSIDE THE GLOBAL INFORMATION GRID (GIG) ON AUTHORIZED DOD MILITARY SYSTEMS THAT ARE CONFIGURED IN ACCORDANCE WITH DISA SECURITY TECHNICAL IMPLEMENTATION GUIDES (E.G., INTELINK, ARMY KNOWLEDGE ONLINE, DEFENSE KNOWLEDGE ONLINE, ETC).
5. WAIVER REQUEST PROCESS.
A.  IF MISSION-CRITICAL REQUIREMENTS EXIST FOR ACCESS TO INTERNET SNS, WAIVER REQUESTS MUST BE SUBMITTED TO COMMAND INFORMATION ASSURANCE MANAGER (IAM) FOR VALIDATION AND FORWARDING PER NETOPS C2 STRUCTURE.
B. WAIVER REQUIREMENTS.
(1) COMMAND/UNIT
(2) POINT OF CONTACT
(3) NAME OF SNS
(4) OPERATIONAL NEED FOR SNS
(5) OPERATIONAL IMPACT WITHOUT SNS
(6) NUMBER OF SNS USERS
(7) NUMBER OF TIMES ACCESSED PER WEEK PER USER
(8) ACCESS METHOD: NIPRNET OR GOVERNMENT-FURNISHED COMMERCIAL INFRASTRUCTURE AND COMPUTERS C. ROLES AND RESPONSIBILITIES.
(1) COMMAND IAM: INVESTIGATE AND VALIDATE MISSION-CRITICAL NEED FOR INTERNET SNS ACCESS.  IF NEED IS JUSTIFIED, FORWARD REQUEST TO MARINE CORPS NETWORK SECURITY OPERATIONS CENTER (MCNOSC).
(2) MCNOSC: INVESTIGATE THE TECHNICAL IMPLEMENTATION OPTIONS AND FORWARD TO MCEN DAA.
(3) MCEN DAA: FINAL APPROVAL AUTHORITY.  MCEN DAA WILL STIPULATE HOW ACCESS TO INTERNET SNS IS OBTAINED BASED ON MISSION NEED (I.E., THROUGH NIPRNET OR GOVERNMENT-FURNISHED COMMERCIAL INFRASTRUCTURE).
6. IT PROCUREMENT.  IT PROCUREMENTS MADE TO FACILITATE INTERNET SNS USE MUST CONTAIN AN APPROVED WAIVER REQUEST.
7. CANCELLATION. THIS MARADMIN WILL BE CANCELLED ONE YEAR FROM DATE OF PUBLICATION.
8. RELEASE AUTHORIZED BY BGEN G. J. ALLEN, DIRECTOR, COMMAND, CONTROL, COMMUNICATIONS, AND COMPUTERS/CHIEF INFORMATION OFFICER OF THE MARINE CORPS.//