MARADMINS : 663/18
R 211928Z NOV 18
MSGID/GENADMIN/CMC WASHINGTON DC C4//
SUBJ/USMC Response to AMRDEC SAFE Outage//
REF/A/DOC/DoD M-5200.1 VOL 4/05 SEP 18//
REF/B/DOC/MCO 5239.B/05 NOV 15//
REF/C/DOC/ECSM 11/30 APR 13//
NARR/REF A DOD INFORMATION SECURITY PROGRAM: CONTROLLED UNCLASSIFIED INFORMATION (CUI). REF B IS MARINE CORPS ORDER, CYBERSECURITY. REF C IS THE ENTERPRISE CYBERSECURITY MANUAL FOR PII.//
POC/RAY A. LETTEER/CIV/UNIT: HQMC C4 CYBERSECURITY/WASHINGTON DC/TEL: 7036933490/EMAIL: RAY.LETTEER@HQMC.USMC.MIL//
POC/BUDDY J. ELLIS/MAJOR/UNIT: HQMC C4 CYBERSECURITY/WASHINGTON DC TEL: 5712568873/EMAIL: BUDDY.ELLIS@USMC.MIL//
GENTEXT/REMARKS/1. Purpose. This message is to issue guidance on secure file transfer alternatives for individuals or units requiring that capability during the current outage.
2. Background. The U.S. Army Aviation and Missile Research Development and Engineering Center (AMRDEC) Safe Access File Exchange (SAFE) located at (https:(slash)(slash)safe.amrdec.army.mil/) has been disabled due to an unspecified issue. The AMRDEC Public Affairs Office states that it has yet to determine whether the site will be reinstated. This leaves the Marine Corps without a method of securely transferring files (with a file size in excess of the Microsoft Outlook limitations) on the Non-Classified Internet Protocol Router (NIPR) Network. C4 is exploring long-term solutions to the capability gap, including the potential expansion of DISA's Secure File Gateway System to meet the DOD need. The following alternative solutions are intended to temporarily fill the capability gap.
3. Actions. In order to securely transfer files the following interim solutions are provided:
3.A. Transfering Personally Identifiable Information (PII), or Protected Health Information (PHI). When the file is larger than 10MB, the user will encrypt PII/PHI contents with at least Advanced Encryption Standard (AES) 256 encryption and then burn files to a Compact Disc (CD) or Digital Versatile Disc (DVD). To protect disc access, a strong password is required and must meet the following password criteria: (18) characters minimum, containing at least three or four (5) character word combinations or phrases. The encrypted CD/DVD can be hand-carried (courier), FedEx'ed, or sent registered mail to the intended recipient. The password created to protect the media can be given in person verbally, or will be sent via encrypted email.
3.B. Transfer For Official Use Only (FOUO) and Controlled Unclasified Information (CUI) files. When transferring FOUO/CUI files from inside the Marine Corps Enterprise Network (MCEN) to outside the Department of Defense Information Network (DODIN), utilize the US Army Research Laboratory (ARL) SAFE. This service is accessible at (https:(slash)(slash)safe.arl.army.mil/) and provides a similar capability to AMRDEC SAFE. The requirement to encrypt files containing sensitive or FOUO information with AES 256 bit encryption, prior to upload, is one way in which ARL SAFE differs from AMRDEC SAFE. Contact U.S. ARL Public Affairs Office at (301) 394-3590 for issues with this site.
3.C. To transfer FOUO and CUI files from inside the MCEN to user(s) within the DoD (i.e., user with a Common Access Card (CAC) and valid PKI credentials enabled) the following options are available:
3.C.1. MilSuite. MilSuite is located at (https:(slash)(slash)login.milsuite.mil/) and requires a CAC to access. In order to share a file the sender and receiver require MilSuite accounts, must create a "stream" with both individuals included in MilSuite and then must upload the file(s) to be transferred into the system. Files uploaded to MilSuite do not require prior encryption, however all applicable rules regarding the diferent types of information (CUI, etc.) will need to be adhered to when using this system.
3.C.2. Organizational SharePoint sites. Most organizations have SharePoint sites that can be used to host the file(s) to be shared. The sender and receiver would need to contact the local organization SharePoint Administrator and ensure both have the appropriate permissions to access the site. SharePoint does not require encryption however all applicable rules regarding the type of information (CUI, etc.) will need to be adhered to when using this system. It is also recommended that the file be deleted from SharePoint after the recipient confirms they have the file(s).
3.C.3. Intelink. (https:(slash)(slash)www.intelink.gov/) can be utilized to send file(s) internal to the DODIN and requires a CAC to access. All applicable rules regarding CUI, and FOUO will need to be adhered to when using this system.
4. Applicability. This message is applicable to the Marine Corps Total Force and to all contractors who support the Marine Corps.
5. Release authorized by Brigadier General L. M. Mahlock, Director, C4/CIO of the Marine Corps.//