MARADMINS : 226/11
R 081144Z APR 11
UNCLASSIFIED//
MARADMIN 226/11
MSGID/GENADMIN/CMC WASHINGTON DC CDI//
SUBJ/UPDATE TO PROTECTION OF CLASSIFIED INFORMATION ON DEPARTMENT OF DEFENSE (DOD) SECRET INTERNET PROTOCOL ROUTER NETWORK (SIPRNET) NETWORKS//
REF/A/MSGID:DOC/CTO 10-133/USCYBERCOM FORT MEADE MD/27NOV2010//
REF/B/MSGID:DOC/CTO 10-133A/USCYBERCOM FORT MEADE MD/27NOV2010//
REF/C/MSGID:DOC/CTO 10-133 CHANGE 2/USCYBERCOM FORT MEADE MD/ 4JAN2011//
REF/D/MSGID:DOC/CTO 10-133 CHANGE 3/USCYBERCOM FORT MEADE MD/ 14FEB2011//
NARR/REF A IS USCYBERCOM COMMUNICATIONS TASKING ORDER (CTO) 10-133, PROTECTION OF CLASSIFIED INFORMATION ON DEPARTMENT OF DEFENSE (DOD) SECRET INTERNET PROTOCOL ROUTER NETWORK (SIPRNET) NETWORKS. REF B IS CTO 10-133A, AMPLIFYING GUIDANCE TO CTO 10-133. REF C IS IS CTO 10-133 CHANGE 2, PROVIDING ADDITIONAL CLARIFICATION TO REF A. REF D CTO 10-133 CHANGE 3, PROVIDING ADDITIONAL CLARIFICATION TO REF A, B, AND C. REFERENCES A, B, C, AND D CAN BE FOUND ON HTTPS:SLASHSLASHWWW.CYBERCOM.SMIL.MIL/
J3/ORDERS/PAGES/CTOS.ASPX.//
POC/RAY A. LETTEER/GS15/UNIT:HQMC C4 CYBERSECURITY/WASHINGTON DC /TEL:7036933490//
POC/JAMES C. BECKER/COL/UNIT:MARFORCYBER G3/FORT MEADE MD /TEL:4436546343//
POC/MCNOSC WATCH OFFICER/UNIT:MCNOSC/QUANTICO VA/TEL:7037845300//
GENTEXT/REMARKS/1. THIS IS A COORDINATED C4/CDI/MARFORCYBERCOM MARADMIN. THE USE OF REMOVABLE MEDIA ON THE SIPRNET NETWORK IS OF GREAT CONCERN TO THE JOINT CHIEFS OF STAFF AND USCYBERCOM. PER REF A, "WRITE" PRIVILEGES (DOWNLOADING) TO ALL FORMS OF REMOVABLE MEDIA HAS BEEN BANNED BY OSD-LEVEL POLICY, EXCEPT UNDER USCYBERCOM APPROVED PROCEDURES ARTICULATED IN USCYBERCOM CTO 10-084 AND IN REF A. REMOVABLE MEDIA IS DEFINED IN REF A AS CD, DVD, SECURE DIGITAL (SD) CARDS, TAPE, FLASH MEMORY DATA STORAGE DEVICES, MULTIMEDIACARDS (MMC), REMOVABLE HARD DRIVES, ETC. IT DOES NOT INCLUDE ITEMS SUCH AS TAPE/DISK BACKUP OR HARD DRIVE REMOVAL PER SSO SCIF REQUIREMENTS UNLESS THESE MEDIA ARE INTENDED FOR DISTRIBUTION. PER REF A, THE DESIGNATED ACCREDITING AUTHORITY (DAA) MUST ESTABLISH A PROGRAM TO AUTHORIZE PERSONNEL FOR CONDUCTING DATA TRANSFERS ON SIPRNET.
2. BACKGROUND. USCYBERCOM ESTABLISHED PROCEDURES FOR THE PROPER HANDLING AND TRANSFERRING OF CLASSIFIED DATA USING ALL FORMS OF REMOVABLE MEDIA ON SIPRNET.
3. POLICY. IN ACCORDANCE WITH REFERENCES A AND B, ALL DATA TRANSFER TO REMOVABLE MEDIA IS PROHIBITED ON MARINE CORPS SIPRNET SERVERS, SYSTEMS, AND WORKSTATIONS. THIS MARADMIN DOES NOT IMPACT THE ABILITY OF USMC PERSONNEL TO EMPLOY "READ-ONLY" REMOVABLE MEDIA IN THE CONDUCT OF AUTHORIZED MISSIONS. THE TASKS IDENTIFIED IN REF A ADDRESS DATA TRANSFERS FROM SIPRNET TO UNCLASSIFIED (NIPRNET) SYSTEMS (NETWORKED OR STAND ALONE), AND PROVIDE A RECOMMENDED METHODOLOGY TO THE DIRECTOR OF NATIONAL INTELLIGENCE (DNI) FOR DATA TRANSFERS FROM TOP SECRET NETWORKS TO LOWER CLASSIFICATION NETWORKS OR SYSTEMS. THE LOCAL G6 (MEF LEVEL OR HIGHER) TO INCLUDE THE LOCAL BASE, INSTALLATION, AND REGIONAL G6'S ARE DELEGATED BY THE MARINE CORPS DAA TO ENSURE THE TASKS, PER REF A, PAR 7A AND 7B ARE IMPLEMENTED AND DOCUMENTED.
4. REQUIRED ACTIONS.
A. THE LOCAL G6 WILL:
(1) DIRECT ALL PERSONNEL TO CEASE DATA TRANSFERS TO REMOVABLE MEDIA ON THE SIPRNET.
(2) DISABLE "WRITE" PRIVILEGES, EITHER THROUGH PHYSICAL CONFIGURATION, SOFTWARE SETTINGS, HOST BASED SECURITY SYSTEM (HBSS) DEVICE CONTROL MODULE SETTINGS, OR ANY COMBINATION THEREOF AND COORDINATE IMPLEMENTATION WITH THE MARINE CORPS NETWORK OPERATIONS AND SECURITY CENTER (MCNOSC). A TWO-PERSON INTEGRITY PROCEDURE FOR ALL AUTHORIZED SIPRNET FILE TRANSFERS ONTO REMOVABLE MEDIA AS AN IMPLEMENTATION ACTION CAN BE USED IF A TECHNICAL SOLUTION IS UNAVAILABLE.
(3) SET LOCAL GUIDELINES AND PROCEDURES FOR APPROVAL-DISAPPROVAL OF "WRITE" CAPABILITY TO REMOVEABLE MEDIA ON THE SIPRNET. IN IMPLEMENTATIONS WHERE HBSS IS USED, THE G6 MUST FIRST COORDINATE WITH THE MCNOSC TO PROVIDE THE MACHINE NAME OF THE DEVICE.
(4) DISABLE/TURN OFF THE CAPABILITY THAT ALLOWS FOR MULTIPLE USERS TO BE LOGGED INTO ONE MACHINE SIMULTANEOUSLY (IE, SWITCH USER) ON ONLY THOSE HBSS DCM CONFIGURED MACHINES THAT ARE AUTHORIZED TO ENABLE 'WRITE' PRIVILEGES UNLESS TECHNICAL PROVISIONS ARE IN PLACE THAT PROPERLY SEGMENT EACH INDIVIDUAL USER PROFILE FROM INHERITING RIGHTS FROM OTHER USER SESSIONS. THIS SHORT-TERM FIX WILL BE IN PLACE UNTIL DISA PEO-MA PROVIDES A DCM TECHNICAL SOLUTION WITHIN THE NEXT FISCAL YEAR THAT ALLOWS THE SWITCH USER FEATURE TO BE OPERATIONAL AGAIN.
(5) MAINTAIN A LIST OF ALL SYSTEMS THAT HAVE BEEN AUTHORIZED TO "WRITE" TO REMOVABLE MEDIA DEVICES.
(6) EXCEPTION REQUESTS AS OUTLINED IN REF C PARA. 8 WILL BE ROUTED TO THE MARINE CORPS DAA VIA MCNOSC FOR SUBMISSION TO USCYBERCOM.
B. SECURITY MANAGERS SHALL:
(1) PROVIDE AUTHORIZED USER APPROVALS TO THE IAM AND G6. PROVIDE FINAL APPROVALS FOR ANY "WRITE" TO REMOVEABLE MEDIA CAPABILITY WHICH THE COMMAND REQUIRES.
(2) DOCUMENT PERSONNEL APPROVED TO USE "WRITE" CAPABILITIES AT THE LOCAL LEVEL AND RETAIN ON FILE FOR A MINIMUM OF FIVE YEARS.
(3) ENSURE COMPLIANCE WITH REF A, PAR 7B(2) UPON COMPLETION OF WRITE ACTIVITY.
C. UNIT INFORMATION ASSURANCE MANAGERS WILL:
(1) ENSURE WRITTEN AUTHORIZATIONS IDENTIFIED IN REF A, PAR 7A ARE MAINTAINED FOR A MINIMUM OF FIVE YEARS.
(2) ENSURE USERS COMPLY WITH THE STEPS OUTLINED IN REF A, PAR 7B (1) THROUGH (3).
D. BOTH THE SECURITY MANAGERS AND UNIT INFORMATION ASSURANCE MANAGERS WILL ASSIST THE LOCAL G6 TO ENSURE COMPLIANCE WITH THE TWO-PERSON INTEGRITY REQUIREMENT FOR CONDUCTING AUTHORIZED TRANSFER OF SIPRNET FILES ONTO REMOVABLE MEDIA.
E. ALL UNITS WILL INCLUDE INFORMATION ON THESE PROCESSES IN LOCAL USER AWARENESS AND SECURITY TRAINING. ALL DOCUMENTATION WILL BE SUBJECT TO INSPECTION AND REVIEW BY HQMC OR USCYBERCOM.
F. REQUIRED ACTIONS WERE TO BE COMPLETED NLT 27 DEC. COMMANDS REQUIRING ADDITIONAL TIME MUST SUBMIT A REQUEST TO HQMC C4 CYBERSECURITY.
G. MAJOR SUBORDINATE COMMANDS WILL FORWARD WAIVER LIST TO THE DAA ON A WEEKLY BASIS.
5. THIS MARADMIN IS APPLICABLE TO MARINE CORPS TOTAL FORCE.
6. RELEASE AUTHORIZED BY LTGEN GEORGE J. FLYNN, DEPUTY COMMANDANT FOR COMBAT DEVELOPMENT AND INTEGRATION.//