REVISED IMPLEMENTATION GUIDANCE FOR THE USE OF THE MARINE CORPS CRITICAL ASSET MANAGEMENT SYSTEM (MC-CAMS) AND THE USE OF THE DOD SYSTEM OF RECORD FOR VULNERABILITY TRACKING
Date Signed: 1/19/2018 | MARADMINS Number: 046/18
MARADMINS : 046/18
R 191800Z JAN 18
MARADMIN 046/18
MSGID/GENADMIN/CMC PPO WASHINGTON DC//
SUBJ/REVISED IMPLEMENTATION GUIDANCE FOR THE USE OF THE MARINE CORPS CRITICAL ASSET MANAGEMENT SYSTEM (MC-CAMS) AND THE USE OF THE DOD SYSTEM OF RECORD FOR VULNERABILITY TRACKING//
REF/A/DOC: MCO 3501.36A, MARINE CORPS CRITICAL INFRASTRUCTURE PROGRAM//
REF/B/DOC: MCO 3302.1E, MARINE CORPS ANTITERRORISM PROGRAM//
REF/C/DOC/MCO 3058.1/YMD: 20141023//
REF/D/DOC/DODI 2000.16/YMD: 20061002//
NARR/REF A: IS THE MARINE CORPS CRITICAL INFRASTRUCTURE PROGRAM (MCCIP) ORDER WHICH IDENTIFIES ROLES, RESPONSIBILITIES AND REQUIREMENTS FOR THE IMPLEMENTATION OF MARINE CORPS CIP REQUIREMENTS, INCLUDING THE ESTABLISHMENT OF MARINE CORPS CRITICAL INFRASTRUCTURE PROGRAM REVIEW STANDARDS AND BENCHMARKS TO IDENTIFY, MONITOR AND TRACK EXECUTION OF SERVICE CIP PROGRAM GOALS AND OBJECTIVES. REF B IS THE MARINE CORPS ANTITERRORISM PROGRAM ORDER WHICH IDENTIFIES ROLES, RESPONSIBILITIES AND REQUIREMENTS FOR THE IMPLEMENTATION OF MARINE CORPS AT REQUIREMENTS, REQUIRING ANNUAL ASSESSMENTS AND TRIENNIAL HHQ ASSESSMENTS. REF C IS THE MARINE CORPS MISSION ASSURANCE POLICY. REF D IS DOD ANTITERRORISM@PROGRAM.//
POC/ANDREW PAIGE/CIV/PP&O/PS PSM/TEL: (703)695-7216/EMAIL: ANDREW.PAIGE@USMC.MIL//
GENTEXT/REMARKS/1.  Purpose.  To provide direction and guidance to standardize the documentation, management and reporting of risk and vulnerability related information for Marine Corps protection programs.
2.  In accordance with references A through D, all Marine Corps Commands are required to conduct risk assessments on an annual basis tied to elements from each of the Marine Corps protection programs.  These assessments encompass executing criticality, threat-hazard and vulnerability assessments pertaining to Marine Corps missions, personnel and assets.  Marine Corps guidance and methodology supporting standardized execution of these assessments is contained in reference C.  This message addresses how the Marine Corps will document and share risk assessment data not only within the Marine Corps but also with other DoD components.
3.  Effective 19 January 2018, all commands shall document their protection program risk assessment vulnerabilities in the DoD system of record for vulnerability tracking and the risk management activities in MC-CAMS.  The DoD system of record for vulnerability tracking supports the Joint Staff (JS) in tracking assessment vulnerabilities, mitigation actions, and to conduct trend analysis across program vulnerabilities. MC-CAMS supports the analysis and documentation of criticality assessments; missions and mission impacts, baseline elements of information for critical assets; all-hazards threat assessment linked to assets and the vulnerability assessment of assets linked to threats and hazards to produce a standardized risk rating.  The analysis and capture of risk related data is a continuous process as changes in mission, threat/hazard environment, and vulnerability to assets are updated and shared with mission owners and other USMC and DoD Stakeholders.
4.  MC-CAMS shall be the sole, authoritative database for Marine Corps Critical Assets to capture risk assessment and related data.  Where appropriate, MC-CAMS shall automate the sharing of criticality, threat/hazard, vulnerability and risk assessment data, as well as risk planning data with other USMC and/or DoD databases that support capture and analysis of risk and risk planning data for critical assets.
4.a.  Automated sharing of risk related data via web services will support efficiency of effort and streamlining of resources required to assess and manage risk to USMC missions and assets.
4.b.  Marine Corps commands are required to manually enter Mission Assurance Assessment vulnerability data into the current DoD system of record for tracking vulnerabilities.
4.c.  The current DoD system of record for vulnerability tracking is CVAMP.  CVAMP is scheduled to be replaced on or about 01 June 2018 with the DoD Mission Assurance Risk Management System (MARMS).  Upon the release of MARMS, PS will provide further guidance.
5.  CVAMP account registration and training instructions can be accessed on the SIPRNET at URL:  https:(slash)(slash)cvamp.js.smil.mil.
6.  MC-CAMS formal training should be requested through your MARFOR or Regional MCI Mission Assurance representative.
6.a.  HQMC POC to schedule regional MC-CAMS training:  Douglas Phelps, tel:  (703)695-4236, NIPR:  douglas.a.phelps@usmc.mil.
7.  Message release authorized by Mr. Randy R. Smith, Assistant Deputy Commandant, Plans, Policies and Operations (Security).//