Marines

HomeNewsMessagesMessages Display

GUIDANCE REGARDING OUT-PROCESSING, ACCOUNT MANAGEMENT, AND RECORD REQUIREMENTS FOR MARINE CORPS ENTERPRISE NETWORK USERS
Date Signed: 3/24/2019 | MARADMINS Number: 192/19
PRINT
MARADMINS : 192/19

R 221730Z MAR 19
MARADMIN 192/19
MSGID/GENADMIN/CMC WASHINGTON DC C4//
SUBJ/GUIDANCE REGARDING OUT-PROCESSING, ACCOUNT MANAGEMENT, AND RECORD  REQUIREMENTS FOR MARINE CORPS ENTERPRISE NETWORK USERS//
REF/A/DOC/DISA WINDOWS 10 STIG V-63359//
REF/B/DOC/DISA EXCHANGE 2010 MAILBOX SERVER STIGEXCH-1-301//
REF/C/DOC/MCO 5239.B/05 NOV 15//
REF/D/DOC/OMB M-12-18/24 AUG 12//
REF/E/DOC/GENERAL RECORDS SCHEDULE 5.1: COMMON OFFICE RECORDS/28 JUL 2017//
REF/F/DOC/GENERAL RECORDS SCEHDULE 6.1: EMAIL MANAGED UNDER A CAPSTONE APPROACH/SEP 16//
REF/G/DOC/GENERAL RECORDS SCHEDULE 6.1-0127-2017-0001: UNITED STATES MARINE CORPS RECORD GROUP NUMBER 0127/13 DEC 17//
REF/H/DOC/ENTERPRISE CYBERSECURITY MANUAL 007: RESOURCE ACCESS GUIDE/15 SEP 15 NARR/REF A DISA SECURITY TECHNICAL IMPLEMENTATION GUIDE (STIG) FOR MANAGEMENT OF DORMANT, OUTDATED OR UNUSED ACCOUNTS.  REF B IS A DISA STIG PERTAINING TO EXCHANGE 2010 MAILBOX SERVER MANAGEMENT.  REF C IS MARINE CORPS ORDER, CYBERSECURITY.  REF D IS THE MANAGING GOVERNMENT RECORDS DIRECTIVE.  REF E OUTLINES REQUIREMENTS FOR NON-RECORDKEEPING COPIES OF ELECTRONIC RECORDS.  REF F IS THE RECORDS MANAGEMENT GUIDANCE ISSUED BY THE NATIONAL ARCHIVES DETAILING THE EMAIL RETENTION REQUIREMENTS FOR FEDERAL AGENCIES.  REF G IS THE LIST OF MARINE CORPS CAPSTONE OFFICIAL BILLETS FOR PERMANENT EMAIL PRESERVATION; APPROVED BY THE DIRECTOR, MARINE CORPS STAFF (DMCS) AND THE CHIEF RECORDS OFFICER FOR THE UNITED STATES.  REF H IS THE MARINE CORPS CYBERSECURITY MANUAL DETAILING THE RESOURCE ACCESS AND ACCOUNT MANAGEMENT.  REFERENCES LISTED ABOVE CAN BE FOUND IN THE POLICY SECTION AT THE FOLLOWING LINK: HTTPS:(SLASH)(SLASH)EIS.USMC.MIL/SITES/C4/CY1/DOCLIB/FORMS/CY_DIRECTIVES.ASPX POC/RAY A. LETTEER/CIV/UNIT: HQMC C4 CYBERSECURITY/WASHINGTON DC/TEL:  7036933490/EMAIL: RAY.LETTEER@USMC.MIL//
POC/DARYCK A. FICKEL/MGYSGT/UNIT: HQMC C4 CYBERSECURITY/WASHINGTON DC/TEL:  5712568864/EMAIL: DARYCK.FICKEL@USMC.MIL//
GENTEXT/REMARKS/1.  Purpose.  This MARADMIN reiterates policy and provides amplyfing guidance regarding references (a) through (h) concerning Marine Corps Enterprise Network (MCEN) account management on both unclassified and classified networks.
2.  Background.  The Marine Corps has a large number of Marines, civilians and contracted staff routinely entering and departing active service.  Upon completion of active service, they no longer require access to the MCEN through their assigned network account(s).  Failure to disable and remove these accounts in a timely manner constitutes a cybersecurity risk and creates an unnecessary financial cost.  The Marine Corps has a federally mandated obligation to retain specific data from these accounts for period of time described in references (e) and (f).  In order to mitigate the cybersecurity risk and eliminate the financial cost due to mismanaged accounts, the policies described in references (a), and (d) through (h) shall be followed with regard to the disablement and appropriate archival of inactive accounts.
3.  Actions.  Effective upon release of this message:
3.A. Commanding Generals and Commanding Officers.
3.A.1. Ensure policies and procedures for inprocessing/outprocessing personnel are updated to meet Marine Corps Enterprise Network E-mail Account and Record Management requirements in accordance with (IAW) references (e) through (g) to include the use of the NAVMC 11786, Records Management Checklist for Departing USMC Employees form.
3.A.2. Ensure local admin office generates a monthly report of outprocessed personnel and provides this information to the local G-6/S-6/MITSC personnel for network account management purposes.  This information will include: name, rank or rate, email address and purpose for outprocessing; e.g., Permanent Change of Station/Assignment (PCS/PCA), End of Active Service (EAS), seperation/retirement, contract expiration, etc.  For Marines, include the individual’s PCS/PCA, or EAS date to ensure that Marines maintain access to required applications such as Outlook Web Access (OWA) during PCS/PCA, Terminal Leave, etc.
3.A.3.  Update local policies and procedures requiring all Marine Corps personnel with MCEN Non-classified Internet Protocol (IP) Router Network (NIPRNet) or Secret Internet Protocol Router Network (SIPRNet) accounts properly coordinate and outprocess with local G6/S6/MITSC prior to PCS/PCA or departure from the Marine Corps
3.A.4. Ensure all account movement, check-out and account deactivation/deletion procedures IAW reference (h) to prevent unauthorized access to the MCEN or compromise of information and information systems on the network.
3.A.5. Ensure user accounts are annotated with inactivity and email retention exemptions, IAW reference (h), in extension attribute 12 and 13 located in the attribute editor tab.  Users who use OWA and do not regularly login to the MCEN, must be annotated.
3.A.6. Disable and remove all accounts that have been inactive for more than 180 days, unless they have been annotated with an inactivity exemption IAW reference (h), within forty-five (45) days of the publication of this MARADMIN.
3.B.  Commander Marine Forces Cyberspace Command (MFCC):
3.B.1.  Develop and execute a phased plan to meet email storage requirements, IAW references (d) through (h), within ninety (90) days of receipt of this MARADMIN.  The plan must provide both a current and future state solution.  Execution of this direction will negate the need to comply with reference (b) for these accounts.
3.B.2.  Provide a monthly enterprise report of accounts past one hundred eighty (180) days of inactivity to Marine Forces Cyber Command and HQMC C4.
3.C.  Director Administration and Resource Management Division (AR), Headquarters Marine Corps:
3.C.1. Ensure that HQMC C4 and MFCC are updated regarding any changes to reference (e) through (g).
3.C.2. Define and provide the requirements for accessing (request process, timelines, format, etc.) the archived data to HQMC C4 and MFCC NLT 12 Apr 2019.
3.D.  Director HQMC C4:  Update reference (h) to provide exemptions to the disablement and deletion timelines.
3.E.  MCEN Information System Users:
3.E.1  Fully complete check in and out procedures.
3.E.2  Fully understand and comply with relevant records management requirements.
3.E.3  Back up pertinent personal, and records management required data.
4.  Applicability.  This message is applicable to the Marine Corps Total Force and to all contractors who support the Marine Corps.
5.  Release authorized by Brigadier General L. M. Mahlock, Director, C4/Office of the Deputy DON Chief Information Officer (Marine Corps).//