R 081955Z SEP 20
MARADMIN 517/20
MSGID/GENADMIN/CMC DCI IC4 WASHINGTON DC//
SUBJ/NOTIFICATION OF POTENTIAL PUBLIC KEY INFRASTRUCTURE (PKI) SUPPORT GAP IN SERVICE//
REF/A/ECSM103/DTD 17 AUG 2018//
NARR/REF A IS ENTERPRISE CYBERSECURITY MANUAL (ECSM) 013 PUBLIC KEY INFRASTRUCTURE (PKI).//
POC/R. A. LETTEER/CIV/DC I IC4/TEL: 703-693-3490/EMAIL: RAY.LETTEER@USMC.MIL//
POC/C. A. HESEMANN/CIV/DC I IC4/TEL: 703-693-3490/EMAIL: CHRISTINE.HESEMANN@USMC.MIL//
GENTEXT/REMARKS/1.  Background.  Issues related to contracting efforts for required support may cause a gap and or delay in PKI support services outside service level standards in both token and infrastructure management support.  This message is notification of potential service interruptions and recommends mitigating actions by commands and units.
2.  Discussion.  Beginning 1 November 2020, certificate generation, token issuance and all PKI support services will be significantly degraded or suspended during any gap in contracted support service.  Anticipated affected time is one to six weeks dependent upon acquisition completion activities and new fiscal year funding receipt.  Primary impact to MEFs, MFE/A, and NCR is the temporary loss of LRA support at the local operational level, creating delays in token and certificate issuance, and to Service website/system owners whose site certificates expire during the affected period.  MCCOG PKI Services will issue tokens and certificates during this period, but affected users should anticipate a delay in receipt.
3.  Recommendation.  Commands should complete an internal review and identify upcoming PKI action requirements during the affected period, specifically for websites and essential personnel, renewing certificates before 15 October 2020.
3.a.  All site/application owners and Functional Area Managers evaluate all DoD/NSS systems for certificates expiring on or before 31 December 2020.  All certificates meeting this criteria must be updated using the DoD/NSS Non-Person Entity Portal (NPE Portal) discussed in paragraph 3.b.
3.b.  All commands requiring DoD/NSS PKI TLS and Device certificates are required to use the DoD/NSS Non-Person Entity Portal (NPE Portal) for all certificate requests, as previously directed by MCEN OPADV 0063-20.  Commands are to appoint NPE sponsors and submit appointments to Marine Corps PKI NLT 30 September 2020.  Approved Registered Sponsors within the NPE portals are able to submit certificate requests and receive automated approval of those requests.
3.c.  Requests for token replacements shall be submitted via Trusted Agents to MCCOG PKI NLT 9 October 2020.
3.d.  All tactical/deployable commands shall ensure that they have appointed, trained, and approved SSTAs in order to support local SIPR token encoding and issuance.  Commands requiring SSTA support shall appoint SSTAs via Remedy Work Order to Marine Corps PKI prior to 01 Oct 2020.
4.  Release authorized by BGen Lorna M. Mahlock, Director, Information, Command, Control, Communications and Computers (IC4) Deputy Commandant for Information (DC I).//