MODIFICATION TO POLICY FOR PORTABLE ELECTRONIC DEVICES, UPDATE FOR CONTROLLED USE IN CLASSIFIED SPACES, UPDATE ON AUTHORIZED TELEWORK CAPABILITIES
Date Signed: 9/9/2020 | MARADMINS Number: 520/20
MARADMINS : 520/20

R 091720Z SEP 20
MARADMIN 520/20
MSGID/GENADMIN/CMC DCI IC4 WASHINGTON DC//
SUBJ/MODIFICATION TO POLICY FOR PORTABLE ELECTRONIC DEVICES (PEDS), UPDATE FOR CONTROLLED USE IN CLASSIFIED SPACES, UPDATE ON AUTHORIZED TELEWORK CAPABILITIES//
REF/A/DOC/ECSM 005/HQMC C4 CY/1JUL2016//
REF/B/DOC/DEPSECDEF/22MAY2018//
REF/C/MEMO/DIA WASHINGTON DC/1MAY2014//
REF/D/GENADMIN/SECNAV WASHINGTON DC/2281830Z MAR 16/ALNAV 019-16//
REF/E/MEMO/DOD CIO/21APR2016//
REF/F/DOC/DODM 5200.01, VOLUME 3/24FEB2016//
REF/G/DOC/SECNAV M-5510.30/JUN2006//
REF/H/GENADMIN/CMC C FOUR CP WASHINGTON DC/211737Z JAN 15/MCENMSG 002-15 //
REF/I/GENADMIN/CMC C FOUR CP WASHINGTON DC/222020Z OCT 15/MCENMSG 009-115//
REF/J/GENADMIN/CMC DCI IC4 WASHINGTON DC/241240Z APR 20/MARADMIN 263-20//
REF/K/MEMO/DON CIO/25FEB2020//
REF/L/MEMO/DONCIO/01APR2020//
REF/M/DOC/DOD CIO/13APR2020//
REF/N/DOC/DODI 1035.01/04APR2012//
NARR/REF (A) IS MARINE CORPS ENTERPRISE SECURITY MANUAL (ECSM) 005, PORTABLE ELECTRONIC DEVICES AND WIRELESS LOCAL AREA NETWORK TECHNOLOGIES. REF (B) IS DEPSECDEF MEMORANDUM, MOBILE DEVICE RESTRICTIONS IN THE PENTAGON. REF (C) IS DIA MEMORANDUM, POLICY CLARIFICATION FOR PORTABLE ELECTRONIC DEVICES, INTRODUCTION OF PWFD AND PERSONAL HEADPHONES. REF (D) IS ALNAV 019-16, ACCEPTABLE USE OF AUTHORIZED PERSONAL PORTABLE ELECTRONIC DEVICES IN SPECIFIC DEPARTMENT OF THE NAVY SPACES. REF (E) IS DOD CIO MEMORANDUM, INTRODUCTION AND USE OF WEARABLE FITNESS DEVICES AND HEADPHONES WITHIN DOD ACCREDITED SPACES AND FACILITIES. REF (F) IS DOD MANUAL 5200.01, VOL 3, DOD INFORMATION SECURITY PROGRAM: PROTECTION OF CLASSIFIED INFORMATION. REF (G) IS SECNAV M-5510.30, DON PERSONNEL SECURITY PROGRAM. REF (H) IS MCENMSG-UNIFICATION 002-15, WEBCAM AUTHORIZATION ON MCEN-N. REF (I) IS MCENMSG-UNIFICATION 009-15, WEBCAM AUTHORIZATION ON MCEN-S. REF (J) IS MARADMIN 263-20, MODIFICATION TO POLICY FOR PORTABLE ELECTRONIC DEVICES (PEDS). REF (K) IS DON CIO MEMORANDUM, ACCEPTABLE USE OF DEPARTMENT OF THE NAVY INFORMATION TECHNOLOGY. REF (L) IS DON CIO MEMORANDUM, AMPLIFYING GUIDANCE TO THE DEPARTMENT OF THE NAVY ACCEPTABLE USE POLICY REGARDING COLLABORATION TOOLS. REF (M) IS DOD CIO MEMORANDUM, AUTHORIZED TELEWORK CAPABILITIES AND GUIDANCE. REF (N) IS DODI 1035.01, TELEWORK POLICY.//
POC/R. A. LETTEER/GS15/DC I IC4 ICC CYBERSECURITY/-/TEL(COMM): 7036933490/EML: RAY.LETTEER@USMC.MIL//
GENTEXT/REMARKS/1.  This is a coordinated Headquarters, U.S. Marine Corps (HQMC), Deputy Commandant for Information (DC I), Information Command, Control, Communications, and Computers (IC4) Division and Marine Forces Cyber Command (MARFORCYBERCOM) message.
2.  SCOPE AND APPLICABILITY.  This MARADMIN supplements the direction provided in references (a) through (k), amplifies the direction provided in reference (j), reiterates direction provided in reference (k), and applies to all Marine Corps military, civilian, and support contractor personnel.  This MARADMIN amends the updated portable electronic device (PED) policy, provides amplifying guidance on the use of specific electronic peripheral devices, e.g., headphones, microphones, and web cameras on government information systems in government spaces where collateral classified information is processed, stored, or discussed, and provides an update on authorized telework capabilities.  This MARADMIN does not apply to, or modify, existing policy regarding the use of unclassified or classified PEDs or peripherals in Marine Corps Sensitive Compartmented Information Facilities (SCIF).
3.  POLICY. Effective immediately:
3.a.  PEDS AND PERIPHERALS:  All Marine Corps personnel are hereby authorized, subject to local policy and capability limitations below, to use web cameras (webcams), either embedded or wired as noted in reference (j); wired headphones or headsets, either 35mm audio or USB as noted in reference (j); and/or internal laptop microphones on unclassified government portable electronic devices (PEDs), or on unclassified government desktop systems within Marine Corps collateral classified workspaces, unclassified workspaces, or while in use during authorized telework.  To mitigate potential risks, the following conditions and procedures will be implemented when using the aforementioned peripherals:
3.a.1.  Only government furnished equipment (GFE) approved for acquisition within the U.S government is authorized for use.
3.a.2.  Wired headphone or headsets without microphones, e.g., with earpiece only, cannot contain noise-cancelling functionality.  Wired headsets, e.g., a headphone with an integrated microphone, can contain a built-in noise cancelling microphone; however, no other noise-cancelling functionality is permitted.  As stated in reference (j), devices using wireless communication (including Bluetooth, cellular or Wi-Fi, or other near field communication) are PROHIBITED unless granted an explicit exception by the Marine Corps Authorizing Official, per reference (a).
3.a.3.  No personally owned peripherals will be connected to DoD information systems, whether used within government spaces or during authorized telework.  This includes (but is not limited to) printers, scanners, storage devices (e.g., hard drives), wireless/bluetooth keyboards or mice, or smart display devices.  However, as noted in reference (j), the use of personally-owned, wired (e.g., USB or 35 millimeter audio) peripherals such as webcams, headphones/microphones, keyboards, or mice is permitted when executing telework or other authorized work away from government workspaces or facilities.  Additionally, personally owned, external monitors (using VGA, HDMI, or DisplayPort connection, but NOT USB) may be connected to unclassified GFE during authorized telework.
3.a.4.  Authorized webcam user agreements must be completed and filed with the designated Information System Security Manager/Officer (ISSM/ISSO) for webcams used on unclassified systems within collateral classified spaces. Forms will list the specific unclassified system(s) on which the peripherals will be used, and the spaces they will be used in.  Webcam User Agreement Forms are available on the IC4/ICC CY Portal at https:(slash)(slash)eis.usmc.mil/sites/c4/cy1/doclib/forms/forms_templates.aspx.
3.a.5.  Prior to connecting or enabling peripherals such as webcams, headphones/headsets, or microphones, classified spaces will be “sanitized”, i.e., all classified materials and systems will be secured, powered off, etc., to prevent inadvertent transmission of classified information.
3.a.6.  Visual indicators will be used to indicate that an unclassified video/voice teleconference is in session within classified spaces, such as sign(s) posted on outer doors.
3.a.7.  In classified and unclassified government spaces, or while in use during authorized telework, webcams, microphones, and headphones/headsets must be disconnected and/or disabled when not in use.  As stated in reference (j), internal/embedded microphones and webcams may be enabled/used on unclassified systems; however, an enterprise policy will be enforced on these peripherals, set to auto-disable the peripheral after one hour if not acknowledged by the user.
3.a.8.  Prior to use of webcams, microphones, or headphones/headsets on unclassified systems within collateral classified spaces, a designated security representative (e.g., ISSO) will perform a walkthrough to validate that prescribed mitigations are in place.
3.b.  TELEWORK AND COLLABORATIVE TOOLS/CAPABILITIES:
3.b.1.  As specified in reference (n), teleworkers are accountable for GFE, and must use and protect equipment and information in accordance with DoD and DoD Component procedures.  All personnel are responsible for the protection of controlled unclassified information (CUI), including Privacy Act or For Official Use Only data, and classified information.  Telework personnel, when connecting Marine Corps systems to non-government internet services/internet service providers, are required to initiate a virtual private network (VPN) connection to their authorized network.  For MCEN-N users, Pulse Secure VPN software provides secure, authenticated access to Marine Corps Non-secure Internet Protocol Router Network (NIPRNet) e-mail services, shared drives, and DoD CAC-enabled websites.
3.b.2.  Per direction of the DON CIO contained in references (k) and (l), Microsoft O365 IL5 Teams, Defense Collaboration Service (DCS), Global Video Services (GVS), Secure Access File Exchange (SAFE), and Intelink are the only approved DoD collaboration tools.
3.b.3.  Per reference (k), DoD Components must first attempt to leverage DoD enterprise collaboration capabilities, which are approved for use by all DoD users.  These include:  Microsoft Office 365 (O365) IL5 Microsoft Teams, Defense Collaboration Services-Unclassified (DCS-U), and CISCO WEBEX Room Systems environment as a temporary capability.
3.b.4.  The IL2 O365 Microsoft Teams environment known as Commercial Virtual Remote (CVR) is an approved, DoD-contracted Microsoft O365 Teams capability for alternative collaboration with other Services.  It is implemented with DoD specific security controls and provides video, voice, and text communication, as well as document sharing tools for Basic Controlled Unclassified Information (CUI).
3.b.5.  As stated in reference (m), DoD is aware that several DoD components have expressed pursuing unauthorized cloud and collaboration capabilities.  These capabilities place DoD information at risk and are not authorized in support of the conduct of internal DoD business.  Components should not initiate communications using unapproved commercial collaboration capabilities, but may participate in sessions if initiated by outside partners for public, unclassified purposes.
3.b.6.  The use of cloud services must be formally authorized by the Marine Corps Authorizing Official (AO) and comply with requirements in the DoD Cloud Computing Security Requirements Guide.  At present, other capabilities, such as commercial Zoom and Zoom for Government, are not authorized options for Marine Corps personnel.
3.b.7.  Use of unauthorized commercial collaboration tools or commercial e-mail on GFE is a violation of Marine Corps and DON acceptable use policy, and DoDI 5200.48 policy on handling Controlled Unclassified Information (CUI).
4.  Personnel who knowingly or willfully violate the requirements in this MARADMIN may be subject to a preliminary inquiry in accordance with reference (g) and an incident report in the Joint Personnel Adjudication System, per reference (h).
5.  This MARADMIN will remain in effect until cancelled or superseded.
6.  Release authorized by BGen L. M. Mahlock, Director, Information Command, Control, Communications, and Computers (IC4) Division, Deputy Commandant for Information.//