Marines

HomeNewsMessagesMessages Display

MCBUL 5239 MARINE CORPS CERTIFICATION AND ACCREDITATION PROCESS (MCCAP) VALIDATOR REQUIREMENTS
Date Signed: 4/3/2012 | MARADMINS Number: 185/12
PRINT
MARADMINS : 185/12
R 031603Z APR 12
UNCLASSIFIED//
MARADMIN 185/12
MSGID/GENADMIN,USMTF,2007/CMC WASHINGTON DC C4(UC)/F002//
SUBJ/MCBUL 5239 MARINE CORPS CERTIFICATION AND ACCREDITATION PROCESS (MCCAP) VALIDATOR REQUIREMENTS//
REF/A/MSGID:DOC/ASD/YMD:20071128//
REF/B/MSGID:DOC/US CONGRESS/YMD:20011217//
REF/C/MSGID:DOC/DOD/YMD:20021024//
REF/D/MSGID:DOC/CMC/YMD:20080902//
REF/E/MSGID:DOC/USN/YMD:20080715//
NARR/REF A, DEPARTMENT OF DEFENSE (DOD) INSTRUCTION 8510.01, IS THE DEPARTMENT OF DEFENSE INFORMATION ASSURANCE CERTIFICATION AND ACCREDITATION PROCESS (DIACAP) INSTRUCTION. REF B, FEDERAL INFORMATION SECURITY MANAGEMENT ACT 2002, PROVIDES REQUIREMENTS TO SECURE INFORMATION SYSTEMS AND REPORT COMPLIANCE. REF C, DOD DIRECTIVE 8500.1E, ESTABLISHES INFORMATION ASSURANCE (IA) POLICY IN THE DOD AND ASSIGNS RESPONSIBILITIES FOR IA. REF D, MARINE CORPS ENTERPRISE INFORMATION ASSURANCE DIRECTIVE 018, IS THE MARINE CORPS CERTIFICATION AND ACCREDITATION PROCESS. REF E, DEPARTMENT OF THE NAVY (DON) DIACAP HANDBOOK, PROVIDES DEPARTMENT OF NAVY GUIDANCE IN COMPLETING THE REQUIREMENTS OF THE DIACAP.//
POC/J.B. CARRIER/CIV/UNIT:HQMC C4CY/-/TEL:7036933490 /EMAIL:JASON.B.CARRIER@USMC.MIL//
POC/N.M. GAUDREAU/CIV/UNIT:HQMC C4CY/-/TEL:7036933490 /EMAIL:NEIL.GAUDREAU@USMC.MIL//
GENTEXT/REMARKS/1. THIS DOCUMENT ANNOUNCES POLICY AND REQUIREMENTS RELATED TO THE VALIDATOR DURING THE MARINE CORPS CERTIFICATION AND ACCREDITATION (C AND A) PROCESS.
2. BACKGROUND.
2.A. VALIDATION IS A CRITICAL STEP WITHIN DOD INFORMATION ASSURANCE CERTIFICATION AND ACCREDITATION PROCESS (DIACAP) AND THE PRODUCT LIFECYCLE.  IT IS THE RESPONSIBILITY OF THE SYSTEM/APPLICATION/PROGRAM OF RECORD OWNER TO FUND AND ENSURE SYSTEM C AND A.  INDEPENDENT VALIDATION IS THE CULMINATION OF THE C AND A PROCESS. THE FINDINGS AND RESULTS OF THE VULNERABILITY AND CERTIFICATION TESTING ARE ANALYZED BY THE VALIDATOR AND A CERTIFICATION STATEMENT IS ISSUED BY THE CERTIFICATION AUTHORITY (CA). THE COMPLETED PACKAGE IS THEN FORWARDED TO THE DESIGNATED ACCREDITING AUTHORITY (DAA) / AUTHORIZING OFFICIAL (AO) FOR A FINAL C AND A DECISION.
2.B.  THE VALIDATOR, APPOINTED BY THE SENIOR INFORMATION ASSURANCE OFFICIAL (SIAO) IN ACCORDANCE WITH REF E, AND AS A TRUSTED AGENT TO THE SIAO, IS RESPONSIBLE FOR PROVIDING AN INDEPENDENT REVIEW OF COMPLIANCE WITH APPLICABLE INFORMATION ASSURANCE CONTROLS (IAC) FOR INFORMATION SYSTEMS/APPLICATIONS/PROGRAMS OF RECORD RESIDING WITHIN THE MARINE CORPS ENTERPRISE NETWORK (MCEN); THEREFORE, SECURITY VALIDATIONS WILL NOT BE PERFORMED BY THE SYSTEM/APPLICATION/PROGRAM OF RECORD SYSTEM DEVELOPERS, ENGINEERS, ADMINISTRATORS OR END USERS.
2.C.  TO REDUCE COST AND INCREASE EFFICIENCIES, 0689'S AND 2210'S ARE PREFERRED VALIDATORS FOR THE USMC SYSTEMS/APPLICATIONS/PROGRAMS OF RECORD. PRIOR TO ANY VALIDATIONS CONDUCTED BY OTHER ENTITIES, E.G., OTHER SERVICE OR DOD AGENCIES, APPROVAL MUST BE PROVIDED BY THE MARINE CORPS SENIOR INFORMATION ASSURANCE OFFICER (SIAO).  ALL APPOINTED VALIDATION EVENTS CAN ONLY BE PERFORMED BY FULLY QUALIFIED AND APPOINTED VALIDATORS.  VALIDATOR REQUIREMENTS ARE DETAILED BELOW.
2.D.  MARINE CORPS DAA/AO APPROVED VALIDATORS ARE MADE UP OF MARINE CORPS 0689'S/2210'S, MARINE CORPS INFORMATION ASSURANCE MANAGERS AND CONTRACTED CONSULTANTS.  ALL CONTRACTORS MUST SUBMIT VALIDATOR APPLICATIONS WITH A GOVERNMENT SPONSOR.
3.  TRAINING REQUIRMENTS. SUCCESSFUL COMPLETION OF THE FOLLOWING COURSES:  APPROVED MARINE CORPS CERTIFICATION AND ACCREDITATION SUPPORT TOOL FOR VALIDATORS, THE MARINE CORPS CYBERSECURITY ASSESSMENT METHODOLOGY COURSE (INCLUDES JOINT IA ASSESSMENT, NSA BLUE TEAM ASSESSMENT COURSE, UNITED STATES NAVY CERTIFIER COURSE) AND A COMMITTEE ON NATIONAL SECURITY SYSTEM (CNSS) 4016 CERTIFIED RISK ANALYSIS COURSE. 4016 TRAINING IS TO BE AT THE INTERMEDIATE LEVEL OR HIGHER.  0689 MARINES ARE NOT REQUIRED TO COMPLETE THE CYBERSECURITY ASSESSMENT METHODOLOGY COURSE, AS THIS REQUIREMENT IS COVERED IN THE 0689 COURSE.  ALL TRAINING IS UNIT FUNDED.
4. CERTIFICATION REQUIREMENTS. ACHIEVEMENTS OF DOD INSTRUCTION (DODI) 8570 IN ANY ONE OF THE FOLLOWING: INFORMATION ASSURANCE TECHNICIAN (IAT) LEVEL II OR III, IASAE II OR III, OR ANY CND CERTIFICATION.
5.  ACTION.
5.A.  EFFECTIVE IMMEDIATELY, ALL VALIDATORS (NEW OR EXPIRING) MUST COMPLETE THE FOLLOWING ACTIONS:
5.A.1. SUBMIT "THE APPLICATION FOR MARINE CORPS VALIDATOR" TO THE MARINE CORPS SENIOR INFORMATION ASSURANCE OFFICER (SIAO) FOR APPROVAL TO PERFORM VALIDATIONS ON MARINE CORPS INFORMATION SYSTEMS.  EMAIL APPLICATIONS TO THE MARINE CORPS C AND A BRANCH: M(UNDERSCORE)HQMC(UNDERSCORE)C4(UNDERSCORE)CY(UNDERSCORE)ENT@USMC.MIL.  THE APPLICATION CAN BE DOWNLOADED FROMHTTPS:(DOUBLESLASH) C4.HQI.USMC.MIL/CA.ASP.  ENSURE ALL SUPPORTING DOCUMENTATION IS SUBMITTED WITH THE APPLICATION.
5.A.2. ONCE THE VALIDATOR IS APPROVED BY THE USMC SIAO, THE VALIDATOR INFORMATION WILL BE INCLUDED ON THE QUALIFIED VALIDATORS LIST AT: HTTPS:(DOUBLESLASH)C4.HQI.USMC.MIL/CA.ASP AND AN UNIQUE MARINE CORPS VALIDATOR SERIAL NUMBER WILL BE ASSIGNED BY THE DESIGNATED ACCREDITING AUTHORITY WITHIN 30 WORKING DAYS. APPROVED VALIDATORS ARE AUTHORIZED TO PERFORM VALIDATION DUTIES IMMEDIATELY UPON LIST INCLUSION AND RECEIPT OF SIGNED APPOINTMENT LETTER.
5.B. THE VALIDATOR WILL ADHERE TO THE QUALIFICATIONS OUTLINED IN PARAGRAPH 3 AND 4 AND MAINTAIN THE SKILLS, EDUCATION, AND CERTIFICATIONS NECESSARY TO CONDUCT TECHNICAL AND NON-TECHNICAL INFORMATION ASSURANCE ASSESSMENTS OF MARINE CORPS INFORMATION SYSTEMS.
5.C. VALIDATORS THAT ARE CURRENTLY APPOINTED AND THEIR TWO YEARS EXPIRATION DATE HAS NOT COMMENCED ARE GRANDFATHERED IN WITH THEIR CURRENT QUALIFICATIONS.  HOWEVER, THE TRAINING AND CERTIFICATION REQUIREMENTS MUST BE MET FOR RE-SUBMITTAL AND APPROVAL.
5.D. VALIDATOR REGISTRATION IS VALID FOR TWO YEARS FROM DATE OF INCLUSION. MEMBERS MUST RESUBMIT REQUESTS USING THE PROCESS AS OUTLINED IN PARAGRAPH 5A(1).
6. VALIDATOR QUALITY CONTROL
6.A. VALIDATION QUALITY WILL BE MONITORED BY THE MARINE CORPS CY DIVISION AS FOLLOWS:
6.A.1. AT THE FIRST SIGN OF PROBLEMS WITH THE QUALITY OF WORK DECTECTED BY C AND A BRANCH, AN ANALYST WILL WORK DIRECTLY WITH THE VALIDATOR TO ENSURE THEY HAVE BEEN PROPERLY REMEDIATED.
6.A.2. AT THE SECOND SIGN OF PROBLEMS, THE DAA WILL NOTIFY THE VALIDATOR THAT THEY ARE ON PROBATION FOR A PERIOD OF TIME.
6.A.3. AT THE THIRD SIGN OF PROBLEMS, THE VALIDATOR WILL LOSE HIS CREDENTIALS AND WILL NO LONGER BE AUTHORIZED TO PERFORM MARINE CORPS VALIDATIONS.
6.B. VENDORS THAT WISH TO HAVE THEIR COURSEWARE EVALUATED TO BECOME AN APPROVED MARINE CORPS VALIDATOR TRAINING PROVIDER CAN SUBMIT REQUEST VIA E-MAIL TO: MICHELLE.MOORE@USMC.MIL.
7. DIRECT ANY SPECIFIC QUESTIONS TO THE MARINE CORPS CERTIFICATION AND ACCREDITATION BRANCH HEAD, COMM 703-432-7993 OR VIA UNCLASSIFIED E-MAIL TO: MICHELLE.MOORE@USMC.MIL.
8. CANCELLATION. THIS BULLETIN, UNLESS SUPERSEDED, DOES NOT SELF CANCEL.  THIS MARADMIN REPLACES MARADMIN 251/10.
9. RELEASE AUTHORIZED BY BGEN K. J. NALLY, DIRECTOR, COMMAND, CONTROL, COMMUNICATIONS, AND COMPUTERS/CHIEF INFORMATION OFFICER OF THE MARINE CORPS.//