R 261825Z SEP 11
UNCLASSIFIED//
MARADMIN 557/11
MSGID/GENADMIN,USMTF,2007/CMC WASHINGTON DC C4(UC)/F002//
SUBJ/MARINE CORPS PUBLIC KEY ENABLEMENT WAIVER REQUEST PROCESS FOR UNCLASSIFIED NETWORKS, PRIVATE WEB SERVERS, PORTALS, AND WEB APPLICATIONS//
REF/A/MSGID:MSG/DON CIO/YMD:20110421//
AMPN/REF A IS DON CIO WASHINGTON DC 211312Z APR 11, DEPARTMENT OF THE NAVY PUBLIC KEY ENABLEMENT WAIVER REQUEST PROCESS FOR UNCLASSIFIED NETWORKS, PRIVATE WEB SERVERS, PORTALS, AND WEB APPLICATIONS. //
POC/CHRISTINE HESEMANN/CIV/UNIT:HQMC C4 CY/NAME:WASHINGTON DC /TEL:703-693-3490//
GENTEXT/REMARKS/1.   PURPOSE. THIS MESSAGE PROVIDES GUIDANCE FOR REQUESTING WAIVERS REQUIRED BY REF A FOR USMC UNCLASSIFIED NETWORKS, PRIVATE WEB SERVERS, PORTALS, AND WEB APPLICATIONS.
2.  BACKGROUND. PER REF A, ALL UNCLASSIFIED NETWORKS, PRIVATE WEB SERVERS, PORTALS, AND WEB APPLICATIONS SHALL BE ENABLED TO AUTHENTICATE USERS VIA DOD APPROVED PUBLIC KEY INFRASTRUCTURE (PKI) CERTIFICATES. USMC UNCLASSIFIED NETWORKS, PRIVATE WEB SERVERS, PORTALS, AND WEB APPLICATIONS ARE NOT CONSIDERED FULLY PUBLIC KEY ENABLED (PKE) AND COMPLIANT UNTIL:
2.A.   ALL USERS ELIGIBLE FOR DOD ISSUED OR APPROVED PKI CERTIFICATES ARE AUTHENTICATED VIA CERTIFICATES.
2.B.   ACCESS CONTROL MECHANISMS ARE IN PLACE TO GRANT ACCESS TO ONLY THOSE USERS WHO HAVE A GOVERNMENT REQUIREMENT AND A BUSINESS "NEED TO KNOW."
3.  WAIVER PROCESS.  REF A REQUIRES ALL NON-COMPLIANT UNCLASSIFIED NETWORKS, PRIVATE WEB SERVERS, PORTALS, AND WEB APPLICATIONS OBTAIN A WAIVER.  PER REF A, THE APPROPRIATE RESOURCE SPONSOR (RS) / PROGRAM MANAGER (PM) WILL SUBMIT A WAIVER REQUEST PACKAGE TO THE MCNOSC PKI TEAM AT RAOPERATIONS(AT)MCNOSC.USMC.MIL WITH A MINIMUM OF THE FOLLOWING ITEMS.
3.A.  WAIVER REQUEST LETTER ON COMMAND LETTERHEAD WITH THE FOLLOWING SYSTEM INFORMATION:
3.A.1.  SYSTEM NAME.
3.A.2.  DOD INFORMATION TECHNOLOGY PORTFOLIO REPOSITORY - DEPARTMENT OF THE NAVY (DITPR-DON) NUMBER.
3.A.3.  SUMMARY REASON OF REQUEST FOR WAIVER OR EXEMPTION.
3.A.4.  SIGNATURE OF THE NETWORK, SERVER, OR APPLICATION RS / PM.
3.B.  MCNOSC WAIVER REQUEST /PLAN OF ACTION AND MILESTONES (POA AND M) FORM.
3.B.1.  SYSTEM NAME.
3.B.2.  WAIVER CATEGORY AND REQUIRED INFORMATION AS OUTLINED IN REF A, PARA 7 AND 9.
3.B.3.  EXPLANATION OF TECHNICAL OR ADMINISTRATIVE ISSUES.
3.B.4.  OPERATIONAL IMPACT ASSESSMENT IF THE ASSET IS DISCONNECTED FROM THE NETWORK.
3.B.5.  DESCRIPTION OF ANY RISK MITIGATION CONTROLS IN PLACE.
3.C.  THE MCNOSC PKI TEAM WILL REVIEW WAIVER PACKAGES AND PROVIDE RECOMMENDATION TO HQMC C4 CY.
3.D.  PER REF A, HQMC C4 WILL REVIEW PACKAGES AND PROVIDE WRITTEN DECISION ON THE WAIVER REQUEST.  FINALIZED PACKAGES WILL BE UPLOADED BY THE RS/PM INTO DIPTR-DON DOC TAB AS PART OF THE DON ENTERPRISE ARCHITECTURE (EA) REVIEW.
4.  PKE WAIVER.  WAIVERS MAY BE GRANTED FOR UP TO ONE YEAR ONLY UPON APPROVAL BY THE DON DEPUTY CIO.  AFTER THE INITIAL WAIVER, A ONE YEAR RENEWAL MAY BE GRANTED AT THE DISCRETION OF DON CIO BASED UPON HQMC C4 ENDORSEMENT.  RENEWAL REQUESTS MUST FOLLOW THE PROCESS AND REQUIREMENTS OUTLINED IN PARAGRAPH 3 WITH THE ADDITION OF A COPY OF THE ORIGINAL WAIVER APPROVAL LETTER.
5.  EXCEPTIONS.  REF A PARA 9 OUTLINES SYSTEM TYPES THAT MAY QUALIFY AS ACCEPTED EXCEPTIONS, INCLUDING TACTICAL/DEPLOYED ENVIRONMENT.  ALL PM/RS SEEKING EXEMPTION FOR A SYSTEM MUST COMPLETE THE REQUIREMENTS OF PARAGRAPH 3.A.   FINALIZED EXCEPTION PACKAGES WILL BE UPLOADED INTO DIPTR-DON AS PART OF THE DON ENTERPRISE ARCHITECTURE (EA) REVIEW.
6.  RELEASE AUTHORIZED BY BGEN K. J. NALLY, DIRECTOR, COMMAND, CONTROL, COMMUNICATIONS, AND COMPUTERS.//