MARADMINS : 659/08
R 211734Z Nov 08
UNCLASSIFIED//
MARADMIN 659/08
MSGID/GENADMIN/CMC WASHINGTON DC C4//
SUBJ/MARINE CORPS POLICY FOR PERSONAL ELECTRONIC DEVICES (PEDS) /SECURITY AND APPLICATION OF EMAIL SIGNATURE AND ENCRYPTION POLICY//
REF/A/MSGID:MSG/DON CIO WASHINGTON DC/061525ZOCT2004//
REF/B/MSGID:MSG/CMC WASHINGTON DC/091429ZJUN2008//
REF/C/MSGID:DOC/MCEN OPSTD 005 V1.1/04AUG2003//
REF/D/MSGID:DOC/MCEN IAED 014 V2.0/06JUL2007//
NARR/REF A IS THE DEPARTMENT OF THE NAVY (DON) CHIEF INFORMATION OFFICER (CIO) PUBLIC KEY INFRASTRUCTURE (PKI) IMPLEMENTATION GUIDANCE UPDATE MESSAGE. REF B IS MARADMIN 336/08, WHICH PROVIDES USMC POLICY FOR EMAIL DIGITAL SIGNATURE AND ENCRYPTION. REF C IS THE MARINE CORPS ENTERPRISE NETWORK (MCEN) OPERATIONAL STANDARD (OPSTD)
005 PERSONAL ELECTRONIC DEVICES (PED) V1.1. REF D IS THE MCEN INFORMATION ASSURANCE ENTERPRISE DIRECTIVE (IAED) 014 WIRELESS LOCAL AREA NETWORKS (WLANS) V1.1.//
POC/JOSEPH UCHYTIL/MAJOR/UNIT:HQMC C4 IA/-/TEL:703 693-3490 /EMAIL:JOSEPH.UCHYTIL@USMC.MIL//
GENTEXT/REMARKS/1. BACKGROUND. TECHNOLOGICAL ADVANCES HAVE ENABLED MORE PERVASIVE USE OF DIGITAL SIGNATURE AND ENCRYPTION OF EMAIL WITHIN THE DON. USE OF DIGITAL SIGNATURES IS EXPECTED TO INCREASE AS A TOOL TO REDUCE RISK OF ATTACKS THROUGH USE OF TARGETED FRAUDULENT OR "SPOOFED" EMAILS. EMAIL ENCRYPTION IS BEING USED MORE OFTEN AS A MEANS TO PROTECT EMAIL CONTAINING PERSONALLY IDENTIFIABLE INFORMATION (PII), PRIVACY ACT, AND OTHER CATEGORIES OF DOD SENSITIVE INFORMATION WHILE IN TRANSIT ACROSS THE GLOBAL INFORMATION GRID. THESE CAPABILITIES MUST BE SUPPORTED ON ALL PEDS SERVING AS AN EXTENSION OF THE MCEN.
2. PURPOSE. THIS MESSAGE PROVIDES MARINE CORPS GUIDANCE FOR COMPLIANCE WITH REF A.
3. POLICY. PER REF A AND IN SUPPORT OF REF B, ALL PEDS THAT ARE NOT CAPABLE OF INTERFACING WITH THE PKI CERTIFICATES STORED ON A SMART CARD (E.G. DOD COMMON ACCESS CARD (CAC)) MUST BE REPLACED OR REMOVED FROM USE ON THE MCEN BY 31 DECEMBER 2008. ADDITIONALLY, PURCHASE AND INSTALLATION OF A DESIGNATED ACCREDITING AUTHORITY (DAA) APPROVED SMART CARD READER IS REQUIRED FOR ALL PEDS NLT 31 DECEMBER 2009. APPROVED SMART CARD READERS MAY INTERFACE WITH PED HANDHELDS THROUGH EITHER A PHYSICAL CONNECTION OR A SECURED BLUETOOTH COMMUNICATIONS LINK, CONFIGURED IN ACCORDANCE WITH THE DEFENSE INFORMATION SECURITY AGENCY (DISA) WIRELESS SECURITY TECHNICAL IMPLEMENTATION GUIDE (STIG). DOD PKI SOFTWARE CERTIFICATES SHALL NOT BE ISSUED OR USED AS AN ALTERNATIVE INTERIM SOLUTION FOR CAC-BASED PKI, OR IN INSTANCES WHERE THE REQUIRED CARD READER HARDWARE HAS NOT BEEN PROCURED OR INSTALLED.
4. WAIVERS. EXCEPTIONS BASED UPON INSUFFICIENT FUNDING OR LACK OF PROPERLY CONFIGURED DESKTOPS AND PEDS WILL NOT BE GRANTED. REQUESTS FOR EXCEPTIONS MUST BE SUBMITTED TO THE MARINE CORPS DAA AT MCEN_DAA@USMC.MIL.
5. A LIST OF ACCREDITED AND SECURITY COMPLIANT DEVICES FOR USE ON THE NAVY AND MARINE CORPS INTRANET (NMCI) CAN BE FOUND ON THE NMCI HOMEPORT AT HTTPS:(SLASH SLASH)WWW.HOMEPORT.NAVY.MIL/SERVICES/MOBILE/BLACKBERRY.
6. COMMANDS WILL ENSURE THE IMPLEMENTATION OF THIS POLICY WITHOUT DELAY AND DISSEMINATE THROUGH THE WIDEST MEANS, INCLUDING POSTING ON ORGANIZATIONAL BULLETIN BOARDS.
7. CANCELLATION CONTINGENCY. THIS MARADMIN WILL BE CANCELLED 3 MONTHS FROM THE DATE OF RELEASE. REFS C AND D WILL BE UPDATED TO REFLECT THE INFORMATION CONTAINED IN THIS MARADMIN.
8. RELEASE AUTHORIZED BY BGEN G. J. ALLEN, DIRECTOR, COMMAND, CONTROL, COMMUNICATIONS, AND COMPUTERS.//