MARADMINS : 450/03
R 251200Z SEP 03
FM CMC WASHINGTON DC
TO MARADMIN(uc)
MARADMIN
BT
UNCLASSIFIED
MARADMIN 450/03
MSGID/GENADMIN/CMC WASHINGTON DC C4//
SUBJ/REMOVEABLE SECONDARY STORAGE MEDIA DEVICE POLICY//
POC/LETTEER RA/GS14/HQMC C4/-/TEL:DSN 223-3490/TEL:703-693-3490
/EMAIL:LETTEERRA@HQMC.USMC.MIL//
POC/DULANY KM/MSGT/HQMC C4/-/TEL:DSN 223-3490/TEL:703-693-3490
/EMAIL:DULANYKM@HQMC.USMC.MIL//
GENTEXT/REMARKS/1. NEW TECHNOLOGIES IN SECONDARY STORAGE MEDIA DEVICES HAVE
INTRODUCED THE NEED TO CLARIFY CURRENT INFORMATION ASSURANCE POLICY,
AS THESE DEVICES MAY POSE ADDITIONAL RISK TO MARINE CORPSĀ SYSTEMS.
OPERATIONAL BENEFITS OF HIGHLY PORTABLE, REUSABLE AND REMOVEABLE
SECONDARY STORAGE MEDIA DEVICES ARE ACKNOWLEDGED. THIS POLICY
REFERS TO ANY DEVICE THAT CAN BE CONNECTED TO A WORKSTATION OR OTHER
COMPUTING DEVICE VIA CABLE, UNIVERSAL SERIAL BUS (USB), PERSONAL
COMPUTER MEMORY CARD INTERNATIONAL ASSOCIATION
2. DUE TO THE INHERENT RISK THAT THEY POSE TO THE LOCAL DESIGNATED
APPROVING AUTHORITY, USB PORTS SHALL BE DISABLED ON COMPUTING
DEVICES THAT PROCESS CLASSIFIED MATERIAL TO THE MAXIMUM EXTENT
POSSIBLE. LOCAL DAA APPROVAL SHALL BE OBTAINED, IN WRITING, WHERE
USB USE IS REQUIRED FOR SPECIFIC CLASSIFIED COMPUTING DEVICES.
3. USE OR CONNECTION OF PERSONNALY OWNED REMOVEALBE SECONDARY
STORAGE MEDIA WITH ANY UNCLASSIFIED GOVERNMENT COMPUTING DEVICE
WITHOUT PRIOR WRITTEN APPROVAL OF THE LOCAL DAA IS PROHIBITED.
4. ALL REMOVABLE SECONDARY STORAGE MEDIA SHALL BE LABELED
APPROPRIATELY INDICATING THE HIGHEST CLASSIFICATION OR SENSITIVITY
OF THE DATA CONTAINED ON THE DEVICE, BY MEANS SUCH AS STANDARD FORM
(SF) 710 (1-87) OR SF 707 (1-97). IF THE DEVICE IS TOO SMALL, THEN
A CARD WILL BE ATTACHED TO THE MEDIA WITH THE APPROPRIATE LABEL.
ADDITIONALLY THE DEVICE WILL BE MARKED WITH A PERMANENT MARKER
INDICATING THE CLASSIFICATION LEVEL.
5. GOVERNMENT-PROCURED REMOVABLE SECONDARY STORAGE MEDIA DEVICES OF
ANY CAPACITY ARE APPROVED FOR USE IN NIPERNET OR OTHER UNCLASSIFIED
COMPUTER SYSTEMS. ORGANIZATIONS ISSUING REMOVABLE SECONDARY STORAGE
MEDIA DEVICES FOR USE ON NIPRNET SHALL CONTROL THEM IN A MANNER
CONSISTENT WITH ACCOUNTABILITY OF OTHER HIGHLY PILFERABLE ITEMS WITH
RESPECT TO PERSONNEL TRANSFER OR REISSUE, CREATE LOCAL POLICY THAT
ADDRESSES BOTH THE VALUE OF DEVICE AND STORED INFORMATION.
6. FLASH MEDIA SPECIFIC GUIDANCE. WHILE THE TRADITIONAL FLOPPY
DISK AND CD-ROM CONTAIN PHYSICAL OR INHERENT WRITE PROTECTIVE
PROPERTIES, FLASH DIGITAL MEDIADEVICES ROUTINELY DO NOT.
(A) THERE IS NO FORMALLY EVALUATED OR APPROVED WRITE PROTECTION OR
MEMORY CLEARING METHOD. THE MARINE CORPS INTENDS TO MITIGATE
DATA-SPILLAGE THROUGH THE USE OF PHYSICAL VICE SOFTWARE
WRITE-PROTECTION METHODS. MEMORY CLEARING OF FLASH MEMORY MAY BE
ACCOMPLISHED THROUGH APPROPRIATE OVERWRITE UTILITIES (AS AN
EXTENSION OF OPERATING SYSTEM FILES SYSTEM). AN EXAMPLE WOULD BE NT
TOOLBOX.
(B) INTRODUCATION OF REMOVABLE FLASH DIGITAL MEDIA DEVICES TO
SIPRNET OR ANY CLASSIFIED COMPUTING DEVICES OR STORED INFORMATION
WITHOUT PHYSICAL WRITE PROTECTION WILL MAKE THE STORAGE DEVICE
PERMANENTLY CLASSIFIED AT THE SAME LEVEL AS THE SYSTEM.
(C) REMOVEABLE FLASH DIGITAL MEDIA DEVICES INTRODUCED TO CLASSIFIED
COMPUTING DEVICES CAN NO LONGER BE INTRODUCED INTO COMPUTING DEVICES
OF LOWER CLASSIFICATION.
(D) ALL PROCURED FLASH DIGITAL MEDIA DEVICES SHALL HAVE THE
CAPABILITY FOR FILE ACCESS SECURITY AND DEVICE AUTHENTICATION.
FILE SECURITY ON SUCH DEVICES MUST BE ABLE TO PROVIDE SAME LEVEL OF
DISCRETIONARY ACCESS CONTROL (DAC) THAT IS FOUND ON THE COMPUTER TO
WHICH IT IS CONNECTING, I.E., NTFS TO NTFS. AUTHENTICATION SHALL BE
ACTIVE AND USED AT ALL TIMES.
(E) AT A MINIMUM, PROCURE REMOVABLE SECONDARY STORAGE DEVICE(S)
THAT PROVIDE ONBOARD PROTECTED FILE ACCESS, PHYSICAL WRITE
PROTECTION AND/OR IMBEDDED BIOMETRIC DEVICE ACCESS CONTROL. UNIT
COMMANDERS WILL ESTABLISH COMMON STORAGE DEVICE PROCURMENT STANDARDS
AND A ROBUST MEDIA ASSET CONTROL PROGRAM.
7. ACTION. THIS POLICY IS EFFECTIVE IMMEDIATELY. COMMANDERS WILL
ENSURE THE IMPLEMNTATION OF THIS POLICY AND THE INCLUSION OF ITS
CONTENT IN LOCAL INFORMATION ASSURANCE AND SECURITY TRAINING.
8. POCS FOR POLICY QUESTIONS ARE RAY A. LETTEER AND MSGT KEVIN
DULANY, DSN 233-3490, COMM 703-693-3490. TECHNICAL INQUIRIES SHOULD
BE DIRECTED TO THE HELP DESK LOCATED AT THE MCNOSC COMMAND CENTER AT
DSN 278-5300, COMM 703-784-5300, OR UNCLAS E-MAIL
HELPDESK@NOC.USMC.MIL.//