MARINE CORPS COMMUNITY SERVICES INFORMATION TECHNOLOGY POLICY
Date Signed: 2/21/2003 | MARADMINS Number: 070/03
MARADMINS : 070/03
R 211900Z FEB 03
FM CMC WASHINGTON DC(n)
TO ML MARADMIN(n)
MARADMIN
BT
UNCLAS
MARADMIN 070/03
MSGID/GENADMIN/CMC WASHINGTON DC/MR//
SUBJ/MARINE CORPS COMMUNITY SERVICES INFORMATION TECHNOLOGY POLICY//
REF/A/MCO P1700.27A//
POC/DON ROBERSON/NF05/MRI/-/TEL:703-784-7814
/EMAIL:DON.ROBERSON@USMC-MCCS.ORG//
GENTEXT/REMARKS/1.  PURPOSE.  TO FIELD MARINE CORPS COMMUNITY
SERVICES (MCCS) INFORMATION TECHNOLOGY (IT) POLICY.
2.  BACKGROUND.  THERE IS A REQUIREMENT TO FIELD MCCS IT POLICY
PRIOR TO THE REVISION OF THE REF, WHICH IS CURRENTLY STILL IN
STAFFING.  THIS MSG CONTAINS THE APPLICABLE IT PORTIONS OF THE NEW
POLICY, AND WE ARE FORWARDING THEM FOR IMMEDIATE IMPLEMENTATION.
THE REVISED REF WILL REFLECT THESE CHANGES.  THE POLICY CONTAINED
HEREIN SHALL BE IMPLEMENTED UPON RECEIPT OF THIS MSG.
3.  POLICY.
A.  PURPOSE.  THE PURPOSE OF IT IS TO DEVELOP, DEPLOY AND MAINTAIN
AUTOMATED DATA PROCESSING SYSTEMS AND TELECOMMUNICATIONS SUPPORT FOR
MCCS NONAPPROPRIATED FUND (NAF) ACTIVITIES (AND OTHER SPECIFIC MCCS
PROGRAMS DETERMINED TO BE OUTSIDE THE SCOPE OF NMCI SUPPORT) BASED
ON INDUSTRY STANDARDS AND BEST BUSINESS PRACTICES AS THEY APPLY TO
THE MCCS CONTROLLED USMC-MCCS.ORG NET.
B.  SCOPE.  AUTOMATED DATA PROCESSING FUNCTIONS INCLUDE, BUT ARE NOT
LIMITED TO:  COMPUTER OPERATIONS, TRAINING, SCHEDULING, SYSTEMS
DEPLOYMENT, COORDINATING SOFTWARE ENHANCEMENTS, POINT OF SALE
SYSTEMS SUPPORT, PERSONNEL/PAYROLL SUPPORT, FINANCE SUPPORT, RETAIL
SYSTEMS SUPPORT, FOOD AND BEVERAGE POINT OF SALE, RECREATION SYSTEM,
LIBRARY SYSTEMS, AND WIDE AREA NETWORK SUPPORT AS THEY PERTAIN TO
THE USMC-MCCS.ORG NET.  ALL USMC-MCCS.ORG NET ACTIVITY COMPUTER
SYSTEMS, HARDWARE, POINT OF SALE EQUIPMENT, TELECOMMUNICATIONS
EQUIPMENT, RELATED PERIPHERALS, SOFTWARE AND PROCEDURES SHALL BE
PRESCRIBED BY CMC (MR).  CMC (MR) WILL COORDINATE WITH OTHER HQMC
DIVISIONS, WHERE NECESSARY, IN SUPPORT OF APF FUNDED MCCS PROGRAMS.
EQUIPMENT PROCURED FOR MCCS AUTOMATED SYSTEMS SHALL NOT BE USED FOR
OTHER THAN OFFICIAL PURPOSES, AND ONLY AUTHORIZED SOFTWARE SHALL BE
USED ON THESE SYSTEMS.  THESE SYSTEMS ARE SEPARATE AND APART FROM
THE NAVY-MARINE CORPS INTERNET (NMCI) SYSTEM.
   (1) CMC (MR) SHALL PROVIDE A STANDARD IT SYSTEM AS IT APPLIES TO
THE USMC-MCCS.ORG NET AND OTHER SPECIFIC IDENTIFIED NEEDS NOT
PROVIDED BY NMCI.  A STANDARD SYSTEM REDUCES THE COST OF
DEVELOPMENT, MAINTENANCE, AND TRAINING AND PROVIDES COMPARABLE DATA
FOR ANALYSIS BETWEEN COST CENTERS WITHIN A COMMAND AND BETWEEN
COMMANDS.  IF IT SOLUTIONS ARE OUTSOURCED TO THE OTHER SERVICES, CMC
(MR) SHALL ADOPT AND PROVIDE GUIDANCE GOVERNING SYSTEM-WIDE POLICY
CHANGES.
   (2) THROUGH THE USE OF PERSONAL COMPUTERS (PCS), STRUCTURED
QUERY LANGUAGE, REPORT WRITERS OR OTHER MEANS, COMMANDS SHALL BE
ABLE TO ACCESS DATA IN THE STANDARD IT SYSTEM TO PRODUCE MODELS
DESIRED FOR SPECIFIC APPLICATIONS.
   (3) CMC (MR) SHALL SET STANDARDS FOR MAJOR COMPUTER SYSTEMS AND
WORKSTATIONS (PCS) AND TELECOMMUNICATIONS EQUIPMENT.
C.  PERSONAL COMPUTERS.  PC WORKSTATIONS SHALL BE USED TO SUPPORT
LOCAL COMMAND USMC-MCCS.ORG NET REQUIREMENTS AND CMC (MR)
REQUIREMENTS.  PERSONAL COMPUTERS PROCURED FOR USE IN CONJUNCTION
WITH USMC-MCCS.ORG NET ACTIVITIES SHALL NOT BE USED FOR OTHER THAN
OFFICIAL PURPOSES.
   (1) HARDWARE STANDARDS.  ALL WORKSTATIONS (PCS) MUST MEET THE
STANDARDS PUBLISHED BY CMC (MR).  MEMORY AND PERIPHERALS MAY BE
ADDED AS NEEDED.  PERIPHERALS MUST BE INTERCHANGEABLE BETWEEN ANY
PC.  FOR ALL PCS WITH HARD DISC DRIVES, A STREAMING TAPE DEVICE, ZIP
DRIVE, READ/WRITE CD-ROM DRIVE, OR FLOPPY DISC SHOULD BE INCLUDED
FOR BACKUP.
   (2) DESKTOP SOFTWARE STANDARDS.  USMC-MCCS.ORG NET SHALL USE THE
MARINE CORPS STANDARD INTEGRATED WORD PROCESSING, SPREADSHEET,
DATABASE, GRAPHICS PACKAGE, AND ENTERPRISE ANTI-VIRUS SOFTWARE.
UNDER NO CIRCUMSTANCES SHALL EXTRA COPIES BE MADE OF SOFTWARE, WHICH
VIOLATES LICENSE AGREEMENTS.  COPIES OF SOFTWARE THAT VIOLATE
LICENSE AGREEMENTS SHALL NOT BE USED.  USMC-MCCS.ORG NET
APPLICATIONS MUST BE COMPATABILE WITH ALL OPERATING SYSTEMS THAT
WILL BE REQUIRED TO RUN ON THAT WORKSTATION AND VALIDATED BY CMC
(MR).  USERS SHALL NOT DOWNLOAD, INSTALL OR RUN ANY SOFTWARE FROM
THE INTERNET OR OTHER SOURCES WITHOUT THE APPROVAL FROM CMC (MR).
USERS ARE PROHIBITED FROM RUNNING SECURITY PROGRAMS OR UTILITIES
THAT MAY JEOPARDIZE THE SECURITY OF THE USMC-MCCS.ORG NET, SUCH AS
PASSWORD CRACKING OR NETWORK SCANNING PROGRAMS.
   (3) BACKUPS.  THE ORIGINAL OF SOFTWARE DISTRIBUTED BY A VENDOR
SHALL BE COPIED AND THE COPY SHALL BE USED FOR INSTALLATION.  THE
ORIGINAL COPY SHALL BE STORED OFF-SITE IN A SEPARATE BUILDING THAT
IS NOT IMMEDIATELY ADJACENT TO THE BUILDING STRUCTURE IN WHICH THE
COMPUTER FACILITY IS LOCATED.
       (A) USERS ARE RESPONSIBLE FOR BACKUP OF THEIR DATA FILES.
THIS SHALL BE DONE ONCE A DAY FOR FILES CHANGED THAT DAY.
       (B) LOCAL MANAGEMENT INFORMATION SYSTEM (MIS) OPERATIONS ARE
RESPONSIBLE FOR THE NIGHTLY BACKUP OF LOCAL FILE SERVERS.  ONCE A
WEEK, DATA FILE BACKUPS SHALL BE TAKEN TO AN OFF-SITE STORAGE
LOCATION, CRITICAL FILES SHALL BE MOVED OFF-SITE DAILY.
       (C) FLOPPY DISCS SHALL BE BACKED UP TO FLOPPY DISCS.
       (D) HARD DISCS SHALL BE BACKED UP TO STREAMING TAPE, ZIP
DRIVES, READ/WRITE CD-ROM DRIVES, OR FLOPPY DRIVES.
   (4) SECURITY.  USERS ARE RESPONSIBLE TO PROTECT THEIR SOFTWARE
AND DATA FROM UNAUTHORIZED ACCESS.  
       (A) USERS ARE RESPONSIBLE TO INSURE THAT HARDWARE IS NOT
MISHANDLED OR USED BY UNAUTHORIZED PERSONNEL.
       (B) USERS ARE RESPONSIBLE TO PROTECT THEIR DATA FROM
VIRUSES.  ALL FLOPPY DISKS OR DOWNLOADED FILES SHALL BE SCANNED
PRIOR TO LOADING ON SYSTEMS. A VIRUS SCAN SHOULD BE SETUP AND
SCHEDULED TO RUN ON EVERY WORKSTATION DAILY, ALONG WITH DOWNLOADING
THE LATEST VIRUS SCAN WEEKLY.  USERS ARE PROHIBITED FROM REMOVING
THE ENTERPRISE ANTI-VIRUS SOFTWARE FROM THEIR WORKSTATION.
       (C) EXTERNAL CONNECTIONS, INCLUDING MODEMS, WILL NOT BE
ALLOWED ON ANY WORKSTATION CONNECTED TO THE USMC-MCCS.ORG WIDE AREA
NETWORK WITHOUT OBTAINING A WAIVER FROM THE INFORMATION TECHNOLOGY
BRANCH CMC (MRI).
       (D) CMC (MR) IS THE RESPONSIBLE AGENT FOR CONTROL AND
DISTRIBUTION OF USMC-MCCS.ORG NET IP ADDRESSES.  UNDER NO
CIRCUMSTANCES SHALL USMC-MCCS.ORG NET IP ADDRESSES BE GIVEN TO
EXTERNAL AGENTS.  
       (E) ACCESS TO USMC-MCCS.ORG SYSTEMS BY EXTERNAL VENDORS OR
CONTRACTORS WILL BE CONTROLLED BY CMC (MR).
       (F) USERS ARE RESPONSIBLE FOR PROTECTING THEIR PASSWORDS.
UNDER NO CIRCUMSTANCES SHOULD MCCS ACCOUNTS BE SHARED OR DIVULGED.
       (G) USMC-MCCS.ORG NET COMPUTER SYSTEMS ARE UNCLASSIFIED
SYSTEMS.  UNDER NO CIRCUMSTANCES SHOULD CLASSIFIED INFORMATION BE
ENTERED, PROCESSED, OR STORED ON THE USMC-MCCS.ORG SYSYTEM.
INFORMATION IS "CLASSIFIED" IF IT IS TOP SECRET, SECRET, OR
CONFIDENTIAL IN NATURE, OR REQUIRES SAFEGUARDING IN THE INTEREST OF
NATIONAL SECURITY.
       (H) USERS SHALL NOT DIVULGE DIALUP OR DIAL BACK MODEM PHONE
NUMBERS TO ANYONE.
D.  USMC-MCCS.ORG NET NAF HARDWARE AND SOFTWARE FUNDING.  COMMANDS
WILL BE RESPONSIBLE FOR FUNDING LOCAL PERSONAL COMPUTERS, COMPUTER
SUPPLIES, LOCAL COMMUNICATION LINES (EXTERNAL AND INTERNAL TO
BUILDINGS), AND ANY SOFTWARE NOT CENTRALLY PROCURED OR SUPPORTED BY
CMC (MR).  CMC (MR) WILL CENTRALLY FUND ALL HARDWARE, SOFTWARE AND
WIDE AREA NETWORK CONNECTIVITY DEVICES FOR CMC (MR) SPONSORED
USMC-MCCS.ORG SYSTEM WIDE INITIATIVES, EXCEPT AS STATED ABOVE.  IF
CMC (MR) ASSISTANCE IS REQUIRED TO PROCURE AND/OR INSTALL HARDWARE
AND SOFTWARE FOR COMMANDS THAT IS NOT CENTRALLY FUNDED, THE COMMAND
WILL BE BILLED FOR ALL COSTS INCURRED.  PROCUREMENT OF HARDWARE AND
SOFTWARE WITH APF MUST ADHERE TO APF GUIDELINES.   ALL LOCALLY
PROCURED HARDWARE, SOFTWARE, AND COMMUNICATION DEVICES THAT WILL BE
CONNECTED TO THE USMC-MCCS.ORG NETWORK MUST BE APPROVED BY CMC (MR).
E.  HARDWARE AND SOFTWARE MAINTENANCE.  CMC (MR) SHALL BE
RESPONSIBLE FOR NEGOTIATING AND PROVIDING CENTRALIZED MAINTENANCE
CONTRACTS FOR ALL CENTRALLY PROCURED HARDWARE AND SOFTWARE.  LOCAL
MANAGEMENT INFORMATION SYSTEMS (MIS) SHALL BE RESPONSIBLE FOR
NEGOTIATING AND PROVIDING MAINTENANCE CONTRACTS FOR ALL LOCALLY
PROCURED HARDWARE AND SOFTWARE.
F.  DOD EQUIPMENT USE.  ALL DOD INTEREST COMPUTER SYSTEMS AND
RELATED EQUIPMENT ARE FOR COMMUNICATION, TRANSMISSION, PROCESSING,
AND STORAGE OF OFFICIAL U.S. GOVERNMENT OR OTHER RELATED AUTHORIZED
INFORMATION ONLY.
G.  INTERNET ACCESS AND USE.  INTERNET ACCESS IS PROVIDED TO MCCS
STAFF MEMBERS AND USERS OF THE LIBRARY SYSTEMS VIA THE USMC-MCCS.ORG
WIDE AREA NETWORK.  USE OF THIS NETWORK SERVICE AFFIRMS A CONSENT TO
MONITORING, AS WITH ANY OTHER DOD INTEREST COMPUTER SYSTEM.
INTERNET ACCESS IS MONITORED DAILY FOR UNAUTHORIZED ACCESS TO SITES
CONSIDERED TO BE REPOSITORIES OF SEXUAL OR PORNOGRAPHIC MATERIALS,
ALONG WITH POTENTIAL SECURITY VIOLATIONS.  ALL USERS SHOULD BE AWARE
THAT ANY INFORMATION PLACED IN THE SYSTEM IS SUBJECT TO MONITORING
AND IS NOT SUBJECT TO ANY EXPECTATION OF PRIVACY.  ANY MISUSE OR
EVIDENCE OF VIOLATION OF CRIMINAL STATUTES WILL BE REPORTED TO THE,
MIS SITE ADMINISTRATOR, ASSISTANT CHIEF OF STAFF OR DIRECTOR MCCS,
AND/OR LAW ENFORCEMENT OFFICIALS.
   (1) PERMISSIBLE ACTIVITIES:
       (A) OBTAIN INFORMATION TO SUPPORT DOD/DON/MARINE CORPS
MISSIONS.
       (B) OBTAIN INFORMATION THAT ENHANCES THE PROFESSIONAL SKILLS
OF MARINE CORPS PERSONNEL.
       (C) IMPROVE PROFESSIONAL OR PERSONAL SKILLS AS PART OF A
FORMAL ACADEMIC EDUCATION OR MILITARY/CIVILIAN PROFESSIONAL
DEVELOPMENT PROGRAM (APPROVED BY THE COMMAND).
       (D) PERSONAL INTERNET SEARCHES AND BRIEF COMMUNICATIONS AS
LONG AS IT;
           - DOES NOT ADVERSELY AFFECT THE PERFORMANCE OF OFFICIAL
DUTIES BY THE MARINE OR EMPLOYEE.
           - SERVES A LEGITIMATE PUBLIC INTEREST.
           - IS OF MINIMAL FREQUENCY AND DURATION AND OCCURS DURING
THE INDIVIDUALS PERSONAL TIME.
           - DOES NOT OVERBURDEN MARINE CORPS MCCS COMPUTING
RESOURCES OR COMMUNICATION SYSTEMS.
   (2) PROHIBITED USE:
       (A) ILLEGAL, FRAUDULENT OR MALICIOUS ACTIVITIES.
       (B) PARTISAN POLITICAL ACTIVITY, POLITICAL OR RELIGIOUS
LOBBYING OR ADVOCACY OF ACTIVITIES ON BEHALF OF ORGANIZATIONS HAVING
NO AFFILIATION WITH THE MARINE CORPS OR DOD.
       (C) ACTIVITIES WHOSE PURPOSES ARE FOR PERSONAL OR COMMERCIAL
FINANCIAL GAIN.
       (D) UNAUTHORIZED FUNDRAISING.
       (E) ACCESSING, STORING, PROCESSING, DISPLAYING OR
DISTRIBUTING OFFENSIVE OR OBSCENE MATERIAL, SUCH AS, PORNOGRAPHY AND
HATE LITERATURE.
       (F) OBTAINING, INSTALLING OR USING SOFTWARE OBTAINED IN
VIOLATION OF THE APPROPRIATE VENDORS PATENT, COPYRIGHT, TRADE SECRET
OR LICENSE AGREEMENT.
       (G) SHARING OF INTERNET ACCOUNTS.  
       (H) ACCESS TO OR THE PROVIDING OF STREAMING MEDIA RESOURCES
OR OTHER NETWORK SERVICES OUTSIDE THE PURPOSE OF CONDUCTING
BUSINESS.  THIS INCLUDES, BUT IS NOT LIMITED TO INTERNET RADIO
STATIONS, STREAMING AUDIO (MP3), UNAUTHORIZED VIDEO STREAMS, FILE
TRANSFER PROTOCOL (FTP), WEB AND CHAT SERVERS.  
       (I) USE OF MEDIA/SOFTWARE SHARING PROGRAMS (E.G., NAPSTER,
GUNTELLA, ETC.).
       (J) CREATION OR FORWARDING OF CHAIN E-MAIL.
   (3) COMMANDERS SHALL ENSURE THAT APPROPRIATE COMMAND LEVEL
MEASURES ARE INSTITUTED TO:
       (A) CONTROL ACCESS OF INTERNET SERVICES FOR THOSE PERSONNEL
REQUIRED TO USE THE INTERNET IN PERFORMANCE OF THE THEIR MISSION.
       (B) MONITOR LOCAL NETWORK USAGE AND TAKE APPROPRIATE ACTION
WHEN INAPPROPRIATE USE IS SUSPECTED.
       (C) EDUCATE PERSONNEL ON APPROPRIATE INTERNET ACCESS.
H.  PERSONAL DIGITAL ASSITANT (PDA)/WIRELESS DEVICES
   (1) PDAS PURCHASED FOR USE WITHIN THE USMC-MCCS.ORG NETWORK MUST
BE COMPATIBLE WITH THE PROVISIONS OF NMCI PDA POLICY.  ONLY NMCI
CERTIFIED AND ACCREDITED SOFTWARE MAY BE PURCHASED AND INSTALLED ON
USMC-MCCS.ORG NET SUPPORTED PDA DEVICES.
   (2) ONLY UNCLASSIFIED INFORMATION NOT REQUIRING PROTECTION MAY
BE ENTERED, PROCESSED, STORED, OR TRANSMITTED ON MCCS PDAS.
   (3) PASSWORDS, COMBINATIONS, PINS AND OTHER FORMS OF MCCS USER
IDENTIFICATION SHALL NOT BE SAVED ONTO A PDA.
   (4) DATA EXCHANGE VIA THE INFRARED (IR) PORT SHALL BE LIMITED TO
OTHER USMC-MCCS.ORG NET AND TRUSTED GOVERNMENT DEVICES.
   (5) HOT DOCKING BETWEEN A HOME COMPUTER AND AN USMC-MCCS.ORG NET
COMPUTER IS STRICTLY PROHIBITED.
   (6) REMOVABLE MEDIA WILL BE HANDLED ACCORDING TO EXISTING
POLICIES AND PROCEDURES FOR DOCUMENT HANDLING, INCLUDING MARKING AND
STORAGE.
   (7) ONLY CERTIFIED AND ACCREDITED REMOVABLE PERIPHERAL/EXPANSION
DEVICES ISSUED WITH THE PDA, FOR USMC-MCCS.ORG NET USE, ARE
AUTHORIZED.
   (8) THE USE OF COMMERCIAL E-MAIL SERVICES FOR THE STORAGE OR
TRANSFER OF OFFICIAL E-MAIL OR DATA FILES IS PROHIBITED IN
ACCORDANCE WITH DOD POLICY.   AUTO FORWARDING OF E-MAIL TO OR FROM A
COMMERCIAL ISP OR ACCOUNT TO AN OFFICIAL GOVERNMENT OR MCCS OBTAINED
WIRELESS DEVICE IS STRICTLY PROHIBITED.
K.  HELP DESKS.  LOCAL MIS STAFFS ARE RESPONSIBLE FOR PROVIDING 1ST
LEVEL TECHNICAL SUPPORT FOR USMC-MCCS.ORG SYSTEMS.  LOCAL MIS STAFFS
SHALL ACT AS THE PRIMARY POINT OF CONTACT AND MR LIAISON FOR ALL
LOCAL MIS ISSUES.  LOCAL MIS STAFFS ARE RESPONSIBLE FOR PUBLISHING
AND MAINTAINING A CURRENT 7X24 CONTACT LIST.//