R 152300Z NOV 05
FM CMC WASHINGTON DC(UC)
TO AL MARADMIN(UC)
UNCLASSIFIED
MARADMIN 541/05
MSGID/GENADMIN/CMC WASHINGTON DC C4//
SUBJ/DOD NETWORK SECURITY STAND DOWN//
REF/A/MSG/-/081845ZNOV2005//
REF/B/DOC/JTF-GNO FRAGO 01 OPORD 05-01 /-//
AMPN/REF A IS JOINT TASK FORCE GLOBAL NETWORK OPERATIONS/
(JTF-GNO) COMMUNICATIONS TASKING ORDER (CTO) 05-021//
NARR/REF B IS JTF-GNO FRAGO 01 TO OPORD O5-01 NOTAL//
POC/MCNOSC WATCH OFFICER/-/MCNOSC/-/TEL:DSN 278-5300
/EMAIL:MCNOSCWO@MCNOSC.USMC.MIL//
POC/HQMC C4 CPIA/-/C4/-/TEL:DSN 223-3490/EMAIL:HQMCIT@HQMC.USMC.MIL//
GENTEXT/REMARKS/-//
RMKS/1. PURPOSE. THIS MARADMIN NOTIFIES ALL
MARINE CORPS COMMANDS OF THE PLANNED DOD NETWORK SECURITY
STAND-DOWN ON 29 NOV 05 AND SERVES AS A WARNING ORDER FOR
SPECIFIC NETWORK SECURITY TASKS TO BE EXECUTED BY EVERY
MARINE CORPS COMMAND.
2. BACKGROUND. IN RESPONSE TO RECENT COMPUTER NETWORK
THREAT ACTIVITY ON THE GLOBAL INFORMATION GRID (GIG),
REFERENCE A DIRECTS THE MARINE CORPS NETWORK OPERATIONS
AND SECURITY COMMAND (MCNOSC) TO IMPLEMENT SEVERAL
COMPUTER NETWORK SECURITY MEASURES ON THE MARINE CORPS
ENTERPRISE NETWORK (MCEN) TO ENSURE THE AVAILABILITY OF
NETWORK RESOURCES AND RESTORE CONFIDENCE IN THE DATA.
THESE TASKS MUST BE ACCOMPLISHED PRIOR TO THE DOD NETWORK
SECURITY STAND-DOWN ON 29 NOV 05 AND REQUIRE THE ACTIVE
PARTICIPATION OF EVERY MARINE CORPS COMMAND. REF B
DIRECTS ADDITIONAL ACTIONS ACROSS DOD IN SUPPORT OF
AGGRESSIVE COMPUTER NETWORK DEFENSE.
3. DISCUSSION.
A. IN THE NEXT 48 HOURS MCNOSC WILL RELEASE OPERATIONAL
DIRECTIVES (OP-DIRS) VIA MULTIPLE CLASSIFIED DEFENSE
MESSAGE SYSTEM (DMS) MESSAGES. THE MARINE CORPS
G-6/INFORMATION ASSURANCE (IA) COMMUNITY MUST ENSURE
COMPLIANCE WITH THE OP-DIRS AND REPORT RESULTS TO THE
MCNOSC WITHIN THE DUE DATES. ACTIONS DIRECTED BY
THESE OP-DIRS WILL INCLUDE THE FOLLOWING:
(1) VALIDATE UNCLASSIFIED NETWORK REMOTE ACCESS
(2) SCAN FOR INTRUSION ACTIVITY AND REMEDIATE COMPROMISED
SYSTEMS
(3) VALIDATE IAVM COMPLIANCE AND UPDATE NON-COMPLIANT
SYSTEMS
(4) VALIDATE ALL AUTHORIZED ACCOUNTS AND USERS
(5) VALIDATE USMC ENTRIES IN DOD PORTS AND PROTOCOLS
DATABASE
(6) MOVE ALL PUBLIC WEB SERVERS TO LOCAL SERVICE NET
(7) RENAME ALL SYSTEMS TO OPSEC CONSCIOUS NAMING STANDARDS
B. THE G-6 COMMUNITY SHOULD REVIEW THE SPECIFIC TASKS IN
EACH OP-DIR AND REQUEST WAIVERS OR EXCEPTIONS BASED UPON THE
OPERATIONAL IMPACT TO THEIR COMMAND. REQUESTS MUST BE MADE
NLT 17 NOV TO THE MCNOSC WATCH OFFICER VIA E-MAIL TO
MCNOSCWO@MCNOSC.USMC.MIL OR (SMIL.MIL).
C. THE DOD NETWORK SECURITY STAND-DOWN ON 29 NOV 05 WILL BE
A DOD WIDE EFFORT THAT WILL RAISE AWARENESS OF NETWORK
SECURITY ISSUES AND VALIDATE ALL AUTHORIZED USERS. ALL USERS
WILL PARTICPATE AT ALL LEVELS. THIS CAN BE DONE IN PHASES
OR IN GROUPS BUT IN ALL ACTIONS REQUIRED IN REFS WILL BE
COMPLETED AND REPORTED BY 29 NOV 05.
(1) MARINE CORPS IA STAFF (IAMS & IAOS) WILL ENSURE THAT
EACH USER UNDER THEIR PURVIEW RECEIVES REFRESHER INFORMATION
ASSURANCE TRAINING. THIS INCLUDES CIVILIAN MARINES AND
CONTRACTORS. THIS TRAINING IS INDEPENDENT OF OTHER SECURITY
TRAINING THAT MAY BE ON-GOING, E.G., SECURITY MANAGER
REQUIRED ANNUAL SECURITY REFRESHER.
(2) THIS TRAINING CAN BE A LOCALLY DEVELOPED PRESENTATION
OR USE OF THE DISA INFORMATION ASSURANCE BASICS CD.
TRAINING MUST INCLUDE LOCAL SYSTEM RULES OF BEHAVIOR FOR
USERS, LOCAL INCIDENT REPORTING PROCESSES, PROPER PASSWORD
CONSTRUCTION AND PROTECTION, AND A REVIEW OF THE MARINE
CORPS SYSTEM USER'S AGREEMENT.
(3) A ROSTER OF USERS SUCCESSFULLY RECEIVING THIS TRAINING
WILL BE MAINTAINED, AND THE LOCAL IA STAFF WILL REPORT THE
RESULTS TO HQMC C4 CPIA.
(4) THIS IA TRAINING CAN ALSO SATISFY THE REQUIREMENT FOR
ANNUAL INFORMATION ASSURANCE TRAINING.
(5) USERS WHO DO NOT COMPLETE THIS TRAINING BY 29 NOV 05
WILL HAVE THEIR ACCOUNT PRIVILEGES SUSPENDED UNTIL THEY
COMPLETE SAID TRAINING.
D. THE NAVY/MARINE CORPS INTRANET (NMCI) CONTRACTOR WILL
PROVIDE TECHNICAL SUPPORT FOR ALL REQUIRED IA TASKS.
4. POINTS OF CONTACT ARE LISTED ABOVE.//