R 151655Z OCT 12
UNCLASSIFIED/
MARADMIN 592/12
MSGID/GENADMIN,USMTF,2007/CMC WASHINGTON DC C4(UC)/F002//
SUBJ/MARINE CORPS SECURE HASH ALGORITHM (SHA) MIGRATION//
REF/A/MSGID:MEMO/DOD CIO/YMD:20121014//
REF/B/MSGID:MSG/DON CIO/YMD:20110412//
NARR/REF A IS THE DOD CIO MEMORANDUM, DOD'S MIGRATION TO USE OF STRONGER CRYPTOGRAPHIC ALGORITHMS.  REF B IS DON CIO MEMORANDUM, DEPARTMENT OF THE NAVY (DON) SECURE HASH ALGORITHM MIGRATION GUIDANCE DATED 15 JUN 2011.//
POC/MS C. HESEMANN/CIV/UNIT:HQMC C4 CY/-/TEL:703-693-3490 /EMAIL:HQMC(UNDERSCORE)C4IA(UNDERSCORE)IDMGT(AT)USMC.MIL//
GENTEXT/REMARKS/1.  PURPOSE.  TO REITERATE GUIDANCE FOR TRANSITIONING OF ALL MARINE CORPS ENTERPRISE NETWORK SYSTEMS, APPLICATIONS, WEB SITES, AND PORTALS, ON BOTH UNCLASSIFIED AND CLASSIFIED NETWORKS, FROM USE OF SHA-1 TO SHA-256.
2.  BACKGROUND.  PER REF A, THE FEDERAL GOVERNMENT IS REQUIRED TO USE PERSONAL IDENTITY VERIFICATION (PIV) CREDENTIALS (AKA DOD CAC) SIGNED WITH SHA-256 ALGORITHM.  AS A RESULT, THE DOD PLANS TO BEGIN ISSUANCE OF SHA-256 COMPLIANT COMMON ACCESS CARDS STARTING 01 JAN 2014.  PUBLIC KEY ENABLED (PKE) SYSTEMS AND APPLICATIONS NOT MIGRATED TO ACCEPT SHA-256 WILL EXPERIENCE INTEROPERABILITY AND DENIAL OF SERVICE ISSUES.
3.  POLICY.  REF B REQUIRES ALL NETWORKS, PRIVATE WEB SERVERS, PORTALS, AND WEB APPLICATIONS REQUIRED BEING PKE TO TRANSITION TO USE OF SHA-256 NLT 31 DEC 2013. THE MARINE CORPS WILL USE THE FOLLOWING TIMELINE FOR SYNCHRONIZATION OF EFFORTS.
3.A.  MILESTONE 1.  PROGRAM MANAGERS WERE TO ASSESS INFRASTRUCTURE, NETWORKS, PRIVATE WEB SERVERS, PORTALS, AND WEB APPLICATIONS FOR CURRENT COMPATIBILITY WITH SHA-256, DUE DATE WAS 31 DEC 2011.  ASSESSMENTS WERE TO INCLUDE LIST OF MODIFICATIONS TO BE MADE AND PLAN OF ACTION AND MILESTONES FOR MIGRATION AND WAS TO BE SUBMITTED TO C4 CY VIA EMAIL TO HQMC(UNDERSCORE)C4CY(UNDERSCORE)IDMGT(AT)USMC.MIL.
3.B.  MILESTONE 2.  MCNOSC WILL UPGRADE THE GARRISON AND TACTICAL CERTIFICATION VALIDATION INFRASTRUCTURES TO OPERATE WITH SHA-256 CERTIFICATES, DUE DATE 01 DEC 2013.
3.C.  MILESTONE 3.  PROGRAM MANAGERS WILL IMPLEMENT GARRISON AND TACTICAL ENTERPRISE SOFTWARE UPGRADES, DUE DATE 31 DEC 2013.
3.D.  MILESTONE 4.  PROGRAM MANAGERS WILL UPGRADE GARRISON AND TACTICAL APPLICATIONS, PORTALS, AND WEBSITES, DUE DATE 01 APR 2014.
4.  NONCOMPLIANCE IDENTIFICATION.  THIS POLICY PROVIDES A ONE-TIME EXTENSION TO THE PAST DEADLINE UNTIL 31 DEC 2012.  WHEN CIRCUMSTANCES EXIST THAT WILL MAKE IT IMPOSSIBLE TO ACCOMPLISH MIGRATION BY THE TARGET DATE, THE FOLLOWING SUPPORT DEFICIENCY INFORMATION MUST BE SUBMITTED TO HQMC C4 CY ON COMMAND LETTERHEAD AND SIGNED BY THE RESOURCE MANAGER.  A LETTER WAS TO INCLUDE THE FOLLOWING AND WAS DUE NO LATER THAN 01 MAR 2012:
4.A.  NAME OF SYSTEM, APPLICATION, PORTAL, OR WEBSITE.
4.B.  DESCRIPTION OF THE SPECIFIC CIRCUMSTANCES ANTICIPATED PREVENTING ACCOMPLISHMENT BY THE TARGET DATE.
4.C.  EXPECTED ACTION COMPLETION DATE, GIVEN THE LIMITING CIRCUMSTANCES.
4.D.  REQUIRED SUPPORT THAT MAY FACILITATE ACCOMPLISHMENT OF THE REQUIRED ACTION.
4.E.  OPERATIONAL IMPACT IF DENIAL OF SERVICE OCCURS.
5.  APPLICABILITY.  THIS POLICY APPLIES TO ALL SYSTEMS, APPLICATIONS, WEB SITES AND PORTALS OWNED, OPERATED, OR CONTRACTED FOR BY THE MARINE CORPS.
6.  THIS MARADMIN IS DIRECTED BY MR. R. A. LETTEER, CHIEF, CYBERSECURITY DIVISION.
7.  RELEASE AUTHORIZED BY BGEN K. J. NALLY, DIRECTOR, COMMAND, CONTROL, COMMUNICATIONS, AND COMPUTERS (C4) DEPARTMENT.//