Marines

HomeNewsMessagesMessages Display

DOD SECRET INTERNET PROTOCOL ROUTER NETWORK (SIPRNET) PUBLIC KEY INFRASTRUCTURE (PKI), CRYPTOGRAPHIC LOGON (CLO), AND PUBLIC KEY ENABLEMENT (PKE) OF SIPRNET APPLICATIONS AND WEB SERVERS
Date Signed: 10/15/2012 | MARADMINS Number: 591/12
PRINT
MARADMINS : 591/12
R 151650Z OCT 12
UNCLASSIFIED/
MARADMIN 591/12
MSGID/GENADMIN,USMTF,2007/CMC WASHINGTON DC C4(UC)/F002//
SUBJ/DOD SECRET INTERNET PROTOCOL ROUTER NETWORK (SIPRNET) PUBLIC KEY INFRASTRUCTURE (PKI), CRYPTOGRAPHIC LOGON (CLO), AND PUBLIC KEY ENABLEMENT (PKE) OF SIPRNET APPLICATIONS AND WEB SERVERS//
REF/A/MSGID:MEMO/DON CIO/YMD:20111014//
REF/B/MSGID:INST/DOD/YMD:20110524//
REF/C/MSGID:DOC/USCYBERCOM/YMD:20120723//
REF/D/MSGID:MSG/DON CIO/YMD:20110412//
REF/E/MSGID:DOC/NSA/YMD:20090301//
REF/F/MSGID:DOC/DOD/YMD:20110501//
NARR/REF A IS THE DOD CIO MEMORANDUM, DOD SIPRNET PUBLIC KEY INFRASTRUCTURE (PKI), CRYPTOGRAPHIC LOGON (CLO), AND PUBLIC KEY ENABLEMENT OF SIPRNET APPLICATIONS AND WEB SERVER. REF B IS DOD INSTRUCTION 8520.02, PUBLIC KEY INFRASTRUCTURE (PKI) AND PUBLIC KEY
(PK) ENABLING.  REF C IS USCYBERCOM TASKORD J3-12-0863, DOD SIPRNET PKI IMPLEMENTATION, INCREMENT ONE: PHASE ONE AND TWO.  REF D IS DON CIO MESSAGE ADDRESSING NAVY PKE WAIVER REQUEST PROCESS FOR UNCLASSIFIED NETWORKS, PRIVATE WEB SERVERS, PORTALS, AND WEB APPLICATIONS.  REF E IS COMMITTEE ON NATIONAL SECURITY SYSTEMS (CNSS) POLICY NO. 25, NATIONAL POLICY FOR PKI IN NATIONAL SECURITY SYSTEMS. REF F IS DOD INSTRUCTION 8520.02, IDENTITY AUTHENTICATION FOR INFORMATION SYSTEMS.//
POC/MS C. HESEMANN/CIV/UNIT:HQMC C4 CY/-/TEL:703-693-3490 /EMAIL:CHRISTINE.HESEMANN(AT)USMC.MIL//
POC/MFCC COC WATCH OFFICER/-/-/-/TEL:443-654-6368 /EMAIL:MARFORCYBER(UNDERSCORE)COC(AT)NSA.GOV//
GENTEXT/REMARKS/1.  PURPOSE.  TO PROVIDE MARINE CORPS POLICY FOR THE PKE OF THE SIPRNET, GARRISON AND TACTICAL, IN ORDER TO ELIMINATE USER ANONYMITY AND STRENGTHEN ACCOUNTABILITY OF INFORMATION ACCESS THROUGH APPROVED USER AUTHENTICATION.
2.  BACKGROUND.  REF A MANDATES THE ISSUANCE AND USE OF PKI CREDENTIALS TO ALL DOD SIPRNET USERS AND REQUIRES USE FOR CLO.  ALL SIPRNET APPLICATIONS AND WEB SERVERS MUST ALSO BE PK ENABLED FOR USER AUTHENTICATION BY THIS MANDATE.
3.  POLICY.  ALL MARINE CORPS COMMANDS AND UNITS WILL IMPLEMENT PKE OF THE SIPRNET THROUGH THE ISSUANCE OF SIPRNET TOKENS TO MARINE CORPS SIPRNET ACCOUNT HOLDERS, CLO AND PKE OF ALL SIPRNET APPLICATIONS AND WEB SERVERS IAW REF F.
3.A.  ALL USERS WILL BE ISSUED SIPRNET TOKENS NO LATER THAN 31 DEC 2012.
3.B.  ALL USER ACCOUNTS WILL BE CLO ENFORCED NO LATER THAN 31 MAR 2013.
3.C.  ALL SIPRNET APPLICATIONS AND WEB SERVERS WILL BE PK ENABLED AND USED FOR AUTHENTICATION NO LATER THAN 29 JUN 2013.
4.  ROLES AND RESPONSIBILITIES.  HQMC C4, MCNOSC, COMMANDS AND USERS HAVE DEPENDANT RESPONSIBILITIES TO ENSURE COMPLIANCE WITH THE DOD MANDATE.
4.A.  HQMC C4 WILL PROVIDE POLICY, GUIDANCE AND OVERSIGHT FOR IMPLEMENTATION OF REF A.
4.B.  MCNOSC IS RESPONSIBLE FOR PROVIDING CONCEPT OF OPERATIOINS (CONOPS), OPERATIONAL SUPPORT, AND DATA COLLECTION FOR STATUS REPORTING IAW REFS B AND C.  MCNOSC CONOPS WILL BE ISSUED UNDER SEPCOR AND WILL INCLUDE DETAILED COMMAND RESPONSIBILITIES.
4.C.  COMMANDS WILL FOLLOW THE MCNOSC CONOPS AND OPERATIONAL DIRECTIVES (OPDIRS) AS PUBLISHED IN ADDITION TO PROVIDING USER SUPPORT, TRAINING AND REPORTING.
4.D.  USERS WILL ACCESS SIPRNET ACCOUNTS UTILIZING THE ISSUED SIPRNET TOKEN.  USERS ARE RESPONSIBLE FOR THE TOKEN AND MUST MAINTAIN POSITIVE CONTROL OF THE TOKEN.  THE TOKENS ARE NOT CLASSIFIED BUT ARE TO BE HANDLED AS SENSITIVE.  USERS WILL NOT SHARE THE TOKEN, TOKEN PIN OR ALLOW USE ACCESS TO A CLO ENABLED SIPRNET ACCOUNT WITH ANOTHER INDIVIDUAL.  SIPRNET TOKEN TOPOLOGY WILL NOT BE MODIFIED OR ALTERED
IN ANYWAY THROUGH MARKINGS, STICKERS, OR HOLES.  
4.D.1.  USERS WHO TRANSFER BETWEEN COMMANDS AND REQUIRE CONTINUED SIPRNET ACCOUNT ACCESS MAY RETAIN THE SIPRNET TOKEN IN ACCORDANCE WITH PROCEDURES OUTLINED IN THE MCNOSC CONCEPT OF OPERATIONS (CONOPS).
4.D.2.  USERS ARE REQUIRED TO REPORT LOST, STOLEN, OR MUTILATED SIPRNET TOKENS WITHIN ONE HOUR OF DISCOVERY.
4.D.3.  USERS WILL RETURN SIPRNET TOKENS TO THE COMMAND'S TRUSTED AGENT UPON TERMINATION OF SIPRNET ACCOUNT ACCESS OR COMMAND CHECK-OUT WHEN CONTINUED ACCOUNT ACCESS IS NOT REQUIRED UPON TRANSFER.
5.  EXEMPTIONS.  NON-DOD FEDERAL AND FOREIGN PARTNER SIPRNET USERS, INCLUDING EMBEDDED FOREIGN USERS, FOREIGN NATIONS ACCESSING SIPRNET AND CONTRACTORS WITH ACCESS THROUGH FEDERAL ACCESS POINTS ARE EXEMPT FROM THIS POLICY.  NAMED USER GROUPS WILL CONTINUE TO USE USERNAME AND STRONG PASSWORD UNTIL DOD POLICY FOR ISSUANCE IS PUBLISHED.
6.  WAIVERS PROCESS.  ALL NON-COMPLIANT SIPRNET NETWORKS, PRIVATE WEB SERVERS, PORTALS, AND WEB APPLICATIONS MUST OBTAIN A WAIVER. THE APPROPRIATE RESOURCE SPONSOR (RS) OR PROGRAM MANAGER (PM) WILL SUBMIT A WAIVER REQUEST PACKAGE TO THE MCNOSC PKI TEAM AT RAOPERATIONS(AT)MCNOSC.USMC.MIL WITH A MINIMUM OF THE FOLLOWING ITEMS:
6.A.  WAIVER REQUEST LETTER ON COMMAND LETTERHEAD WITH THE FOLLOWING SYSTEM INFORMATION:
6.A.1.  SYSTEM NAME
6.A.2.  DOD INFORMATION TECHNOLOGY PORTFOLIO REPOSITORY-DEPARTMENT OF THE NAVY (DITPR-DON) NUMBER
6.A.3.  SUMMARY REASON OF REQUEST FOR WAIVER OR EXEMPTION 6.A.4.  SIGNATURE OF THE NETWORK, SERVER, OR APPLICATION RS/PM
6.B.  MCNOSC WAIVER REQUEST OR PLAN OF ACTION AND MILESTONES FORM:
6.B.1.  SYSTEM NAME
6.B.2.  WAIVER CATEGORY AND REQUIRED INFORMATION AS OUTLINED IN REF D, PARA 7 AND 9
6.B.3.  EXPLANATION OF TECHNICAL OR ADMINISTRATIVE ISSUES
6.B.4.  OPERATIONAL IMPACT ASSESSMENT IF THE ASSET IS DISCONNECTED FROM THE NETWORK
6.B.5.  DESCRIPTION OF ANY RISK MITIGATION CONTROLS IN PLACE
6.C.  THE MCNOSC PKI TEAM WILL REVIEW WAIVER PACKAGES AND PROVIDE RECOMMENDATION TO HQMC C4 CYBERSECURITY (CY).
6.D.  HQMC C4 CY WILL REVIEW PACKAGES AND PROVIDE WRITTEN DECISION ON THE WAIVER REQUEST.  FINALIZED PACKAGES WILL BE UPLOADED BY THE RS/PM INTO DIPTR-DON DOC TAB AS PART OF THE DON ENTERPRISE ARCHITECTURE (EA) REVIEW.
6.E.  APPROVED WAIVERS WILL BE GRANTED FOR UP TO ONE YEAR ONLY UPON APPROVAL BY THE USMC DESIGNATED APPROCING AUTHORITY (DAA).  AFTER THE INITIAL WAIVER, A ONE-YEAR RENEWAL MAY BE GRANTED.
7.  REPORTING.  ALL REPORTING WILL BE COMPLETED IAW MCNOSC PUBLISHED OPDIR VIA OPERATIONAL DIRECTIVE REPORTING SYSTEM (OPDRS) WITH THE FOLLOWING MINIMUM REQUIREMENTS:
7.A.  ALL COMMANDS WILL SUBMIT UPDATES BI-MONTHLY.
7.B.  REPORTING DATA ELEMENTS WILL CONTAIN NUMBER OF TOKENS TO ISSUE; NUMBER OF TOKENS ISSUED; NUMBER OF ACCOUNTS CLO ENABLED; NUMBER OF ACCOUNTS CLO ENFORCED.
8.  THIS IS A COORDINATED MARADMIN BETWEEN HQMC C4 CY AND MARFORCYBER.
9.  THIS MARADMIN IS DIRECTED BY MR. R. A. LETTEER, CHIEF, CYBERSECURITY DIVISION.
10.  RELEASE AUTHORIZED BY BGEN K. J. NALLY, DIRECTOR, COMMAND, CONTROL, COMMUNICATIONS, AND COMPUTERS (C4) DEPARTMENT.//