MARADMINS : 718/12
R 141921Z DEC 12
UNCLASSIFIED/
MARADMIN 718/12
MSGID/GENADMIN,USMTF,2007/CMC WASHINGTON DC C4(UC)/F002//
SUBJ/USMC SECRET INTERNET PROTOCOL ROUTER NETWORK USER BASED ENFORCEMENT CRYPTOGRAPHIC LOGON EXCEPTION MANAGEMENT ADMINISTRATION//
REF/A/MSGID:MSG/CMC/151650ZOCT12//
REF/B/MSGID:MSG/MARFORCYBERCOM/062324ZNOV12//
NARR/REF A IS THE MARINE CORPS MARADMIN 591/12, DOD SECRET INTERNET PROTOCOL ROUTER NETWORK (SIPRNET) PUBLIC KEY INFRASTRUCTURE (PKI), CRYPTOGRAPHIC LOGON (CLO), AND PUBLIC KEY ENABLEMENT (PKE) OF SIPRNET APPLICATIONS AND WEB SERVERS. REF B IS MARFORCYBERCOM TASKORD G3-12-003 SIPRNET PUBLIC KEY INFRASTRUCTURE (PKI) TOKEN ISSUANCE AND ENABLEMENT.//
POC/CHRISTINE HESEMANN/CIV/UNIT:HQMC C4 CY/NAME:WASHINGTON DC /TEL:703-693-3490/EMAIL:CHRISTINE.HESEMANN(AT)USMC.MIL//
POC/MFCC COC WATCH OFFICER/-/-/-/TEL:443-654-6368 /EMAIL:MARFORCYBER(UNDERSCORE)COC(AT)NSA.GOV//
GENTEXT/REMARKS/1. PURPOSE. PROVIDE MARINE CORPS POLICY FOR THE CLO ENFORCEMENT OF THE SIPRNET, GARRISON AND TACTICAL, IN ORDER TO ELIMINATE USER ANONYMITY WHILE REMAINING OPERATIONAL. THIS POLICY PROVIDES ELIGIBILITY AND MANAGEMENT OF UBE CLO EXCEPTIONS UNDER THE DIRECTION OF THE COMMAND INFORMATION ASSURANCE MANAGER (IAM).
2. POLICY. ALL MARINE CORPS COMMANDS AND UNITS WILL COMPLY WITH THE UBE OF CLO TO SIPRNET ACCOUNTS IAW REF A. SIPRNET USER ACCOUNTS THAT OPERATIONALLY ARE INCAPABLE OF BEING UBE MUST FALL INTO AN ELIGIBLE CATEGORY BEFORE A UBE CLO EXEMPTION CAN BE MADE. THE FOLLOWING UBE CLO EXEMPTIONS ARE AUTHORIZED:
2.A. NEW SIPRNET ACCOUNT. SIPRNET END USERS MAY BE EXEMPT FROM UBE CLO FOR UP TO 21 DAYS FROM THE FINAL APPROVAL DATE AS DOCUMENTED ON THE SAAR.
2.B. SIPRNET GROUP OR ROLE ACCOUNTS. SIPRNET ACCOUNTS WHICH ARE GROUP OR ROLE BASED (E.G., WATCHSTANDER ACCOUNT) ARE EXEMPT FROM UBE CLO UNTIL SUCH TIME AS THIS CAPABILITY IS AVAILABLE AND THE MCNOSC RELEASES AN OPDIR DIRECTING TOKEN ISSUANCE TO THESE ACCOUNTS. ONCE THE CAPABILITY IS AVAILABLE, THIS UBE EXEMPTION WILL NO LONGER BE AUTHORIZED/VALID. OWNERS OF THESE ACCOUNTS SHALL BE ISSUED TOKENS AND BE CLO ENFORCED.
2.C. SIPRNET ACCOUNT USERS OF PKE WAIVERED APPLICATIONS. USERS OF APPLICATIONS EMPLOYING WINDOWS INTEGRATED AUTHENTICATION AND HAVING A DESIGNATED ACCREDITING AUTHORITY (DAA) APPROVED PKE WAIVER ARE UBE CLO EXEMPT UNTIL WAIVER EXPIRATION OR APPLICATION ENABLEMENT. A LIST OF WAIVERED APPLICATIONS IS POSTED AT HTTPS: (SLASH SLASH) C4.HQI.USMC.MIL/IA.ASP. REF A OUTLINES THE MARINE CORPS SIPRNET WAIVER PROCESS.
2.D. SIPRNET ACCOUNT USERS MAY BE ALLOWED A ONE-DAY UBE CLO EXEMPTION WHEN THE TOKEN IS PHYSICALLY NOT AVAILABLE AS CONFIRMED AND APPROVED BY THE COMMAND IAM. USERS WILL NOT BE ABLE TO DIGITALLY SIGN OR ENCRYPT EMAIL, READ ENCRYPTED EMAIL OR ACCESS PK ENABLED WEBSITES OR APPLICATIONS.
2.E. WAIVER REQUESTS FOR ADDITIONAL USER POPULATIONS MAY BE REQUESTED BY COMMAND G6 OR IAM TO THE USMC DAA ON LETTERHEAD. REQUESTS WILL BE UNCLASSIFIED, LIST THE OPERATIONAL REASON FOR THE REQUEST AND THE USER(S) TO WHICH THE WAIVER WILL APPLY. SUBMIT REQUESTS TO THE DAA VIA EMAIL, ADDRESSED TO HQMC_C4CY_IDMGT(AT)USMC.MIL.
3. PROCESS. THE RESPONSIBILITY FOR ADMINISTERING THE UBE CLO EXEMPTION PROCESS AND DOCUMENTATION RESIDES WITH THE COMMAND IAM. COMMAND IAM WILL VALIDATE AND APPROVE UBE CLO EXEMPTION REQUESTS AND MAINTAIN A LIST OF UBE CLO EXEMPT USERS WITH EXEMPTION JUSTIFICATION. THE IAM IS ALSO RESPONSIBLE FOR THE SYSTEMATIC REVIEW OF ACCOUNTS AND ENFORCEMENT AS EXEMPTIONS EXPIRE.
4. THIS IS A COORDINATED MARADMIN BETWEEN HQMC C4 CY AND MARFORCYBERCOM.
5. THIS MARADMIN IS DIRECTED BY MR. RAY A. LETTEER, CHIEF, CYBERSECURITY DIVISION.
6. RELEASE AUTHORIZED BY BGEN KEVIN J. NALLY, DIRECTOR, COMMAND, CONTROL, COMMUNICATIONS, AND COMPUTERS (C4) DEPARTMENT.//