USMC SOCIAL SECURITY NUMBER (SSN) REDUCTION IN USE PLAN, PHASE THREE
Date Signed: 12/21/2012 | MARADMINS Number: 733/12
MARADMINS : 733/12

R 211427Z DEC 12
UNCLASSIFIED/
MARADMIN 733/12
MSGID/GENADMIN,USMTF,2007/CMC WASHINGTON DC C4(UC)/F002//
SUBJ/USMC SOCIAL SECURITY NUMBER (SSN) REDUCTION IN USE PLAN, PHASE THREE//
REF/A/MSGID:DOC/DOD USECDEF/01AUG2012//
REF/B/MSGID:MSG/DON CIO/171625ZFEB2012//
REF/C/MSGID:DOC/CMC/AUG2012//
NARR/REF A IS THE DODI 1000.30 WHICH PROVIDES GUIDANCE ON USES OF THE SSN IN ALL FORMS INCLUDING, BUT NOT LIMITED TO, TRUNCATED, MASKED, PARTIALLY MASKED, ENCRYPTED, OR DISGUISED. REF B PROVIDES POLICY FOR LAWFUL USE OF THE SSN THROUGHOUT THE DEPARTMENT OF NAVY APPLICABLE TO ALL PAPER AND ELECTRONIC DOCUMENT AND FILES AS WELL AS INFORMATION TRANSMITTING METHODS TO INCLUDE EMAILING, FAXING, AND SCANNING. REF C IS THE USMC ENTERPRISE CYBERSECURITY DIRECTIVE (ECSD) 011 ADDRESSING PERSONALLY IDENTIFIABLE INFORMATION (PII) AND PROVIDES SUMMARY AND SPECIFIC GUIDELINES PER PREVIOUS AND CURRENT PHASES OF SSN REDUCTION PLAN WITHIN USMC.//
POC/STEPHANIE CLEARWATER/CIV/UNIT:HQMC C4CY/-/TEL:571-256-8876/EMAIL:STEPHANIE.CLEARWATER(AT)USMC.MIL//
POC/CHRISTINE HESEMANN/CIV/UNIT:HQMC C4CY/-/TEL:703-693-3490/EMAIL:CHRISTINE.HESEMANN(AT)USMC.MIL//
GENTEXT/REMARKS/1. BACKGROUND. IAW REFS A AND B, THIS MARADMIN PROVIDES GUIDANCE FOR PHASE THREE OF SSN REDUCTION PLAN - REDUCTION IN USE OF SSN IN ALL FORMS. REF A IDENTIFIES ACCEPTABLE USES OF THE SSN WITHIN DOD AND MANDATES USES OF ALTERNATIVE IDENTIFIERS TO REPLACE CURRENT USES OF THE DOD SSN. REF B OUTLINES SPECIFIC ACTIONS TO ENSURE DEPARTMENT-WIDE COMPLIANCE WITH REF A. USMC HAS ALREADY IMPLEMENTED PHASE ONE AND TWO OF THE SSN REDUCTION PLAN AND IS IMPLEMENTING PHASE THREE TO COMPLY WITH REF A AND REF B TO FURTHER STRENGTHEN PROTECTION AGAINST POTENTIAL COMPROMISE OF PII OF ALL MARINES, FAMILIES, AND CIVILIAN MARINES. USMC PHASE THREE OF SSN REDUCTION PLAN REQUIRES SENIOR LEADERSHIP ATTENTION AND COOPERATION AS WELL AS INDIVIDUAL ACCOUNTABILITY ACROSS ALL MARINE CORPS COMPONENTS AND PERSONNEL.     
2. ACTION.  USE OF ELECTRONIC DATA INTERCHANGE PERSONAL IDENTIFIER (EDIPI), REFERRED TO AS THE DOD ID NUMBER, IS THE AUTHORIZED SUBSTITUTE FOR THE SSN. THE FOLLOWING GUIDELINES MUST BE STRICTLY ADHERED TO WHEN SUBSTITUTING THE DOD ID NUMBER FOR THE SSN:
2.A.  THE DOD ID NUMBER WILL ONLY BE USED FOR DOD BUSINESS PURPOSES.
2.A.1.  FOR USE IN AUTHENTICATION TRANSACTIONS, AN INDIVIDUAL'S NAME AND/OR DOD ID NUMBER WILL BE TREATED SIMPLY AS AN IDENTIFIER.  SEPARATE AUTHENTICATION FACTORS MUST BE PROVIDED BEYOND THE INDIVIDUAL'S NAME AND/OR DOD ID NUMBER (E.G., PASSWORD, PIN, COMMON ACCESS CARD) IAW USMC AUTHENTICATION POLICIES.
2.A.2.  PRESENCE OF KNOWLEDGE OF AN INDIVIDUAL'S DOD ID NUMBER ALONE SHALL BE CONSIDERED NO MORE SIGNIFICANT THAN PRESENCE OR KNOWLEDGE OF THE INDIVIDUAL'S NAME. IT DOES NOT CONSTITUTE ANY LEVEL OF AUTHORITY TO ACT ON THAT INDIVIDUAL'S BEHAVE.
2.A.3. THE DOD ID NUMBER, DOD BENEFITS NUMBER, OR ANY OTHER INTERNAL NUMBER ASSIGNED BY USMC TO AN INDIVIDUAL - BY ITSELF OR WITH ASSOCIATED NAME - SHALL BE CONSIDERED INTERNAL GOVERNMENT OPERATIONS RELATED PII. LOSS, THEFT, OR OTHERWISE COMPROMISED OF THE DOD ID NUMBER IS LOW RISK WITH REGARD TO POTENTIAL HARM TO AN INDIVIDUAL'S FINANCIAL OR OTHERWISE WELLBEING. NO PII BREACH REPORT SHALL BE INITIATED WITHOUT PRESENCE OF OTHER PII ELEMENTS.
2.A.4. THE DOD ID NUMBER MAY NOT BE SHARED WITH OTHER FEDERAL AGENCIES UNLESS A MEMORANDUM OF UNDERSTANDING (MOU) IS AGREED UPON BY THE DOD COMPONENT AND THE RECIPIENT AGENCY. ALL MOU'S FOR SHARING THE DOD ID NUMBER WILL BE SENT TO CMC C4 CYBERSECURITY FOR APPROVAL AND SUBMISSION TO DON CIO AND DOD.
2.B. MEMORANDA, LETTERS, SPREADSHEETS, HARD COPY LISTS, ELECTRONIC LISTS AND SURVEYS THAT COLLECT, USE, OR MAINTAIN THE SSN MUST MEET ACCEPTABLE USE CRITERIA AND ALL OTHER REQUIRED PRIVACY ACT CONSIDERATIONS. COMMANDS SHALL ENSURE THAT A REVIEW OF THESE COLLECTIONS IS CONDUCTED TO DETERMINE THAT THERE IS AN AUTHORITATIVE BASIS AND REQUIREMENT FOR CONTINUED SSN USE. COMMANDS SHALL CEASE THE COLLECTION AND USE OF THE SSN IMMEDIATELY IF NO AUTHORITY OR LEGAL REQUIREMENT EXISTS.
2.C. EFFECTIVE 01 DEC 12 - A DISCLOSURE OF THE LAST FOUR NUMBERS OF SSN TO INDIVIDUALS WITHOUT AN OFFICIAL NEED-TO-KNOW WILL BE TREATED AS A PII BREACH INCIDENT THAT MAY RESULT IN WRITTEN NOTIFICATIONS TO AFFECTED INDIVIDUALS.
2.C.1. PII MUST BE LIMITED TO ONLY THE MINIMUM ELEMENTS REQUIRED TO FULFILL THE PURPOSE FOR WHICH A ROSTER IS INTENDED AND WILL NEVER INCLUDE USE OF THE SSN IN ANY FORMS.     
2.C.2. THE USE OF FAX MACHINES TO SEND INFORMATION CONTAINING THE SSN AND OTHER PII BY MARINE CORPS PERSONNEL IS PROHIBITED UNLESS ONE OR MORE OF THE FOLLOWING ACCEPTABLE USE CRITERIA IS MET: (1) WHEN ANOTHER MORE SECURE MEANS OF TRANSMITTING PII IS NOT PRACTICAL; (2) WHEN A PROCESS OUTSIDE OF USMC CONTROL REQUIRES FAXING TO ACTIVITIES SUCH AS THE DEFENSE FINANCE AND ACCOUNTING SERVICE (DFAS), TRICARE, DEFENSE MANPOWER DATA CENTER (DMDC), ETC.; (3) IN CASES WHERE OPERATIONAL NECESSITY REQUIRES EXPEDITIOUS HANDLING; (4) WHEN FAXING PII RELATED TO INTERNAL GOVERNMENT OPERATION ONLY, I.E., OFFICE PHONE NUMBER, RANK, JOB TITLE, ETC.  ALTERNATIVES TO THE USE OF FAX MACHINES INCLUDE UNITED STATES POSTAL SERVICE AND SCANNING. SCANNED DOCUMENT WILL BE TRANSMITTED USING A SECURED MEANS SUCH AS ENCRYPTED E-MAILS, SAFE ACCESS FILE EXCHANGE (SAFE), OR ANOTHER APPROVED OR AUTHORIZED METHOD.
2.C.3. THE USE OF NETWORK-ATTACHED MULTI-FUNCTION DEVICES (MFD) AND SCANNERS TO SCAN DOCUMENTS CONTAINING THE SSN AND OTHER PII IS RESTRICTED TO FOLLOWING LIMITATIONS AND PROHIBITIONS. THESE RESTRICTIONS DO NOT APPLY TO A SCANNER/MFD THAT IS DIRECTLY CONNECTED TO THE USER'S WORKSTATION.
2.C.3.A. NETWORK-ATTACHED MFD AND SCANNER "SCAN TO EMAIL" FUNCTIONALITY MAY BE USED ONLY IF THE SENDER CAN VERIFY THAT THE INTENDED RECIPIENTS ARE AUTHORIZED TO ACCESS THE SCANNED FILE, AND THE MFD OR THE SCANNER ENCRYPTS THE EMAIL MESSAGE CONTAINING THE SCANNED FILE.
2.C.3.B. NETWORK-ATTACHED MFD AND SCANNER "SCAN TO FILE" OR "SCAN TO NETWORK SHARE" FUNCTIONALITY MAY BE USED ONLY IF THE SENDER CAN VERITY THAT ALL USERS ARE AUTHORIZED TO HAVE ACCESS TO THE SCANNED FILE OR NETWORK SHARE LOCATION.
3. COMPLIANCE TO THIS MARADMIN IS EFFECTIVE UPON RELEASE. QUESTIONS AND/OR CONCERNS REGARDING COMPLIANCE WITH THIS MESSAGE SHALL BE SENT TO HQMC(UNDERSCORE)CYC4(UNDERSCORE)IDMGT(AT)USMC.MIL. 
4. THIS MARADMIN IS DIRECTED BY MR. R. A. LETTEER, CHIEF, CYBERSECURITY DIVISION.
5. RELEASE AUTHORIZED BY BGEN K. J. NALLY, DIRECTOR OF COMMAND, CONTROL, COMMUNICATIONS AND COMPUTERS.//