R 011551Z JUL 15
MARADMIN 317/15
SUBJ/IMMEDIATE IMPLEMENTATION AND REPORTING OF DOD PUBLIC KEY INFRASTRUCTURE (PKI) SYSTEM ADMINISTRATOR AND PRIVILEGED USER AUTHENTICATION//
MSGID/GENADMIN/CMC WASHINGTON DC C4//
REF/A/MSGID: DOC/ DODI 8520.03/13MAY2011//
NARR/REF A IS DODI 8520.03 IDENTITY AUTHENTICATION FOR INFORMATION SYSTEMS.//
POC/DR. R. A. LETTEER/GS15/UNIT: HQMC C4 CYBERSECURITY/WASHINGTON DC/TEL: 703-693-3490/EMAIL: RAY.LETTEER(AT)USMC.MIL//
POC/D. L. YAROSLASKI/COL/UNIT: MARFORCYBER G3/FORT MEADE MD/TEL: 240-373-6901/DLYAROS(AT)NSA.GOV//
POC/VALORIE J. AGUILAR/GS13/UNIT: HQMC C4 CYBERSECURITY/WASHINGTON DC/TEL: 571-256-8877/EMAIL: VALORIE.J.AGUILAR (AT)USMC.MIL//
GENTEXT/REMARKS/1. THIS COORDINATED HQMC C4/MARFORCYBER MARADMIN WHICH ADDRESSES THE IMMEDIATE IMPLEMENTATION AND REPORTING OF DOD PUBLIC KEY INFRASTRUCTURE (PKI) SYSTEM ADMINISTRATOR AND PRIVILEGED USER AUTHENTICATION. THIS IS A MANDATORY REQUIREMENT.
2. BACKGROUND. TO ADDRESS CORE VULNERABILITIES EXPLOITED IN RECENT CYBER INCIDENTS HQMC C4 IN CONJUNCTION WITH MARFORCYBER IS DIRECTING THE ACCELERATION OF ONE OF THE ACTIONS IN THE DOD CYBERSECURITY CAMPAIGN FOR ALL MARINE CORPS INFORMATION SYSTEMS INCLUDING ALL PROGRAMS, SPECIAL ACCESS PROGRAMS, STRATEGIC, TACTICAL, AND RESEARCH, DEVELOPMENT, TRAINING & EVALUATION SYSTEMS.
3. POLICY. ALL SYSTEM ADMINISTRATOR AND PRIVILEGED USER ACCOUNTS ON MARINE CORPS SYSTEMS, NETWORKS, AND ENCLAVES MUST BE CHANGED TO USE DOD PKI CREDENTIALS OR SMART CARDS FOR AUTHENTICATION.
4. REQUIREMENT. MARFORCYBER WILL ENSURE THE FOLLOWING TASKS ARE ACCOMPLISHED WITHIN THE TIMELINES NOTED:
4.A. BY 8 JULY, CHANGE ALL OPERATING SYSTEM/ROOT DOMAIN LEVEL INDIVIDUAL USER SYSTEM ADMINISTRATOR PASSWORDS THAT ARE NOT ALREADY PK-ENABLED.
4.B. BY 15 JULY, CHANGE THE PASSWORD OF EVERY INDIVIDUAL SYSTEM ADMINISTRATOR AND PRIVILEGED USER NOT ALREADY PK-ENABLED FOR EVERY DOD COMPUTER, SYSTEM, APPLICATIONS SOFTWARE, NETWORK DEVICE, AND ALL OTHER FORMS OF INFORMATION TECHNOLOGY.
4.C. BY 15 JULY, CONDUCT IN-PERSON VALIDATION WITH ALL SYSTEM ADMINISTRATORS AND PRIVILEGED USERS ACCOUNTS AND ENSURE THE ACCOUNTS ARE ASSOCIATED WITH A PERSON REQUIRING SUCH PRIVILEGE PERMISSIONS. DELETE ALL ACCOUNTS THAT ARE NOT VALIDATED.
4.D. BY 31 AUGUST, ENSURE MULTI-FACTOR AUTHENTICATION IS ENABLED FOR SYSTEM ADMINISTRATORS AND PRIVILEGED USERS ON SYSTEMS THAT CAN REMOTELY ACCESS OTHER DEVICES. WORK WITH HQMC C4 TO DETERMINE ENDURING PLAN FOR SYSTEMS IN WHICH MULTI-FACTOR AUTHENTICATION IS NOT EMBEDDED. BE PREPARED TO ENFORCE PASSWORD RESET OF CREDENTIALS FOR PRIVILEGED USERS AND SYSTEM ADMINISTRATORS THAT CAN ACCESS A DEVICE LOCALLY.
5. REPORTING WILL BE DONE THROUGH DOD CYBERSCOPE. ALL OF THE G/S-6S AND THE ISSM/CSMS MUST OBTAIN DOD CYBERSCOPE ACCOUNTS. IT IS INCUMBENT ON ALL MARINE CORPS ORGANIZATIONS TO UNDERSTAND THAT THIS IS A MANDATORY REQUIREMENT AND MUST COMPLY WITHIN THE TIMELINES AS STATED ABOVE. FOR INFORMATION ON OBTAINING A CYBERSCOPE ACCOUNT CONTACT VALORIE AGUILAR AT 571-256-8877 OR EMAIL VALORIE. J.AGUILAR(AT)USMC.MIL.
6. RELEASE AUTHORIZED BY BGEN K. J. NALLY, DIRECTOR, COMMAND, CONTROL, COMMUNICATIONS, AND COMPUTERS (C4) DEPARTMENT.//