091429z JUN 08
MSGID/GENADMIN/CMC WASHINGTON DC C4//
SUBJ/ MCBUL 5200. MARINE CORPS DIGITAL SIGNATURE AND ENCRYPTION
/POLICY//
REF/A/MSGID:DODI 8520.2/1APR2004/-//
REF/B/DESC:JTF-GNO 07-015 REVISION 1/7APR2008 NOTAL/-//
REF/C/MSGID:GENADMIN/CMC WASHINGTON DC/041820ZMAY2005//
REF/D/MSGID:GENADMIN/C4 HQMC/171415ZMAY2004//
REF/E/MSGID:DOC/5 USC 552A/-//
NARR/REF A IS DEPARTMENT OF DEFENSE (DOD) INSTRUCTION FOR PUBLIC KEY
INFRASTRUCTURE (PKI) AND PUBLIC KEY ENABLING (PKE). REF B IS A
JOINT TASK FORCE-GLOBAL NETWORK OPERATIONS (JTF-GNO) COMMUNICATIONS
TASKING ORDER (CTO) WHICH IMPLEMENTS THE SECOND PHASE (JTF-GNO CTO
06-02 BEING THE FIRST PHASE) FOR DOD PKI IMPLEMENTATION ACROSS THE
DOD. REF C IS MARADMIN 209/05 WHICH REINFORCED DIGITAL SIGNATURE
AND ENCRYPTION POLICY OF REF D. REF D PROVIDED SPECIFIC POLICY FOR
IMPLEMENTATION OF DIGITAL SIGNATURES AND ENCRYPTION USING DOD
AUTHORIZED PKI CERTIFICATES. REF E IS THE PRIVACY ACT OF 1974.//
POC/JOSEPH S. UCHYTIL/MAJ/UNIT:HQMC C4 IA/-/TEL:223-3490
/EMAIL:JOSEPH.UCHYTIL@USMC.MIL//
GENTEXT/REMARKS/1. PURPOSE. THIS BULLETIN IMPLEMENTS DIGITAL
SIGNATURE AND ENCRYPTION POLICY FOR THE MARINE CORPS ENTERPRISE
NETWORK (MCEN).
2. CANCELLATION. THIS MESSAGE SUPERSEDES AND CANCELS REF D.
3. BACKGROUND. RECENT ANALYSIS OF CURRENT THREATS TO DOD NETWORK
INFRASTRUCTURE HAS HIGHLIGHTED THE NEED TO IMPLEMENT DOD PKI ACROSS
THE GLOBAL INFORMATION GRID TO INCREASE NETWORK SECURITY. SOCIALLY
ENGINEERED EMAILS (PHISHING ATTACKS) CONTINUE TO BE A POTENTIAL
ATTACK VECTOR FOR COMPROMISING SENSITIVE INFORMATION ACROSS THE
DEPARTMENT OF DEFENSE. USE OF PKI TO DIGITALLY SIGN EMAIL INCREASES
OUR CONFIDENCE THAT EMAILS WITH ATTACHED FILES OR EMBEDDED WEB LINKS
ARE TRULY FROM LEGITIMATE PERSONNEL ASSOCIATED WITH THE DOD. PUBLIC
KEY CRYPTOGRAPHY USED IN DIGITAL SIGNATURES AND ENCRYPTION HAS BEEN
PROVEN TO PROVIDE A MEANS FOR STRONG USER AUTHENTICATION AND
NON-REPUDIATION, AND FOR MAINTAINING DATA INTEGRITY AND DATA
CONFIDENTIALITY. THE PRIMARY METHOD OF PROVIDING DIGITAL SIGNATURES
AND ENCRYPTION IS THROUGH THE USE OF PKI CERTIFICATES STORED ON THE
COMMON ACCESS CARD (CAC). IN REF B, THE JTF-GNO RECOGNIZES THESE
BENEFITS AND DIRECTS THE ACCOMPLISHMENT OF SPECIFIC TASKS TO
ACCELERATE PKI USAGE THROUGHOUT THE DOD AND FACILITATE THE
ACHIEVEMENT OF DOD INFORMATION ASSURANCE GOALS (DATA AVAILABILITY,
DATA INTEGRITY, AUTHENTICATION, DATA CONFIDENTIALITY, AND
NON-REPUDIATION).
4. ACTION. THIS POLICY APPLIES TO THE UNCLASSIFIED MARINE CORPS
ENTERPRISE NETWORK (MCEN).
A. ALL PERSONNEL WILL USE DOD AUTHORIZED PKI CERTIFICATES TO
DIGITALLY SIGN EMAIL MESSAGES IF THEY MEET ANY OF THE FOLLOWING
CRITERIA:
(1) EMAIL MESSAGES CONTAINING EMBEDDED HYPERLINKS (AS DEFINED IN
REF B) AND/OR ATTACHMENTS.
(2) EMAIL MESSAGES INVOLVING FINANCIAL TRANSACTIONS THAT COMMIT
TO, AUTHORIZE, OR DENY THE USE OF FUNDS IN SOME MANNER.
B. ALL PERSONNEL WILL USE DOD AUTHORIZED PKI CERTIFICATES TO
ENCRYPT EMAIL MESSAGES IF THEY CONTAIN ANY THE FOLLOWING:
(1) INFORMATION THAT IS CATEGORIZED AS FOR OFFICIAL USE ONLY
(FOUO) OR SENSITIVE BUT UNCLASSIFIED (SBU).
(2) ANY CONTRACT SENSITIVE INFORMATION THAT NORMALLY WOULD NOT
BE DISCLOSED TO ANYONE OTHER THAN THE INTENDED RECIPIENT.
(3) ANY PRIVACY DATA, PERSONALLY IDENTIFIABLE INFORMATION,
INFORMATION THAT IS INTENDED FOR INCLUSION IN AN EMPLOYEE'S
PERSONNEL FILE OR ANY INFORMATION THAT WOULD FALL UNDER THE TENETS
OF REF E.
(4) ANY MEDICAL OR HEALTH DATA, TO INCLUDE MEDICAL STATUS OR
DIAGNOSIS CONCERNING ANOTHER INDIVIDUAL.
(5) ANY OPERATIONAL DATA REGARDING STATUS, READINESS, LOCATION,
OR DEPLOYMENT OF FORCES OR EQUIPMENT.
C. MESSAGES OF A PERSONAL OR NON-SENSITIVE NATURE, THAT DO NOT
MEET ANY OF THE CRITERIA IN PARAGRAPHS 4.A. OR 4.B., ARE NOT
REQUIRED TO BE SIGNED AND/OR ENCRYPTED. SIGNING OR ENCRYPTING OF
EMAIL MESSAGES INCREASES THE SIZE OF THE MESSAGE, THEREBY CAUSING AN
INCREASED BANDWIDTH REQUIREMENT ON STRAINED INFORMATION TECHNOLOGY
RESOURCES.
D. EMAIL RECEIVED WITHOUT A DIGITAL SIGNATURE SHOULD BE HIGHLY
SCRUTINIZED AND VERIFIED FOR VALIDITY PRIOR TO OPENING. CONTINUED
RECEIPT OF UNSIGNED EMAIL FROM THE SAME ACCOUNT, THAT MEETS THE
REQUIREMENT FOR DIGITAL SIGNATURE, SHOULD BE BROUGHT TO THE
ATTENTION OF YOUR SYSTEM ADMINISTRATOR OR COMMAND INFORMATION
ASSURANCE PERSONNEL.
E. AUTOMATED EMAIL IMPLEMENTATIONS SUCH AS LIST SERVERS AND
NOTIFICATION SYSTEMS THROUGH WHICH CURRENT
CONFIGURATION/ARCHITECTURE DOES NOT ALLOW FOR IMMEDIATE
IMPLEMENTATION OF DIGITAL SIGNATURES WILL REMAIN AUTHORIZED;
HOWEVER, A PLAN FOR THE MIGRATION OF THESE AUTOMATED INFORMATION
SYSTEMS TO ALLOW FOR DIGITAL SIGNATURES SHOULD BE ACCOMPLISHED IN
ORDER TO MEET POSSIBLE FUTURE REQUIREMENTS.
F. ACTIVE DIRECTORY GROUP POLICY WILL NOT BE USED TO AUTOMATE
ENFORCEMENT FOR DIGITALLY SIGNING EMAIL IN ACCORDANCE WITH REF B.
CURRENT DESKTOP SOFTWARE IS CONFIGURED TO AUTOMATICALLY DIGITALLY
SIGN ALL EMAIL. THIS CONFIGURATION DOES NOT PROHIBIT THE USER FROM
SENDING UNSIGNED EMAIL ON A PER EMAIL BASIS IN ACCORDANCE WITH REF
B.
5. COMMANDS WILL ENSURE THE IMPLEMENTATION OF THIS POLICY WITHOUT
DELAY AND DISSEMINATE THROUGH THE WIDEST MEANS, INCLUDING POSTING ON
ORGANIZATIONAL BULLETIN BOARDS.
6. POLICY QUESTIONS CAN BE DIRECTED TO THE HQMC C4 IA POC LISTED
ABOVE. TECHNICAL INQUIRIES SHOULD BE DIRECTED TO THE MARINE CORPS
NETWORK OPERATIONS AND SECURITY CENTER (MCNOSC) OPERATIONS CENTER AT
DSN 278-5300, COMM 703-784-5300, OR UNCLAS E-MAIL:
COMMANDCENTER@MCNOSC.USMC.MIL.
7. RESERVE APPLICABILITY. THIS BULLETIN IS APPLICABLE TO THE
MARINE CORPS TOTAL FORCE AND CONTRACTORS IN SUPPORT OF THE MARINE
CORPS.
8. CANCELLATION CONTINGENCY. THIS BULLETIN, UNLESS SUPERSEDED, IS
CANCELLED 30 APRIL 2009.
9. RELEASE AUTHORIZED BY BGEN G. J. ALLEN, DIRECTOR, COMMAND,
CONTROL, COMMUNICATIONS, AND COMPUTERS.//