MARADMIN 496/08
R 041633Z SEP08
FM MOZART
BT
UNCLAS
MSGID/GENADMIN,USMTF,2007/MOZART//
SUBJ/MCBUL 5512. ALTERNATE TOKEN (ALT) ISSUANCE PROCEDURES FOR
/GENERAL OFFICERS, SPOUSES OF ACTIVE DUTY GENERAL OFFICERS, AND
/FAMILY READINESS ADVISORS (KEY VOLUNTEERS OR COORDINATORS).//
REF/A/DESC:APPROVAL OF THE ALTERNATE LOGON TOKEN/ASD (NII)
/YMD:20060814//
REF/B/MSGID:CTO 07 015 REV 1/JTF GNO/YMD:20071211/-//
REF/C/DESC:USMC ALT TOKEN SOP V2 /MCNOSC/YMD:20080401/-/NOTAL//
POC/JOSEPH S. UCHYTIL/MAJ/UNIT:HQMC C4 IA/-
/EMAIL:JOSEPH.UCHYTIL@USMC.MIL/TEL:DSN 224-3490/TEL:COMM 703-693-3490//
NARR/REF A IS THE DEPARTMENT OF DEFENSE CHIEF INFORMATION OFFICER
MEMORANDUM AUTHORIZING THE USE OF THE ALTERNATE TOKEN FOR NON-COMMON
ACCESS CARD (CAC) ELIGIBLE POPULATIONS. REF B IS JOINT TASK
FORCE-GLOBAL NETWORK OPERATIONS (JTF-GNO) COMMUNICATIONS TASKING
ORDER (CTO) 07-015 REVISION 1 SPECIFYING TASKS FOR PUBLIC KEY
INFRASTRUCTURE (PKI) PHASE 2 IMPLEMENTATION. REF C IS MARINE CORPS
NETWORK OPERATIONS AND SECURITY CENTER (MCNOSC) STANDARD OPERATING
PROCEDURES FOR MANAGEMENT OF MARINE CORPS ALTERNATE TOKENS.//
GENTEXT/REMARKS/1. PURPOSE. THIS BULLETIN ESTABLISHES POLICY FOR
ISSUING ALTERNATE (ALT) TOKENS TO RETIRED GENERAL OFFICERS, SPOUSES
OF ACTIVE DUTY GENERAL OFFICERS, AND FAMILY READINESS ADVISORS (KEY
VOLUNTEERS/COORDINATORS) IN ORDER TO PROVIDE A MEANS FOR THESE
POPULATIONS TO SUPPORT THE MARINE CORPS IN A MANNER CONSISTENT WITH
CURRENT DOD NETWORK SECURITY MECHANISMS.
2. BACKGROUND. RECENT ANALYSIS OF CURRENT THREATS TO DOD NETWORK
INFRASTRUCTURE HAS HIGHLIGHTED THE NEED TO IMPLEMENT DOD PKI ACROSS
THE GLOBAL INFORMATION GRID (GIG) TO INCREASE NETWORK SECURITY.
CYBER ATTACKS HAVE FOCUSED ON OBTAINING VALID USER NAMES AND
PASSWORDS FOR USE IN EXPLOITATION OF DOD NETWORKS AND RESOURCES.
THESE EXPLOITS REPRESENT A DIRECT AND GROWING THREAT TO THE MARINE
CORPS ENTERPRISE NETWORK (MCEN). REF B REQUIRES THE USE OF DOD PKI
CERTIFICATES FOR NETWORK IDENTIFICATION AND AUTHENTICATION TO ACCESS
NETWORK RESOURCES IN LIEU OF USERNAMES/PASSWORDS. THE PRIMARY
HARDWARE TOKEN USED FOR THIS PURPOSE IS THE CAC PROVISIONED WITH DOD
PKI CERTIFICATES. HOWEVER, NOT ALL NETWORK USERS ARE AUTHORIZED A
CAC. USERS THAT FALL INTO THIS CATAGORY HAVE ACCOUNTS WHICH ARE
REFERRED TO AS EXCEPTION ACCOUNTS. USE OF AN ALT TOKEN MINIMIZES
THE CONTINUED USE OF USERNAMES AND PASSWORDS, THUS REDUCING THE
NUMBER OF EXCEPTION ACCOUNTS. THE INTENT OF THIS POLICY IS TO
ENHANCE THE SECURITY OF THE MCEN THROUGH STRONG AUTHENTICATION
MECHANISMS.
3. ACTION. THIS POLICY APPLIES TO THE UNCLASSIFIED MCEN.
A. THE ALT TOKEN IS A SMARTCARD WHICH WILL HAVE A USERS DOD PKI
CERTIFICATES LOADED ONTO IT. THE ALT TOKEN WILL BE ISSUED
SPECIFICALLY FOR LOGICAL ACCESS TO THE NIPRNET AND AUTHENTICATION TO
MCEN RESOURCES. IT IS NOT INTENDED TO PROVIDE ANY PHYSICAL SECURITY
ACCESS NOR WILL IT BE CONSIDERED A VALID FORM OF IDENTIFICATION.
ALT TOKENS WILL ONLY BE ISSUED TO INDIVIDUALS WHO CURRENTLY HAVE A
.MIL EMAIL ACCOUNT. THE FOLLOWING POPULATIONS ARE AUTHORIZED AN ALT
TOKEN IN ORDER TO ELIMINATE USERNAME AND PASSWORD LOGON TO THE MCEN
AND FOR AUTHENTICATING TO DOD PUBLIC KEY ENABLED WEBSITES:
(1) RETIRED GENERAL OFFICERS.
(A) IF NOT IN POSSESSION OF A .MIL EMAIL ACCOUNT, CONTACT
HEADQUARTERS MARINE CORPS, COMMAND, CONTROL, COMMUNICATIONS AND
COMPUTERS (C4), NETWORK PLANS AND POLICY DIVISION (CP) AT (703)
784-9970/3488 IN ORDER TO OBTAIN A DEFENSE KNOWLEDGE ONLINE/ARMY
KNOWLEDGE ONLINE (DKO/AKO) .MIL EMAIL ACCOUNT. ONCE AN ACCOUNT IS
CREATED, FOLLOW PROCEDURES BELOW.
(B) IF YOU POSSESS A .MIL EMAIL ACCOUNT, CONTACT MCNOSC REGISTRATION
AUTHORITY OPERATIONS (RA OPS) AT RAOPERATIONS@MCNOSC.USMC.MIL, TEL:
(703) 432-0394 FOR ISSUANCE AND SUPPORT PROCEDURES.
(2) ACTIVE DUTY GENERAL OFFICER SPOUSES. GENERAL OFFICER SPOUSES
THAT HAVE A MCEN EMAIL ACCOUNT WHICH THEY ACCESS VIA
USERNAME/PASSWORD MUST OBTAIN AN ALTERNATE TOKEN FOR NETWORK LOGON
FROM THE LOCAL G6 OR INFORMATION ASSURANCE MANAGER (IAM).
(3) FAMILY READINESS ADVISORS (KEY VOLUNTEER COORDINATORS). FAMILY
READINESS ADVISORS WHO HAVE A MCEN EMAIL ACCOUNT WHICH THEY ACCESS
VIA USERNAME/PASSWORD MUST OBTAIN AN ALTERNATE TOKEN FOR NETWORK
LOGON FROM THE LOCAL G6 OR IAM.
B. G6/IAM WILL FOLLOW ESTABLISHED PROCEDURES FOR ALT TOKEN ISSUANCE
AND ENFORCEMENT IAW REF C.
4. COMMANDERS SHALL ENSURE COMPLIANCE WITH THIS BULLETIN BY 1 DEC
08. ANY ACCOUNT THAT IS NOT IN COMPLIANCE AFTER 1 DEC 08 WILL BE
DISABLED. ACCOUNTS WILL ONLY BE REACTIVATED AFTER ABOVE
REQUIREMENTS HAVE BEEN MET.
5. DIRECT POLICY QUESTIONS TO THE HQMC C4 IA POC LISTED ABOVE.
DIRECT TECHNICAL INQUIRIES TO THE MARINE CORPS NETWORK OPERATIONS
AND SECURITY CENTER (MCNOSC) OPERATIONS CENTER AT DSN 278-5300, COMM
703-784-5300, OR UNCLAS E-MAIL: COMMANDCENTER@MCNOSC.USMC.MIL.
6. RESERVE APPLICABILITY. THIS BULLETIN IS APPLICABLE TO THE
MARINE CORPS TOTAL FORCE.
7. CANCELLATION CONTINGENCY. THIS BULLETIN, UNLESS SUPERSEDED, IS
CANCELLED 30 JUN 2009
8. RELEASE OF THIS BULLETIN IS AUTHORIZED BY BGEN G. J. ALLEN,
DIRECTOR, COMMAND, CONTROL, COMMUNICATION AND COMPUTERS.//