Department of Navy Chief Information Officer - Policy: DON Policy For Approving Multifunctional Devices For Use On DON Networks

POLICY & GUIDANCE

Audit Readiness of IT Systems (0)	DIACAP (12)	Information Sharing (48)	Open Source (3)
Awards (35)	DON Enterprise Architecture (49)	IT Asset Management (20)	Performance Measurement (2)
Business Case Analysis (11)	Enterprise Licensing Agreements (12)	IT Efficiencies (119)	Personal Electronic Device (18)
CIO Authorities (57)	Enterprise Services (35)	IT Expenditure Approval Authority (12)	Printing and Imaging (Copiers/MFDs) (17)
Civil Liberties (21)	Enterprise Software Initiative (32)	IT Governance (48)	Privacy (261)
Clinger-Cohen Act Compliance (25)	FISMA (11)	IT Infrastructure (17)	Public Key Infrastructure (19)
Cloud Computing (21)	Forms/Reports (14)	IT Investment Management (77)	Records Management (38)
Common Access Card (9)	Freedom of Information Act (26)	IT Portfolio Management (1)	Section 508 (10)
Cybersecurity (243)	Functional Area Manager (9)	Knowledge Management (34)	Social Media (33)
Cyberspace/IT Workforce (35)	GIG Standards (20)	Naval Enterprise Networks (38)	Spectrum (57)
DADMS/DITPR-DON (42)	Green IT (10)	Naval Networking Environment (12)	Statutory & Regulatory Compliance (11)
Data at Rest (10)	Identity Management (113)	NGEN (18)	Telecommunications (63)
Data Center Consolidation (37)	IM/IT Strategy (44)	NMCI (27)	Wireless (66)
Data Strategy (12)	Information Assurance (63)

DON Policy For Approving Multifunctional Devices For Use On DON Networks

DON CIO Memo - Publish Date: 12/03/13

download PDF

The purpose of this memo is to facilitate the Department of the Navy's Multifunctional Device (MFD) efficiency initiative. The DON requires a process that allows competitive pricing and timely approval of MFDs while maintaining the security of DON networks. The DON must also minimize the administrative level of effort involved in adding an MFD to an accredited environment. This memo provides guidance for connecting MFDs to DON networks.

Subj: DEPARTMENT OF THE NAVY (DON) POLICY FOR APPROVING MULTIFUNCTIONAL DEVICES (MFD) FOR USE ON DON NETWORKS

Ref: (a) DoD Instruction 8500.2, Information Assurance (IA) Implementation, of Feb 6, 2003
(b) DoD Instruction 8510.01, DoD Information Assurance Certification and Accreditation Process (DIACAP), of November 28, 2007
(c) DON CIO Memo, Mandatory Guidance Regarding Management ofDepartment ofthe Navy Copiers, Printers, Fax Machines, Scanners, and Multifunctional Devices, of January 25, 2013
(d) Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG), Multifunction Devices and Network Printers (The current approved version)

The purpose of this memorandum is to facilitate the Department of the Navy's (DON) Multifunctional Device (MFD) efficiency initiative. The DON requires a process that allows competitive pricing and timely approval of MFDs while maintaining the security of DON networks and compliance with references (a) and (b). The DON must also minimize the administrative level of effort involved in adding an MFD to an accredited environment. This memo provides guidance for connecting MFDs purchased in accordance with reference (c) to DON networks.

MFDs can present significant vulnerabilities if not properly configured. Program Management Offices (PMOs) or commands may field MFDs using the system, enclave, or site current certification and accreditation (C&A), provided the following actions are taken:

Configure the devices and the hosting environment in accordance with reference (d) and other applicable hardening guidance to ensure the devices are Information Assurance Vulnerability Management (IAVM) compliant and configured in accordance with Department of Defense IA requirements.
Upload the compliance results in accordance with reference (d) into the appropriate C&A tool under the already accredited system, enclave, or site package. There is no time limit on the Security Technical Implementation Guide (STIG) compliance results; however, the Program must evaluate for impact any new STIG requirements that DISA has published since the original STIG compliance validation. The PMO or command must also close all CAT I findings and close or mitigate all CAT II findings; mitigations must be approved by a fully qualified Validator.
Update the existing C&A package diagrams, system/network hardware/software lists and Ports, Protocols, and Services (PPS).
Create a plan of action and milestones (POA&M) entry in the affected network's authorization documentation to investigate Common Criteria approval. The appropriate Validator-assigned residual risk must be included.

The PMO or command deploying the MFD must ensure the device remains STIG and IAVM compliant throughout its life cycle.

The DON point of contact for this matter is Dan DelGrosso, (703) 695-2900, or dan.delgrosso@navy.mil.

Signed by:
Terry A. Halvorsen
Department of the Navy Chief Information Officer

TAGS: Efficiencies, MFDs

DON CIO Information

Online Services & Community

RSS Feeds

DON CIO FOIA

DON CIO Mobile Website

Website Accessibility

External Links Disclaimer

SECNAV DON CIO • 1000 Navy Pentagon
Washington, DC 20350-1000

This is an official U.S. Navy website (DoD Resource Locator 45376) sponsored by the Department of the Navy Chief Information Officer (DON CIO). The purpose of this website is to facilitate effective information flow about information management/information technology and cybersecurity issues and initiatives occuring within the Department of the Navy.

Please read our Privacy Policy notice.
Please read our Section 508/Accessibility Statement.

Trending

DON Policy For Approving Multifunctional Devices For Use On DON Networks

DON CIO Memo - Publish Date: 12/03/13

TAGS: Efficiencies, MFDs

DON CIO Information

Online Services & Community