NAVY POLICY FOR NIPRNET CONNECTIONS TO DISN:
RAAUZYUW RUENAAA6578 1641947-UUUU--RUCRNAD RHMFIUU.
ZNR UUUUU ZUI RUEOMCF2681 1642019
R 131947Z JUN 06
FM CNO WASHINGTON DC//N6//
TO NAVADMIN
INFO RHMFIUU/CNO WASHINGTON DC//N6//
RUENAAA/CNO WASHINGTON DC//N6//
BT
UNCLAS
NAVADMIN 175/06
MSGID/GENADMIN/CNO WASH DC N6/JUN//
SUBJ/NAVY POLICY FOR NIPRNET CONNECTIONS TO DISN//
REF/A/ORDER/JTF GNO/07FEB2005//
REF/B/DOC/CNO/31OCT2002//
REF/C/DOC/CJCSI/15JUN2004//
REF/D/ALCOM/CNO/221700ZAUG2005//
REF/E/DOC/CJCS/31JUL2003//
REF/F/DOC/DOD 5200.40/30DEC1997//
REF/G/DOC/DOD/06FEB2003//
REF/H/DOC/OPNAVNOTE 5230/02AUG2003//
REF/I/GENADMIN/CNO WASHINGTON DC ACNOIT/152315ZAPR2005//
REF/J/GENADMIN/CNO WASHINGTON DC/072303ZJUN2005//
REF/K/DOC/NETWORK AND SERVER REGISTRATION AND SERVER APPLICATION
TERMINATION/01MAY2005//
NARR/REF A OPORD 05-01 BASE PLAN AND ANNEX C (OPS). REF B IS THE
NAVY-MARINE CORPS UNCLASSIFIED TRUSTED NETWORK PROTECTION
(UTN-PROTECT) POLICY. REF C IS CJCSI 6510.01D, INFORMATION
ASSURANCE (IA) AND COMPUTER NETWORK DEFENSE (CND). REF D IS ALCOM
072/05 DESCRIBING NAVAL CIRCUIT MANAGEMENT OFFICE AND THE DISN EPP.
REF E IS CJCSI 6211.02B, DISN POLICY RESPONSIBILITIES AND PROCESSES
INSTRUCTION. REF F IS DOD IT SECURITY CERTIFICATION AND
ACCREDITATION PROCESS (DITSCAP). REF G IS DODI 8500.2, IA ASSURANCE
POLICY IMPLEMENTING IA CONTROLS. REF H IS OPNAV NOTICE APPOINTING
NETWARCOM AS NAVY OPERATIONAL DESIGNATED APPROVING AUTHORITY (DAA).
REF I FURTHER DEFINES NETWARCOM OPERATIONAL DAA RESPONSIBILITIES.
REF J IS NAVADMIN 124/05 WHICH DIRECTS THE REGISTRATION OF NAVY
NETWORKS IAW REF K. REF K IS THE NAVY PROCESS DOCUMENT FOR NETWORK
AND SERVER REGISTRATION AND SERVER APPLICATION TERMINATION. (REF K
IS AVAILABLE FOR DOWNLOAD FROM THE DON APPLICATION AND DATABASE
MANAGEMENT SYSTEM (DADMS) WEBSITE (HTTPS:/WWW.DADMS.NAVY.MIL).) //
POC/STEWART WHARTON/CDR/N61/LOC:WASH DC
/EMAIL:NIPRNET stewart.wharton@navy.mil/TEL:(703) 604-7763
/TEL:DSN 332-7763//
RMKS/1. SCOPE. THIS MESSAGE ESTABLISHES NEW POLICY REGARDING
NIPRNET CONNECTION TO THE DISN, EXPANDING THE GUIDANCE SET FORTH
IN REFS A THROUGH K.
2. BACKGROUND. IN FY05, OVER 98% OF CAT 1, 2, 4, AND 7 NETWORK
INTRUSIONS IN NAVY WERE AGAINST LEGACY ENCLAVES OUTSIDE A CENTRALLY
MANAGED FIREWALL. DURING OPERATION CYBER CONDITION ZEBRA (CCZ),
NUMEROUS NIPRNET CONNECTION CIRCUITS THAT WERE INADEQUATELY
PROTECTED OR COMPLETELY OPEN TO INTRUSION WERE IDENTIFIED.
OPERATION CCZ EMPLOYS STANDARD METHODOLOGIES THAT PROTECT THE
NIPRNET CONNECTION CIRCUITS. WHERE OPERATION CCZ HAS BEEN EXECUTED,
ANALYSIS SHOWS NO NEW CAT 1, 2, 4, OR 7 INTRUSIONS. NAVY NETWORK
WARFARE COMMAND (NNWC) HAS THE RESPONSIBILITY TO DEFEND ALL NAVY
NETWORKS AND THE INFORMATION CARRIED ON THEM, AND TO DO SO IN A
COHERENT, COST-EFFECTIVE MANNER. THE BEST COURSE OF ACTION IS TO
CENTRALLY MANAGE THE NAVY'S NETWORK INFORMATION ASSURANCE
INFRASTRUCTURE BY LEVERAGING THE UPGRADED IA SUITES INSTALLED BY THE
OPERATION CCZ ENGINEERING TEAM.
3. POLICY. TO INSTITUTE A DELIBERATE, CONTROLLED PROCESS TO MANAGE
NAVY'S NEWTORK PORTFOLIO (SEE PARA 4), FOLLOWING POLICY IS
ESTABLISHED:
A. ALL NAVY COMMANDS ARE PROHIBITED FROM GOING DIRECTLY TO DISA FOR
DIRECT CONNECTIONS TO THE NIPRNET. NNWC IS THE ONLY NAVY
ORGANIZATION AUTHORIZED TO REQUEST NEW NIPRNET CONNECTIONS FROM DISA
ON BEHALF OF THE NAVY. REQUESTS WILL BE SENT TO NNWC N3 GLOBAL
NETWORK OPERATIONS.(ECHELON II CIO ENDORSEMENT REQUIRED).
B. EXISTING DIRECT NAVY NIPRNET CONNECTIONS WILL BE ELIMINATED BY
EITHER TRANSITIONING THE NETWORK SERVICES TO A DESIGNATED ENTERPRISE
NETWORK (NMCI, ONE-NET, OR ISNS), OR BY REHOMING THE CONNECTIONS SO
THEY ARE PROTECTED BEHIND A NAVY CENTRALLY MANAGED INFORMATION
ASSURANCE (IA) INFRASTRUCTURE (SUCH AS THOSE INSTALLED BY THE CCZ
ENGINEERING TEAM).
C. ALL NAVY NETWORKS SHALL BE REGISTERED AND MAINTAINED CURRENT IN
DEPARTMENT OF NAVY APPLICATION AND DATABASE MANAGEMENT SYSTEM
(DADMS) PER REFS J AND K.
4. ACTION.
A. NNWC. OPNAV DIRLAUTH WITH NNWC IN SUPPORT OF CCZ HAS BEEN AGREED
TO BY CUFFC. WITHIN 90 DAYS,NNWC IS DIRECTED TO ISSUE SPECIFIC
INSTRUCTIONS FOR EXECUTION OF THE POLICY OUTLINED IN THIS MESSAGE.
B. ECHELON II COMMANDS.
(1) IMMEDIATELY IMPLEMENT POLICY IN PARA 3. REQUESTS FOR WAIVERS TO
THIS POLICY WILL BE SUBMITTED TO NNWC N3 GLOBAL NETWORK OPERATIONS
NLT 30 OCTOBER, AND MUST ADDRESS THE OPERATIONAL IMPACT OF
COMPLIANCE, AND SCHEDULE IMPACTS.
(2) ENSURE ALL NIPRNET CONNECTIONS TO THE DISN ARE CERTIFIED AND
ACCREDITED THROUGH NETWARCOM DAA IAW REFS (F) THROUGH (J).
(3) NO LATER THAN 31 DEC 06, ECHELON II COMMANDS, IN COORDINATION
WITH NNWC, MUST ELIMINATE DIRECT NAVY NIPRNET CONNECTIONS BY
TRANSITIONING THEIR NETWORKS TO NMCI, ONE-NET, OR BY REHOMING THEIR
CONNECTIONS BEHIND ONE OF THE CENTRALLY MANAGED INFORMATION
ASSURANCE SUITES DESIGNATED BY NNWC. THIS APPLIES TO ALL EXISTING
NAVY DIRECT NIPRNET CONNECTIONS FOR LEGACY AND RDT&E NAVY NETWORKS.
(4) COMMANDS WITH AUTHORIZED DIRECT NIPRNET CONNECTIONS WILL SUPPORT
THE EFFORTS ANNOUNCED IN REF D TO PERFORM BUDGET BASED TRANSFER OF
FUNDS TO NNWC TO SUPPORT CENTRALLY MANAGING CIRCUIT FUNDS FOR
CONTINUED NETWORK SERVICE TO BE COMPLETED BY 1 OCT 2006.
5. OPNAV N6 WILL:
(1) SUPPORT ONGOING ACTIONS TO IMPLEMENT THE DISN EPP IN NAVY,
INCLUDING IDENTIFICATION OF RESOURCE REQUIREMENTS AND FACILITATING
FY07 ECHELON II AND PM NMCI FUNDING REALIGNMENT TO NNWC AS THE
DESIGNATED CENTRAL BILLPAYER FOR NAVY DISN SERVICES.
(2) ESTABLISH A PROCESS IN COORDINATION WITH NNWC TO CAPTURE
SAVINGS THAT WILL RESULT FROM CONSOLIDATION OF CIRCUITS.
(3) DIRECT DISA VIA NETWARCOM TO DISCONNECT THOSE NAVY NIPRNET
CONNECTIONS THAT HAVE NOT COMPLIED WITH THE ABOVE POLICY BY 31 DEC
2006.
(4) IN COORDINATION WITH NNWC/NCMO, N6 AS RESOURCE SPONSOR WILL
CONDUCT AN AUDIT OF NAVY NIPRNET CONNECTIONS TO ENSURE COMPLIANCE
WITH PARA 4.B(3) ABOVE.
6. RELEASED BY MR. DAVID W. WEDDEL, DEPUTY DIRECTOR (N6B)//
BT
#6578
NNNN