NAVY POLICY FOR NIPRNET CONNECTIONS TO DISN:
RAAUZYUW RUENAAA6578 1641947-UUUU--RUCRNAD RHMFIUU. ZNR UUUUU ZUI RUEOMCF2681 1642019 R 131947Z JUN 06 FM CNO WASHINGTON DC//N6// TO NAVADMIN INFO RHMFIUU/CNO WASHINGTON DC//N6// RUENAAA/CNO WASHINGTON DC//N6// BT UNCLAS NAVADMIN 175/06 MSGID/GENADMIN/CNO WASH DC N6/JUN// SUBJ/NAVY POLICY FOR NIPRNET CONNECTIONS TO DISN// REF/A/ORDER/JTF GNO/07FEB2005// REF/B/DOC/CNO/31OCT2002// REF/C/DOC/CJCSI/15JUN2004// REF/D/ALCOM/CNO/221700ZAUG2005// REF/E/DOC/CJCS/31JUL2003// REF/F/DOC/DOD 5200.40/30DEC1997// REF/G/DOC/DOD/06FEB2003// REF/H/DOC/OPNAVNOTE 5230/02AUG2003// REF/I/GENADMIN/CNO WASHINGTON DC ACNOIT/152315ZAPR2005// REF/J/GENADMIN/CNO WASHINGTON DC/072303ZJUN2005// REF/K/DOC/NETWORK AND SERVER REGISTRATION AND SERVER APPLICATION TERMINATION/01MAY2005// NARR/REF A OPORD 05-01 BASE PLAN AND ANNEX C (OPS). REF B IS THE NAVY-MARINE CORPS UNCLASSIFIED TRUSTED NETWORK PROTECTION (UTN-PROTECT) POLICY. REF C IS CJCSI 6510.01D, INFORMATION ASSURANCE (IA) AND COMPUTER NETWORK DEFENSE (CND). REF D IS ALCOM 072/05 DESCRIBING NAVAL CIRCUIT MANAGEMENT OFFICE AND THE DISN EPP. REF E IS CJCSI 6211.02B, DISN POLICY RESPONSIBILITIES AND PROCESSES INSTRUCTION. REF F IS DOD IT SECURITY CERTIFICATION AND ACCREDITATION PROCESS (DITSCAP). REF G IS DODI 8500.2, IA ASSURANCE POLICY IMPLEMENTING IA CONTROLS. REF H IS OPNAV NOTICE APPOINTING NETWARCOM AS NAVY OPERATIONAL DESIGNATED APPROVING AUTHORITY (DAA). REF I FURTHER DEFINES NETWARCOM OPERATIONAL DAA RESPONSIBILITIES. REF J IS NAVADMIN 124/05 WHICH DIRECTS THE REGISTRATION OF NAVY NETWORKS IAW REF K. REF K IS THE NAVY PROCESS DOCUMENT FOR NETWORK AND SERVER REGISTRATION AND SERVER APPLICATION TERMINATION. (REF K IS AVAILABLE FOR DOWNLOAD FROM THE DON APPLICATION AND DATABASE MANAGEMENT SYSTEM (DADMS) WEBSITE (HTTPS:/WWW.DADMS.NAVY.MIL).) // POC/STEWART WHARTON/CDR/N61/LOC:WASH DC /EMAIL:NIPRNET stewart.wharton@navy.mil/TEL:(703) 604-7763 /TEL:DSN 332-7763// RMKS/1. SCOPE. THIS MESSAGE ESTABLISHES NEW POLICY REGARDING NIPRNET CONNECTION TO THE DISN, EXPANDING THE GUIDANCE SET FORTH IN REFS A THROUGH K. 2. BACKGROUND. IN FY05, OVER 98% OF CAT 1, 2, 4, AND 7 NETWORK INTRUSIONS IN NAVY WERE AGAINST LEGACY ENCLAVES OUTSIDE A CENTRALLY MANAGED FIREWALL. DURING OPERATION CYBER CONDITION ZEBRA (CCZ), NUMEROUS NIPRNET CONNECTION CIRCUITS THAT WERE INADEQUATELY PROTECTED OR COMPLETELY OPEN TO INTRUSION WERE IDENTIFIED. OPERATION CCZ EMPLOYS STANDARD METHODOLOGIES THAT PROTECT THE NIPRNET CONNECTION CIRCUITS. WHERE OPERATION CCZ HAS BEEN EXECUTED, ANALYSIS SHOWS NO NEW CAT 1, 2, 4, OR 7 INTRUSIONS. NAVY NETWORK WARFARE COMMAND (NNWC) HAS THE RESPONSIBILITY TO DEFEND ALL NAVY NETWORKS AND THE INFORMATION CARRIED ON THEM, AND TO DO SO IN A COHERENT, COST-EFFECTIVE MANNER. THE BEST COURSE OF ACTION IS TO CENTRALLY MANAGE THE NAVY'S NETWORK INFORMATION ASSURANCE INFRASTRUCTURE BY LEVERAGING THE UPGRADED IA SUITES INSTALLED BY THE OPERATION CCZ ENGINEERING TEAM. 3. POLICY. TO INSTITUTE A DELIBERATE, CONTROLLED PROCESS TO MANAGE NAVY'S NEWTORK PORTFOLIO (SEE PARA 4), FOLLOWING POLICY IS ESTABLISHED: A. ALL NAVY COMMANDS ARE PROHIBITED FROM GOING DIRECTLY TO DISA FOR DIRECT CONNECTIONS TO THE NIPRNET. NNWC IS THE ONLY NAVY ORGANIZATION AUTHORIZED TO REQUEST NEW NIPRNET CONNECTIONS FROM DISA ON BEHALF OF THE NAVY. REQUESTS WILL BE SENT TO NNWC N3 GLOBAL NETWORK OPERATIONS.(ECHELON II CIO ENDORSEMENT REQUIRED). B. EXISTING DIRECT NAVY NIPRNET CONNECTIONS WILL BE ELIMINATED BY EITHER TRANSITIONING THE NETWORK SERVICES TO A DESIGNATED ENTERPRISE NETWORK (NMCI, ONE-NET, OR ISNS), OR BY REHOMING THE CONNECTIONS SO THEY ARE PROTECTED BEHIND A NAVY CENTRALLY MANAGED INFORMATION ASSURANCE (IA) INFRASTRUCTURE (SUCH AS THOSE INSTALLED BY THE CCZ ENGINEERING TEAM). C. ALL NAVY NETWORKS SHALL BE REGISTERED AND MAINTAINED CURRENT IN DEPARTMENT OF NAVY APPLICATION AND DATABASE MANAGEMENT SYSTEM (DADMS) PER REFS J AND K. 4. ACTION. A. NNWC. OPNAV DIRLAUTH WITH NNWC IN SUPPORT OF CCZ HAS BEEN AGREED TO BY CUFFC. WITHIN 90 DAYS,NNWC IS DIRECTED TO ISSUE SPECIFIC INSTRUCTIONS FOR EXECUTION OF THE POLICY OUTLINED IN THIS MESSAGE. B. ECHELON II COMMANDS. (1) IMMEDIATELY IMPLEMENT POLICY IN PARA 3. REQUESTS FOR WAIVERS TO THIS POLICY WILL BE SUBMITTED TO NNWC N3 GLOBAL NETWORK OPERATIONS NLT 30 OCTOBER, AND MUST ADDRESS THE OPERATIONAL IMPACT OF COMPLIANCE, AND SCHEDULE IMPACTS. (2) ENSURE ALL NIPRNET CONNECTIONS TO THE DISN ARE CERTIFIED AND ACCREDITED THROUGH NETWARCOM DAA IAW REFS (F) THROUGH (J). (3) NO LATER THAN 31 DEC 06, ECHELON II COMMANDS, IN COORDINATION WITH NNWC, MUST ELIMINATE DIRECT NAVY NIPRNET CONNECTIONS BY TRANSITIONING THEIR NETWORKS TO NMCI, ONE-NET, OR BY REHOMING THEIR CONNECTIONS BEHIND ONE OF THE CENTRALLY MANAGED INFORMATION ASSURANCE SUITES DESIGNATED BY NNWC. THIS APPLIES TO ALL EXISTING NAVY DIRECT NIPRNET CONNECTIONS FOR LEGACY AND RDT&E NAVY NETWORKS. (4) COMMANDS WITH AUTHORIZED DIRECT NIPRNET CONNECTIONS WILL SUPPORT THE EFFORTS ANNOUNCED IN REF D TO PERFORM BUDGET BASED TRANSFER OF FUNDS TO NNWC TO SUPPORT CENTRALLY MANAGING CIRCUIT FUNDS FOR CONTINUED NETWORK SERVICE TO BE COMPLETED BY 1 OCT 2006. 5. OPNAV N6 WILL: (1) SUPPORT ONGOING ACTIONS TO IMPLEMENT THE DISN EPP IN NAVY, INCLUDING IDENTIFICATION OF RESOURCE REQUIREMENTS AND FACILITATING FY07 ECHELON II AND PM NMCI FUNDING REALIGNMENT TO NNWC AS THE DESIGNATED CENTRAL BILLPAYER FOR NAVY DISN SERVICES. (2) ESTABLISH A PROCESS IN COORDINATION WITH NNWC TO CAPTURE SAVINGS THAT WILL RESULT FROM CONSOLIDATION OF CIRCUITS. (3) DIRECT DISA VIA NETWARCOM TO DISCONNECT THOSE NAVY NIPRNET CONNECTIONS THAT HAVE NOT COMPLIED WITH THE ABOVE POLICY BY 31 DEC 2006. (4) IN COORDINATION WITH NNWC/NCMO, N6 AS RESOURCE SPONSOR WILL CONDUCT AN AUDIT OF NAVY NIPRNET CONNECTIONS TO ENSURE COMPLIANCE WITH PARA 4.B(3) ABOVE. 6. RELEASED BY MR. DAVID W. WEDDEL, DEPUTY DIRECTOR (N6B)// BT #6578 NNNN