LOSS OF AMRDEC SAFE:

2 NAVADMINs are known that refer back to this one:
NAVADMIN ID Title
NAVADMIN 063/19 UPDATE ON AVAILABLE SECURE ACCESS FILE EXCHANGE SERVICES
NAVADMIN 210/19 DEPARTMENT OF DEFENSE SECURE ACCESS FILE EXCHANGE 
UNCLASSIFIED//

ROUTINE

R 211659Z NOV 18

FM CNO WASHINGTON DC

TO NAVADMIN

INFO CNO WASHINGTON DC

BT
UNCLAS

NAVADMIN 283/18

PASS TO OFFICE CODES:
CNO WASHINGTON DC//N2N6//

MSGID/GENADMIN/CNO WASHINGTON DC/N2N6/NOV//

SUBJ/LOSS OF AMRDEC SAFE//
POC/AUGELLI/CAPT/OPNAV N2N6G/E-MAIL: vincent.a.augelli@navy.mil//

RMKS/1.  The Armys Aviation and Missile Research Development and Engineering 
Center Safe Access File Exchange (AMRDEC SAFE) is a secure file transfer 
website that was routinely used across all of DoD to transfer large data 
files to include Personally Identifiable Information (PII) and Protected 
Health Information (PHI) and For Official Use Only (FOUO) information.  The 
Army has shut down this website for security reasons which impacts numerous 
Navy users, especially the medical and legal communities. There currently is 
no other existing enterprise solution to facilitate large PII file transfers.  
N2N6 has coordinated with BUMED, JAG, and OGC to understand impact and 
provide alternatives.

2. The Defense Information Systems Agency is working on a long-term solution. 
Further guidance will follow.

3. For the near term, smaller files containing PII, PHI, and FOUO material 
can be encrypted and sent via email.  For larger files, burning the data to 
disk and using registered mail is the only solution that meets PII/PHI 
criteria.  NMCI users may enable optical disk burning capability by ordering 
the appropriate contract line item numbers (unencrypted: 6023AK_0168 and 
6023BS_0168; encrypted:
6023AK_0165 and 6023BS_0165).  The unencrypted option requires a NAVNETWARCOM 
waiver.  All efforts shall be made to prioritize orders for rapid 
implementation.  NMCI users whose workstations lack a burner should contact 
their NMCI contractor or information technology point of contact.

4. Interim solutions for unclassified, non-PII/PHI file exchange are listed 
below.  FOUO data must be encrypted with at least AES-256 encryption. 
Encryption can be accomplished using an option within WinZip; passwords must 
be at least 16 characters of appropriate complexity and sent separately to 
the intended recipient.  Details noted below are file size limitation, public 
key infrastructure
(PKI) capability, and non-DoD/interagency access.  Note: these tools have not 
been engineered for high traffic across the DoD enterprise and performance 
reliability cannot be guaranteed.
    a.  Army Research Laboratory Safe Access File Exchange (ARL SAFE) 
(https://safe.arl.army.mil/). Size: 2 GB; PKI: yes; interagency: yes
    b.  Intelink SharePoint Assured File Exchange 
(https://intelshare.intelink.gov/sites/u-safesource/SitePages/Home.aspx).  
Size: 250 MB; PKI: yes; interagency: yes
    c.  iNavy Portal https://portal.navy.deps.mil. Size: 250 MB; PKI: yes; 
interagency: no.

5.  Chief Information Officers and security managers are responsible to 
ensure all practices comply with regulations governing PII/PHI and other 
content.  Commercial IT service alternatives are not authorized.

6.  Released by VADM Matthew J. Kohler, Deputy Chief of Naval Operations for 
Information Warfare, OPNAV N2N6.

BT
#0001
NNNN
UNCLASSIFIED//