LOSS OF AMRDEC SAFE:
2 NAVADMINs are known that
refer back to this one:
R 211659Z NOV 18
FM CNO WASHINGTON DC
INFO CNO WASHINGTON DC
PASS TO OFFICE CODES:
CNO WASHINGTON DC//N2N6//
MSGID/GENADMIN/CNO WASHINGTON DC/N2N6/NOV//
SUBJ/LOSS OF AMRDEC SAFE//
POC/AUGELLI/CAPT/OPNAV N2N6G/E-MAIL: firstname.lastname@example.org//
RMKS/1. The Armys Aviation and Missile Research Development and Engineering
Center Safe Access File Exchange (AMRDEC SAFE) is a secure file transfer
website that was routinely used across all of DoD to transfer large data
files to include Personally Identifiable Information (PII) and Protected
Health Information (PHI) and For Official Use Only (FOUO) information. The
Army has shut down this website for security reasons which impacts numerous
Navy users, especially the medical and legal communities. There currently is
no other existing enterprise solution to facilitate large PII file transfers.
N2N6 has coordinated with BUMED, JAG, and OGC to understand impact and
2. The Defense Information Systems Agency is working on a long-term solution.
Further guidance will follow.
3. For the near term, smaller files containing PII, PHI, and FOUO material
can be encrypted and sent via email. For larger files, burning the data to
disk and using registered mail is the only solution that meets PII/PHI
criteria. NMCI users may enable optical disk burning capability by ordering
the appropriate contract line item numbers (unencrypted: 6023AK_0168 and
6023AK_0165 and 6023BS_0165). The unencrypted option requires a NAVNETWARCOM
waiver. All efforts shall be made to prioritize orders for rapid
implementation. NMCI users whose workstations lack a burner should contact
their NMCI contractor or information technology point of contact.
4. Interim solutions for unclassified, non-PII/PHI file exchange are listed
below. FOUO data must be encrypted with at least AES-256 encryption.
Encryption can be accomplished using an option within WinZip; passwords must
be at least 16 characters of appropriate complexity and sent separately to
the intended recipient. Details noted below are file size limitation, public
(PKI) capability, and non-DoD/interagency access. Note: these tools have not
been engineered for high traffic across the DoD enterprise and performance
reliability cannot be guaranteed.
a. Army Research Laboratory Safe Access File Exchange (ARL SAFE)
(https://safe.arl.army.mil/). Size: 2 GB; PKI: yes; interagency: yes
b. Intelink SharePoint Assured File Exchange
Size: 250 MB; PKI: yes; interagency: yes
c. iNavy Portal https://portal.navy.deps.mil. Size: 250 MB; PKI: yes;
5. Chief Information Officers and security managers are responsible to
ensure all practices comply with regulations governing PII/PHI and other
content. Commercial IT service alternatives are not authorized.
6. Released by VADM Matthew J. Kohler, Deputy Chief of Naval Operations for
Information Warfare, OPNAV N2N6.