DEPLOYMENT OF DATA AT REST (DAR) ENCRYPTION SOLUTION FOR U.S. NAVY NETWORKS AND ASSETS:
UNCLASSIFIED// ATTENTION INVITED TO ROUTINE R 071633Z DEC 09 FM CNO WASHINGTON DC//N2N6// TO NAVADMIN CNO WASHINGTON DC//N2N6// COMUSFLTFORCOM NORFOLK VA COMUSNAVEUR NAPLES IT COMPACFLT PEARL HARBOR HI USNA ANNAPOLIS MD COMUSNAVCENT BAHRAIN COMNAVRESFORCOM NEW ORLEANS LA COMNAVAIRSYSCOMPATUXENT RIVER MD BUMED WASHINGTON DC NETC PENSACOLA FL COMNAVSEASYSCOM WASHINGTON DC COMNAVSEASYSCOM WASHINGTON DC COMNAVSUPSYSCOM MECHANICSBURG PA DIRSSP WASHINGTON DC CNIC WASHINGTON DC PRESINSURV NORFOLK VA COMNAVLEGSVCCOM WASHINGTON DC NAVPGSCOL MONTEREY CA COMNAVFACENGCOM WASHINGTON DC COMNAVSAFECEN NORFOLK VA BUPERS MILLINGTON TN NAVWARCOL NEWPORT RI ONI WASHINGTON DC COMNAVSPECWARCOM CORONADO CA COMSPAWARSYSCOM SAN DIEGO CA COMNAVDIST WASHINGTON DC NAVHISTCEN WASHINGTON DC COMNAVNETWARCOM NORFOLK VA DON CIO WASHINGTON DC COMOPTEVFOR NORFOLK VA DRPM NMCI ARLINGTON VA INFO CMC WASHINGTON DC//C4// COMMARCORSYSCOM QUANTICO VA COMMARFOREUR COMMARFORLANT COMMARFORPAC COMMARFORPAC COMMARFORRES COMMARFORSOUTH CG MCCDC QUANTICO VA PEO C4I SAN DIEGO CA PEO EIS WASHINGTON DC COMSPAWARSYSCOM SAN DIEGO CA PMW 160 SAN DIEGO CA BT NAVADMIN 344/09// MSGID/GENADMIN/CNO WASHINGTON DC/NOV 09// SUBJ/DEPLOYMENT OF DATA AT REST (DAR) ENCRYPTION SOLUTION FOR U.S. NAVY NETWORKS AND ASSETS// REF/A/DOC/DOD MEMO/03JUL2007// REF/B/MSG/DON CIO WASHINGTON DC/312021ZJAN09// REF/C/MSG/CNO WASHINGTON DC/151831Z APR 09// REF/D/TEST REPORT/SSC PACIFIC/30SEP08// REF/E/DOC/DON CIO MEMO/18SEP09// NARR/REF A IS DEPARTMENT OF DEFENSE (DOD) POLICY MEMO, ENCRYPTION OF SENSITIVE UNCLASSIFIED DATA AT REST (DAR) ON MOBILE COMPUTING DEVICES AND REMOVABLE STORAGE MEDIA USED WITHIN THE DOD. REF B IS DON CIO ENTERPRISE DAR ENCRYPTION SOLUTION GUIDANCE. REF C IS CNO INTERIM GUIDANCE. REF D IS COMPUTER NETWORK DEFENSE - AFLOAT DAR TEST REPORT REF E IS DON CIO WAIVER TO USN TO EMPLOY NMCI DAR ENCRYPTION SOLUTION// POC/EDWIN BERRIOS-ORTIZ/LT/OPNAV N6N1 (NETWORKS)/LOC: ARLINGTON VA/EMAIL: EDWIN.BERRIOSORTIZ (AT) NAVY.MIL/TEL: 703-601-1284// POC/SONYA SMITH/CIV/DON CIO/LOC:ARLINGTON VA/EMAIL: SONYA.R.SMITH1(AT) NAVY.MIL/TEL: 703-604-7059// RMKS/1. THIS IS A COORDINATED DON CIO AND OPNAV N2/N6 MESSAGE AND SUPERSEDES REF C. THIS MESSAGE PROVIDES DAR ENCRYPTION IMPLEMENTATION DIRECTION FOR ASSETS CONNECTED TO UNCLASSIFIED US NAVY ENTERPRISE, LEGACY AND EXCEPTED NETWORKS. THIS INCLUDES DESKTOPS, LAPTOPS AND BLACKBERRIES. 2. BACKGROUND: PER REF A, DEPARTMENT OF DEFENSE POLICY GUIDANCE REQUIRES U.S. NAVY TO ENCRYPT ALL UNCLASSIFIED DATA AT REST THAT HAS NOT BEEN APPROVED FOR PUBLIC RELEASE AND IS STORED ON MOBILE COMPUTING DEVICES AND REMOVABLE STORAGE MEDIA. THIS DATA SHOULD BE TREATED AS SENSITIVE AND ENCRYPTED USING COMMERCIALLY AVAILABLE TECHNOLOGY. 3. THE FOLLOWING DEFINITIONS APPLY: CATEGORY I - NETWORKS/ASSETS THAT WILL ULTIMATELY CONSTITUTE THE NAVY NETWORK ENVIRONMENT (NNE), SPECIFICALLY NMCI, ONE-NET, IT21/ISNS, CANES, AND NGEN, AS WELL AS LEGACY NETWORKS/ASSETS THAT ARE TARGETED TO MIGRATE TO THE EXISTING NMCI/NGEN/ONE-NET ENVIRONMENT BY FY 2011. THIS ALSO INCLUDES SYSTEMS TRANSPORTED BY THE IT21/ISNS/CANES ENVIRONMENT (E.G. SNAPS, NALCOMIS, NAVYCASH, NIAPS, NTCSS, ETC.) CATEGORY II - EXCEPTED NETWORKS/ASSETS THAT ARE OR THAT WILL BE RE-HOMED BEHIND THE NNWC CENTRALLY MANAGED EXCEPTED NETWORK IA/CND SUITES. CATEGORY III - EXCEPTED NETWORKS/ASSETS NOT BEHIND THE NNWC CENTRALLY MANAGED IA/CND SUITES (E.G. DREN, (DOT)EDU, AND GIG-WAIVERED NETWORKS/ASSETS NOT CONNECTED TO DISN INFRASTRUCTURE) 4. ACTION: THE FOLLOWING GUIDELINES ARE PROVIDED FOR NAVY WIDE DAR ENCRYPTION DEPLOYMENT ON CATEGORY I/II/III NETWORKS/ASSETS/ SYSTEMS. EACH WILL EMPLOY EITHER THE DAR ENCRYPTION MANAGEMENT SOLUTION CURRENTLY EMPLOYED ON NMCI OR THE DAR ENCRYPTION SOLUTION ANNOUNCED AND NEGOTIATED IN REF B. NO OTHER DAR ENCRYPTION SOLUTIONS ARE AUTHORIZED FOR EMPLOYMENT ON NAVY NETWORKS. A. CATEGORY I IMPLEMENTATION TO BE RESOURCED BY THE RESPECTIVE PROGRAM MANAGEMENT OFFICE/PEO WITH TECHNICAL ASSISTANCE FROM PMW160. PMW160 WILL ENSURE THE SOLUTION PROVIDER SATISFIES INTEROPERABILITY REQUIREMENTS ACROSS ALL NETWORK ENVIRONMENT DOMAINS. B. CATEGORY II NETWORKS/ASSETS WILL RESOURCE THEIR RESPECTIVE SOLUTION. IMPLEMENTATION WILL BE CONDUCTED BY PMW160 AND NNWC. REQUEST PMW160 ASSIST IN THE DEVELOPMENT OF AN EFFICIENT ARCHITECTURE AND DEPLOYMENT PROCESS TO LEVERAGE EXISTING EXCEPTED NETWORK IA/CND SUITES. DETAILS REGARDING IMPLEMENTATION WILL BE PROVIDED BY NNWC SEPCOR. C. CATEGORY III NETWORKS/ASSETS WILL RESOURCE AND IMPLEMENT THEIR RESPECTIVE SOLUTION. NNWC ODAA MUST APPROVE THE SELECTED SOLUTION PRIOR TO IMPLEMENTATION. 5. OWNING ECHELON II COMMANDS WILL BE RESPONSIBLE FOR REPORTING DAR ENCRYPTION INSTALLATION PROGRESS FOR ALL CATEGORY II AND III ASSETS USING COMPUTER TASKING ORDER (CTO) REPORTING. REPORTING GUIDANCE WILL BE PROVIDED BY NNWC SEPCOR. 6. EVERY NETWORK IMPLEMENTING DAR ENCRYPTION WILL ENSURE THAT 100% OF ALL GOVERNMENT ASSETS WITH PERMANENT OR REMOVABLE MEDIA STORAGE CAPABILITY, WHETHER OPERATED IN A DISCONNECTED OR CONNECTED NETWORK MODE, ARE USING THE DAR ENCRYPTION SOLUTION. ENTERPRISE-WIDE DEPLOYMENT OF THE DAR ENCRYPTION SOLUTION IS CRITICAL TO THE PROTECTION OF PERSONALLY IDENTIFIABLE INFORMATION AND OTHER DON SENSITIVE INFORMATION. 7. REQUEST WIDEST DISSEMINATION OF THIS MESSAGE. 8. RELEASED BY VADM DAVID J. DORSETT, N2/N6.// BT #3137 NNNN