**************** UNCLASSIFIED// ****************
Subject: INTERIM GUIDANCE FOR INTERNET-BASED CAPABILITIES
Originator: COMNAVNETWARCOM VIRGINIA BEACH VA(UC)
DTG: 181714Z Mar 10
Precedence: ROUTINE
DAC: General
To: ASSTSECNAV MRA WASHINGTON DC(UC),
ASSTSECNAV RDA WASHINGTON DC(UC),
BUMED WASHINGTON DC(UC),
BUPERS MILLINGTON TN(UC),
CNIC WASHINGTON DC(UC),
CNR ARLINGTON VA(UC),
COMFIFTHFLT(UC),
COMFLTCYBERCOM FT GEORGE G MEADE MD,
COMFOURTHFLT(UC),
COMNAVAIRLANT NORFOLK VA,
COMNAVAIRSYSCOM PATUXENT RIVER MD(UC),
COMNAVFACENGCOM WASHINGTON DC(UC),
COMNAVRESFOR NORFOLK VA(UC),
COMNAVSAFECEN NORFOLK VA(UC),
COMNAVSEASYSCOM WASHINGTON DC(UC),
COMNAVSUPSYSCOM MECHANICSBURG PA(UC),
COMNAVSURFLANT NORFOLK VA(UC),
COMOPTEVFOR NORFOLK VA(UC),
COMPACFLT PEARL HARBOR HI,
COMSC WASHINGTON DC(UC),
COMSECONDFLT,
COMSEVENTHFLT,
COMSIXTHFLT(UC),
COMSPAWARSYSCOM SAN DIEGO CA(UC),
COMTENTHFLT,
COMTHIRDFLT,
COMUSFLTFORCOM NORFOLK VA,
COMUSNAVCENT(MC),
COMUSNAVSO(UC),
DIRSSP WASHINGTON DC(UC),
FLDSUPPACT WASHINGTON DC(UC),
NAVCYBERDEFOPSCOM NORFOLK VA(UC),
NAVIOCOM NORFOLK VA(UC),
NAVOBSY WASHINGTON DC(UC),
NAVPGSCOL MONTEREY CA(UC),
NAVWARCOL NEWPORT RI(UC),
NAVY JAG WASHINGTON DC(UC),
NCTAMS LANT NORFOLK VA(UC),
NCTAMS PAC HONOLULU HI(UC),
NETC PENSACOLA FL(UC),
ONI WASHINGTON DC,
PEO C4I SAN DIEGO CA(UC),
PEO CARRIERS WASHINGTON DC(UC),
PEO EIS WASHINGTON DC(UC),
PEO IWS WASHINGTON DC(UC),
PEO LMW WASHINGTON DC(UC),
PEO SHIPS WASHINGTON DC(UC),
PEO SUB WASHINGTON DC(UC),
USNA ANNAPOLIS MD(UC)
Cc: CNO WASHINGTON DC(UC),
COMNAVNETWARCOM VIRGINIA BEACH VA(UC),
DON CIO WASHINGTON DC(UC),
HQBN HQMC ARLINGTON VA(UC)
————————————————–
UNCLASSIFIED//
REQUEST WIDEST DISSEMINATION TO SUBORDINATE COMMANDS AND ACTIVITIES
REF/A/MEMO/DOD DTM 09-062 (NOTAL)
REB/B/DOC/JTF-GNO CTO 10-008
REF/C/MSG/DON CIO/161108Z JUL 05
REF/D/DOD REGULATION 5500.7R
REF/E/DODINST 5400.13
REF/F/DODINST 5230.09
REF/G/DODMAN 5202.02-M
NARR/REF A IS THE DOD GUIDANCE FOR RESPONSIBLE AND EFFECTIVE USE OF INTERNET BASED CAPABILITIES (IBC). REF B IS JTF-GNO COMPUTER TASKING ORDER ON RESPONSIBLE AND EFFECTIVE USE OF IBC. REF C IS DON CIO MESSAGE ON EFFECTIVE USE OF NAVY INFORMATION TECHNOLOGY RESOURCES. REF D IS THE DOD JOINT ETHICS REGULATION. REF E IS THE DOD PUBLIC AFFAIRS (PA) OPERATIONS INSTRUCTION. REF F IS THE DOD CLEARANCE OF DOD INFORMATION FOR PUBLIC RELEASE. REF G IS THE DOD OPERATIONS SECURITY (OPSEC) PROGRAM MANUAL//
POC/ALAN RICKMAN/TEL:757-492-8754/EMAIL:ALAN.RICKMAN@NAVY.MIL//
1. PURPOSE. THIS IS A COORDINATED FLTCYBERCOM-NETWARCOM-NCDOC-NIOC NORFOLK MESSAGE TO PROVIDE INTERIM NAVY GUIDANCE ON RESPONSIBLE AND EFFECTIVE USE OF INTERNET-BASED CAPABILITIES (IBC).
2. BACKGROUND. REF A STATES THE NIPRNET SHALL BE CONFIGURED TO PROVIDE ACCESS TO IBC ACROSS ALL DOD COMPONENTS AND THAT DOD WILL CONTINUE TO DEFEND INFORMATION AND NETWORKS AGAINST MALICIOUS ACTIVITY AND TO SAFEGUARD MISSIONS. DON-WIDE POLICY IS UNDER DEVELOPMENT AND WILL BE PROVIDED SEPCOR.
3. DISCUSSION. WHETHER IBC ARE USED FOR OFFICIAL OR QUALITY OF LIFE PURPOSES OR ACCESSED FROM GOVERNMENT-PROVIDED OR PERSONAL COMPUTER RESOURCES, INHERENT RISKS OF INTERNET MUST BE UNDERSTOOD TO PROTECT NATIONAL SECURITY INFORMATION (NSI). NEGATIVE EFFECTS OF POOR OPSEC, SOCIAL ENGINEERING, PHISHING, EMBEDDED MALWARE, ELECTRONIC SPILLAGES, ETC ALL CAN BE MINIMIZED BY APPLYING GOOD OPSEC AND IA PRACTICES BY ALL HANDS.
4. INTERIM ACTION.
A. WHILE MISSION SAFEGUARDS ARE BEING ASSESSED AS DIRECTED REF B, ALL DON PROTECTIVE MEASURES (E.G. REF C) WILL REMAIN IN PLACE.
B. WHETHER ACCESSING IBC FROM THEIR PERSONAL COMPUTER AND/OR FROM GOVERNMENT FURNISHED EQUIPMENT, NAVY PERSONNEL ARE RESPONSIBLE FOR ALL DON RELATED CONTENT THEY PUBLISH ON SOCIAL NETWORKING AND OTHER IBC SITES (PERSONAL AND OFFICIAL) AND SHALL RESPONSIBLY ENGAGE IN USE OF AN IBC WHEN POSTING INFORMATION.
C. PERSONNEL SHALL ENSURE POSTING OF INFORMATION IS ACCURATE, APPROPRIATE AND SUPPORTS COMMAND MISSION REQUIREMENTS AND IS IAW REF D THROUGH F. PERSONNEL MUST KEEP IN MIND HOW THE CONTENT OF INFORMATION WILL REFLECT UPON THEMSELVES, THEIR COMMAND AND THEIR SERVICE.
D. COMMAND PAO AND OPSEC OFFICERS SHALL BE DIRECTLY INVOLVED IN ALL DETERMINATIONS REGARDING THE POSTING OF INFORMATION POSTED TO THE INTERNET FOR OFFICIAL BUSINESS PURPOSES TO ENSURE IT IS APPROVED FOR PUBLIC RELEASE.
E. COMMAND OPSEC PROGRAMS SHALL BE REVIEWED TO ENSURE COMPLIANCE WITH REF G. A PROACTIVE COMMAND OPSEC PROGRAM AND REGULAR OPSEC TRAINING FOR COMMAND NETWORK USERS ARE KEY TO SUCCESSFUL USE OF IBC. OPSEC WILL BE CONSIDERED BEFORE POSTING PUBLICLY AVAILABLE INFORMATION, AND OPSEC TRAINING SHOULD BE MADE AVAILABLE TO FAMILY MEMBERS, INCLUDING FAMILY MEMBERS IN ON-SITE TRAINING WHEN PRACTICAL.
F. ALL HANDS ARE REMINDED TO COMPLETE ANNUAL IA AWARENESS TRAINING.
5. ADHERENCE TO THE ABOVE GUIDELINES WILL HELP TO ENSURE THAT THE SAFETY AND SECURITY OF MISSIONS, PERSONNEL AND NETWORKS ARE NOT COMPROMISED. FURTHER DETAIL ON POLICY AND IMPLEMENTING DIRECTIONS FOR BOTH OFFICIAL AND PERSONAL USE OF IBC WILL BE PUBLISHED SEPCOR.//