Marine Corps Information Assurance Enterprise Directive
- 014 Wireless Local Area Networks (WLANs) V2.0
- 29 pages
- For Official Use Only
- July 6, 2007
1.1 Purpose
Marine Corps Order (MCO) 5239.1 formally establishes the Marine Corps Information Assurance Program (MCIAP) and defines the responsibilities for protecting the Marine Corps information infrastructure as well as delineating Department of Defense (DoD) directives, instructions, and guidance governing DoD Information Assurance (IA). United States Marine Corps (USMC) IA Enterprise Directive 014 Wireless Local Area Networks (WLANs) outlines the security configuration and implementation standards for WLANs within the Marine Corps Enterprise Network (MCEN) boundary security framework.
1.2 Objectives
To ensure that the USMC:
1.2.1 Protects the availability, authentication, confidentiality, integrity, and nonrepudiation of both wired and wireless IT assets, including information transmitted using commercial WLAN wireless devices, services and technologies.
1.2.2 Wireless IT assets do not adversely impact existing systems by causing electromagnetic interference (EMI) or other unintended electromagnetic consequences as determined by reference (j).
1.2.3 Wireless technologies are afforded the safeguards required to protect USMC IT assets from the vulnerabilities associated with the use of commercial wireless local area networking technologies.
1.2.4 Personnel using USMC information systems receive wireless security training commensurate with their duties and responsibilities.
1.2.5 Wireless security-related technology research and development efforts are responsive to the requirements of the USMC.
1.2.6 Encourages interoperability between Department of the Navy (DoN) enclaves and DoD agencies, as required.
1.3 Scope
This IAED applies to:
1.3.1 Marine Corps components, organizations and personnel (government and nongovernment employees) that enter USMC facilities and/or access USMC IT systems. This includes any networks that process any USMC data whether stand alone, contractor provided, or directly connected to the MCEN backbone.
1.3.2 All Marine Corps commercial wireless devices, services, networks and technologies intended for use in both ashore and afloat environments. Per Commandant of the Marine Corps (CMC) memorandum, Headquarters, Marine Corps (HQMC) Command, Control, Communications, and Computers (C4) is responsible for all networks and networked systems within the MCEN. The MCEN is defined as all garrison, tactical and NMCI networks that operate in accordance with paragraph 1.3.1. Therefore, Approval to Operate (ATO)/Approval to Connect (ATC) must be granted prior to installation of any commercial wireless technologies. Also includes, but is not limited to: commercial wireless data communication devices, networks, PEDs such as PDA’s and personal computers, audio/video recording devices, scanning devices and any other technology capable of storing, processing or transmitting information via commercial-based technologies connected to any USMC internal networks, operated aboard USMC facilities or established in support of USMC personnel.
1.3.3 The use of commercial wireless networking technologies in the USMC can be categorized into one of two “Zones”. The security requirements of the network will depend on the “Zone” that your network corresponds to.
1.3.3.1 Zone 1: Zone 1 is all wireless networks using commercial wireless technologies, that connect to the MCEN backbone, and/or stores, processes, or displays USMC operational data, processes any information that is sensitive in nature (HIPPA, Privacy Act, Financial, Personal, etc…) or any other information that may be considered DOD SBU.
1.3.3.2 Zone 2: Zone 2 is all wireless networks using commercial wireless technologies, which do not fit into Zone 1, such as dedicated point-topoint RF connections secured by a FIPS 140 approved solution that operates at or above Layer 3 of the OSI model, or an infrastructure solution secured by the Harris SecNet 54 Type 1 solution (which operates at Layer 3 of the OSI model).