This is an unofficial resource. For the official MARADMINs site, visit marines.mil
M
Back to MARADMINs
MARADMIN 313/17

Updated Policy on Denial of Authorization to Operate (DATO) of Systems

This MARADMIN updates the policy on Denial of Authorization to Operate (DATO) for Marine Corps information systems. The key change is that DATOs will now be issued 90 days before an Authorization to Operate (ATO) expires, rather than after expiration, giving Program Managers and System Managers advance warning to complete reauthorization requirements or face system disconnection from the Marine Corps Enterprise Network.

Issued: June 16, 2017
Technology
1.  Purpose.  This is a joint Marine Corps Forces Cyberspace Command (MARFORCYBER) and Headquarters United States Marine Corps Command, Control, Communications, and Computers (C4) MARADMIN.  The purpose of this MARADMIN is threefold: 1) Update policy on the authorization to operate (ATO) of systems.  2) Change issued date of the DATO to 90 days prior to the expiration of the ATO.  3) Add an effective date to the DATO, this date will reflect the expiration of the ATO plus one day.  This will give Program Managers (PM), System Managers (SM), and Information System Security Managers (ISSM) advanced warning that their system will be removed from the network as soon as the ATO terminates.  Additionally, issuance of the DATO at 90 days allows commanders time to analyze operational impact and request timelines for completion of requirements.<br>
2.  Background.  Per ref (a), the policy has always been to issue the DATO after the ATO has expired.  This process delayed the disconnection of a vulnerable system and increased risk to the Marine Corps Enterprise Network (MCEN).<br>
3.  Execution<br>
3a.  Systems within 180 days of the system authorization expiration date will be reported in the Federal Information Security Modernization Act (FISMA) message and monitored by MARFORCYBER and HQMC (C4).<br>
3b.  Systems that have not completed and documented required actions by 90 days prior to the scheduled expiration date of the ATO will be issued a DATO.<br>
3c.  Failure to gain reauthorization by the end of the 90 day period will result in MARFORCYBER issuing a notice of intent to disconnect (NOID) on the effective date of the DATO.  This will affect the capability to access the system through isolation and disconnection.<br>
4.  Release authorized by MajGen L. E. Reynolds, Commander, Marine Corps Forces Cyberspace Command and BGen D. A. Crall, Director, Command, Control, Communications, and Computers (C4) Department/Deputy Department of the Navy Chief Information Officer (Marine Corps).