Updated Marine Corps Policy for Use of Public Key Infrastructure (PKI) Certificates on Portable Electronic Devices (PEDs) Security and Application of Email Signature and Encryption Policy

1.  PURPOSE.  This MARADMIN sets forth updated policy and guidance for the use of PKI certificates with PEDS.  Acceptable use of PEDS will follow policy resulting from Ref C.  This policy is applicable to Marine Corps and Marine Corps Reserves.<br>
2.  Policy.  All Marine Corps systems and devices (including portable electronic devices) accessing the MCEN shall be PK-enabled and support sending and receiving e-mail digitally signed and encrypted using DOD approved certificates.  E-mail shall be digitally signed and or encrypted in accordance with Marine Corps policy.<br>
3.  Only PEDS capable of being PK-enabled with approved DOD PKI certificates in accordance with DOD PKI policy shall be authorized for use on the MCEN.<br>
4.  All PED users shall either use an approved smartcard reader or a DOD approved derived PKI certificate issued in accordance with a DOD PKI approved process (Ref A).  Approved smartcard readers may interface with PED handhelds through either a physical connection or a secured bluetooth communications link, configured in accordance with the DISA Wireless Security Technical Implementation Guide (STIG).<br>
5.  Commands are responsible for the acquisition, distribution, and maintenance of smartcard readers as the primary enabling capability for signing and encrypting email on a PED.<br>
6.  All PED users will use the appropriate PKI hardware token and smartcard reader, DOD issued software certificates, or DOD approved derived PKI certificates associated with the email account.<br>
7.  Marine Corps General Officers (GO), Senior Executive Service (SES) personnel, Chiefs Of Staff/Military Assistants/Executive Assistants (COS/MA/EA), Commanding Officers (CO), Command Executive Officers (XO), Command Sergeants Major, and other individuals approved by the Marine Corps Authorizing Official (AO) are authorized to use DOD issued software certificates on PEDS in lieu of hardware token and smartcard reader.<br>
8.  PEDS using DOD issued software certificates or DOD derived credentials shall be treated as if it were the users Common Access Card (CAC).  Immediately report to the Registration Authority (RA) Operations Team the loss or theft of the device.<br>
9.  Recovery, issuance, and protection measures for certificates used on a PED shall be compliant with policy and guidance outlined in Ref B.  The RA Operations Team, Local Registration Authority (LRA), and PKI Trusted Agents (TA) are authorized to load certificates as detailed in Ref B.  The RA Operations Team shall provide specific training for PKI TA authorized to perform this action.<br>
10.  The RA Operations Team will keep a list of users and associated certificate information for those that have either software certificates or derived PKI credentials on a PED in accordance with Ref C.<br>
11.  Request for approval to use DOD issued software certificates for users not approved by this policy may be made via letter on command letterhead to the Marine Corps AO and submitted to HQMC_C4CY_IDMGT@usmc.mil.<br>
12.  Request for issuance of software certificates is made by individuals approved in paragraph 7 by sending a digitally signed email to the RA Operations Team at raoperations@usmc.mil.  Personnel approved by waiver must attach a copy of the AO signed letter to the email.  RA Operations will complete action on the request within 5 working days of receipt.<br>
13.  Marines are reminded to adhere to Ref D when using PEDs in the Marine Corps.<br>
14.  This policy supersedes and cancels Ref B and will remain be in force until cancelled or superseded.<br>
15.  Release authorized by BGen D. A. Crall, Director, Command, Control, Communications and Computers (C4) Department/Chief Information Officer of the Marine Corps.