DoD Network Security Stand Down
This MARADMIN announces a DOD-wide Network Security Stand-Down scheduled for 29 November 2005 in response to recent computer network threats on the Global Information Grid. All Marine Corps commands must complete specific network security tasks and provide refresher Information Assurance training to all users by the stand-down date, with account privileges suspended for those who fail to complete training.
Issued: November 15, 2005
RMKS/1. PURPOSE. THIS MARADMIN NOTIFIES ALL MARINE CORPS COMMANDS OF THE PLANNED DOD NETWORK SECURITY STAND-DOWN ON 29 NOV 05 AND SERVES AS A WARNING ORDER FOR SPECIFIC NETWORK SECURITY TASKS TO BE EXECUTED BY EVERY MARINE CORPS COMMAND. 2. BACKGROUND. IN RESPONSE TO RECENT COMPUTER NETWORK THREAT ACTIVITY ON THE GLOBAL INFORMATION GRID (GIG), REFERENCE A DIRECTS THE MARINE CORPS NETWORK OPERATIONS AND SECURITY COMMAND (MCNOSC) TO IMPLEMENT SEVERAL COMPUTER NETWORK SECURITY MEASURES ON THE MARINE CORPS ENTERPRISE NETWORK (MCEN) TO ENSURE THE AVAILABILITY OF NETWORK RESOURCES AND RESTORE CONFIDENCE IN THE DATA. THESE TASKS MUST BE ACCOMPLISHED PRIOR TO THE DOD NETWORK SECURITY STAND-DOWN ON 29 NOV 05 AND REQUIRE THE ACTIVE PARTICIPATION OF EVERY MARINE CORPS COMMAND. REF B DIRECTS ADDITIONAL ACTIONS ACROSS DOD IN SUPPORT OF AGGRESSIVE COMPUTER NETWORK DEFENSE. 3. DISCUSSION. A. IN THE NEXT 48 HOURS MCNOSC WILL RELEASE OPERATIONAL DIRECTIVES (OP-DIRS) VIA MULTIPLE CLASSIFIED DEFENSE MESSAGE SYSTEM (DMS) MESSAGES. THE MARINE CORPS G-6/INFORMATION ASSURANCE (IA) COMMUNITY MUST ENSURE COMPLIANCE WITH THE OP-DIRS AND REPORT RESULTS TO THE MCNOSC WITHIN THE DUE DATES. ACTIONS DIRECTED BY THESE OP-DIRS WILL INCLUDE THE FOLLOWING: (1) VALIDATE UNCLASSIFIED NETWORK REMOTE ACCESS (2) SCAN FOR INTRUSION ACTIVITY AND REMEDIATE COMPROMISED SYSTEMS (3) VALIDATE IAVM COMPLIANCE AND UPDATE NON-COMPLIANT SYSTEMS (4) VALIDATE ALL AUTHORIZED ACCOUNTS AND USERS (5) VALIDATE USMC ENTRIES IN DOD PORTS AND PROTOCOLS DATABASE (6) MOVE ALL PUBLIC WEB SERVERS TO LOCAL SERVICE NET (7) RENAME ALL SYSTEMS TO OPSEC CONSCIOUS NAMING STANDARDS B. THE G-6 COMMUNITY SHOULD REVIEW THE SPECIFIC TASKS IN EACH OP-DIR AND REQUEST WAIVERS OR EXCEPTIONS BASED UPON THE OPERATIONAL IMPACT TO THEIR COMMAND. REQUESTS MUST BE MADE NLT 17 NOV TO THE MCNOSC WATCH OFFICER VIA E-MAIL TO MCNOSCWO@MCNOSC.USMC.MIL OR (SMIL.MIL). C. THE DOD NETWORK SECURITY STAND-DOWN ON 29 NOV 05 WILL BE A DOD WIDE EFFORT THAT WILL RAISE AWARENESS OF NETWORK SECURITY ISSUES AND VALIDATE ALL AUTHORIZED USERS. ALL USERS WILL PARTICPATE AT ALL LEVELS. THIS CAN BE DONE IN PHASES OR IN GROUPS BUT IN ALL ACTIONS REQUIRED IN REFS WILL BE COMPLETED AND REPORTED BY 29 NOV 05. (1) MARINE CORPS IA STAFF (IAMS & IAOS) WILL ENSURE THAT EACH USER UNDER THEIR PURVIEW RECEIVES REFRESHER INFORMATION ASSURANCE TRAINING. THIS INCLUDES CIVILIAN MARINES AND CONTRACTORS. THIS TRAINING IS INDEPENDENT OF OTHER SECURITY TRAINING THAT MAY BE ON-GOING, E.G., SECURITY MANAGER REQUIRED ANNUAL SECURITY REFRESHER. (2) THIS TRAINING CAN BE A LOCALLY DEVELOPED PRESENTATION OR USE OF THE DISA INFORMATION ASSURANCE BASICS CD. TRAINING MUST INCLUDE LOCAL SYSTEM RULES OF BEHAVIOR FOR USERS, LOCAL INCIDENT REPORTING PROCESSES, PROPER PASSWORD CONSTRUCTION AND PROTECTION, AND A REVIEW OF THE MARINE CORPS SYSTEM USER'S AGREEMENT. (3) A ROSTER OF USERS SUCCESSFULLY RECEIVING THIS TRAINING WILL BE MAINTAINED, AND THE LOCAL IA STAFF WILL REPORT THE RESULTS TO HQMC C4 CPIA. (4) THIS IA TRAINING CAN ALSO SATISFY THE REQUIREMENT FOR ANNUAL INFORMATION ASSURANCE TRAINING. (5) USERS WHO DO NOT COMPLETE THIS TRAINING BY 29 NOV 05 WILL HAVE THEIR ACCOUNT PRIVILEGES SUSPENDED UNTIL THEY COMPLETE SAID TRAINING. D. THE NAVY/MARINE CORPS INTRANET (NMCI) CONTRACTOR WILL PROVIDE TECHNICAL SUPPORT FOR ALL REQUIRED IA TASKS. 4. POINTS OF CONTACT ARE LISTED ABOVE.