3. Execution. Commanders will ensure that this policy is read and adhered to by all personnel.

Transcription

1 UNITED STATES MARINE CORPS MARINE CORPS AIR STATION IWAKUNI, JAPAN PSC 561 BOX 1861 FPO AP IN REPLY REFER TO: MCASO S-6 MARINE CORPS AIR STATION ORDER From: Commanding Officer, Marine Corps Air Station Iwakuni To: Distribution List Subj: SECURE DATA TRANSFER POLICY Ref: (a) USMC ECSD 008 "Secure Data Transfer v2.0", 17 Dec 12 (b) DOOM Vol. 2 "DoD Information Security Program: Marking of Classified Information", 24 Feb 12 (c) CMC White Letter 2-11 "Cyber Awareness and Accountability", 23 Aug 11 (d) USMC ECSD 010 "Unauthorized Disclosure of Classified Information and Electronic Spillage v2.0", 10 Jun 14 (e) USMC Sensitive Compartmented Information Enterprise Information Directive, Media Protection, 28 Jan 14 (f) MARFORPACO B, Foreign Disclosure Order, 21 Jan 14 (g) MARFORPAC Policy Letter 3-15 (Secure Data Transfer) Encl: (1) Secure Data Transfer Request 1. Situation. Marine Corps Air Station Iwakuni, Japan (MCAS-I) utilizes multiple networks and information systems of varying classification and releasability levels to facilitate communications between U.S. and coalition forces from different nations. This unique operational capability is invaluable to the collaboration of U.S. allies and foreign nations. At times, and dictated by mission requirements and in accordance with the references (a) through (g), information originating from one system needs to be transferred and accessed on a system of a different classification or releasability level. The improper transfer of electronic data from classified information technology systems to lower classified systems can result in an electronic spillage onto MCAS- I and the Marine Corps Enterprise Networks (MCEN). Most electronic spillages are caused by human carelessness, the failure to review content, and the failure to follow proper procedures for safeguarding classified information. Incidents involving negligent transfers not only underscore the lack of operations security (OPSEC) discipline, but in instances where the network is maintained by a "fee-for-service" provider, these incidents have resulted in a significant financial burden to the Marine Corps due to the costs associated with the sanitization of the affected systems. 2. Mission. Effective immediately, the procedures mandated in this policy letter apply to all personnel aboard MCAS-I regarding the transfer of data between different computer networks. 3. Execution. Commanders will ensure that this policy is read and adhered to by all personnel. a. Failure to follow this policy is punishable pursuant to Article 92 of the Uniform Code of Military Justice (UCMJ) and will be reported as a security violation through the Joint Personnel Adjudication System (JPAS).

2 MCASO b. Secure Data Transfer Procedures. There are six classifications of networks employed aboard MCAS-I and the transfer procedures are outlined as such. In some cases, programs exist that facilitate data transfer without the need to physically transfer the data using discs or other magnetic media. Whenever possible, personnel are encouraged to use those programs as their primary method for data transfer. All data transfers executed through a physical means must be conducted in accordance with reference (a). (1) Low to Low. Low to low refers to the transfer of information between unclassified systems (i.e. Non-Secure Internet Protocol Router Network (NIPRNet)) to another unclassified network or external media/device. The following methods are authorized for this type of transfer: (a) Network storage devices (shared drives). (b) Compact disc-recordable (CD-R), compact disc-recordable/ re- writable (CD-RW), or digital versatile disc (DVD) R/RW. (c) Government external hard drive. (2) Low to High. Low to high refers to the transfer of information from an unclassified system to a system of higher classification (i.e. NIPRNet) to Secret Internet Protocol Router Network (SIPRNet). All personnel are encouraged to use non-physical means such as the Global Information Data Exchange program to execute low to high secure data transfers whenever feasible. For instances where non-physical means are not feasible, the following method is authorized: Information will be written to a CD/R or DVD-R. CD-RW and DVD-RW discs are not authorized for low to high data transfers since information can be written to these discs in future data transfer sessions. (3) High to High. High to high refers to the transfer of information between systems of the same classification, but different releasability (e.g. CENTRIXS-J to SIPRNet). In accordance with reference (f), caution must be exercised as the possibility of unauthorized disclosure is possible if not executed properly. For example, U.S. Secret information is not releasable to foreign countries unless it has been approved by a Foreign Disclosure Officer (FDO) and has been marked "Releasable To." When conducting a transfer from a U.S. only network to a Releasable To (REL) network (e.g. SIPRNet to CENTRIXS-K) follow procedures for High to Low Transfer in paragraph 3.b.(4) below. The FDO will serve as the Data Transfer Agent (DTA). As there is not an organic FDO aboard the installation, personnel aboard MCAS-I will rely upon the FDOs at Marine Corps Installations, Pacific or 1st Marine Aircraft Wing, as per their respective chains of command. When transferring from a REL network to a U.S. only network (e.g. CENTRIXS-K to SIPRNet) the following methods are authorized for this type of transfer: (a) A CD-R or DVD-R will be used as long as memory capacity requirements do not exceed the limitations of one CD or DVD. CD-RW and DVD-RW are not authorized. Transfer must be in accordance with reference (a). (b) A hard drive with a physical write block may be used. A transfer using this method must be completed by a trained technician and 2

3 MCASO follow the procedures in reference (a). Furthermore, the MCAS-I Security Control Assessor Representative or MCAS-I Information Systems Security Manager (ISSM) must approve external media requests on classified networks before connecting to a classified machine. (4) High to Low. High to low refers to the transfer of information from a system of a higher classification to a system of lower classification (i.e. SIPRNet to NIPRNet). Staff sections and tenant commands aboard MCAS-I that have a requirement to conduct frequent data transfers may submit a request for this capability; this request will be endorsed by the Executive Officer, MCAS-I and forwarded to the HQMC Authorizing Official for approval. Those staff sections or tenant organizations with an approved high to low transfer capability will designate a DTA for their section. The DTA must be an E-4/GS-4 or above. (a) The MCAS-I ISSM will ensure that all DTA's for transfer from SIPRNet, CENTRIXS-K and CENTRIXS-J domains have completed Secure Data Transfer training in accordance with reference (a). The MCAS-I ISSM shall appoint DTAs for SIPRNet, CENTRIXS-K and CENTRIXS-J domains in writing. The MCAS-I Joint Worldwide Intelligence Communications Systems (JWICS) ISSM shall ensure that DTAs for JWICs have completed training required by reference (e) and appoint the DTAs in writing. To ensure only appointed DTAs have the capability to write to CD-Rs and DVD-Rs on SIPRNet, either the command ISSM shall use software such as DeviceLock to restrict the CD/DVD burning capability or the DTA shall safeguard their SIPRNet Hard Disk Drive so as to prevent access by persons not authorized to conduct secure data transfers. applies: (b) To conduct a high to low transfer the following procedure 1. The individual requesting the transfer of data will initiate the request by filling out requestor portion of enclosure (1), Secure Data Transfer Request. The requestor will follow the steps outlined in paragraph of reference (a). The requestor will ensure the content of the file is appropriately marked in accordance with reference (b). The requestor will thoroughly review the content of the file and compare it against applicable Security Classification Guides to verify the classification level of the file. 2. The requestor will then forward a signed copy of the Secure Data Transfer Request to a Reliable Human Reviewer (RHR). The RHR must be a subject matter expert in the content contained in the file and an E-6/GS-6 or above. The RHR will perform the steps outlined in paragraph of reference (a). The RHR will ensure the content of the file is appropriately marked in accordance with reference (b). The RHR will thoroughly review the content of the file and compare it against applicable Security Classification Guides to verify the classification level of the file. If the RHR identifies items in the file that are not authorized for the transfer, the RHR will return the file to the requestor for correction. Once the RHR verifies the file is the appropriate classification level for the data transfer, the RHR will fill out the RHR section of the enclosure and forward it to the DTA. If the data resides on JWICS, two RHRs are required and both RHRs will perform the actions outlined in this paragraph. For JWICS the second RHR may be an E-5/GS-5 or above. 3

4 MCASO JUL The DTS will verify that all steps in paragraphs 3. b. (4) above were performed. The OTA will perform a quality assurance screening of the information to ensure the file(s) is suitable for transfer to the appropriate system. This will include processing the file through IC CLEAR and a human review of the content in the file. If this review reveals any content not suitable for transfer, including high risk findings from IC CLEAR, the OTA will return the file to the requester for correction. In any case, where the OTA is unsure of the security classification of the file, the OTA will consult the Security Manager or Special Security Officer (SSO) as appropriate. Once the OTA has determined the file is eligible for transfer, the OTA will either follow the steps in paragraph of reference (a) to execute the transfer using only a CD-R or DVD-R or, for transfers from JWICS the OTA will execute the transfer using the procedures established by the JWICS ISSM for using the Information Support Server Environment Guard program. CD-RW and DVD- RW are prohibited for High to Low transfers. The OTA will fill out the OTA portion of the enclosure and maintain a copy of the enclosure for two years per paragraph 3.4 of reference (a). c. Unauthorized Dissemination of Classified Information. Electronic spillage is defined as the inadvertent or accidental contamination of electronic storage media by information classified above the accredited level of the device (e.g. SECRET information being stored to an unclassified hard drive). Spillages will be reported and handled in accordance with reference (d). 4. Administration and Logistics. The point of contact concerning the technical aspect of this policy is the MCAS-I ISSM at DSN : The point of contact concerning handling of classified information is the MCAS-I Security Manager at DSN : Command and Signal a. Command. This policy letter is applicable to all military, civil service, and contract personnel. b. Signal. This policy letter is effective on the date signed and will remain in effect until rescinded by Commander, MCAS - I. 4/i~ DISTRIBUTION: A/B/C 4

5 MCAS Iwakuni 5510 (06/17) DATA TRANFER FILE INFORMATION 1. FILE NAME 2. FILE TYPE 3.SOURCE SYSTEM ID 4.SOURCE SYSTEM SYS CLASS LVL 5.DESTINATION SYSTEM ID 6.DESTINATION SYS CLASS LVL REQUESTOR 7. DATE 8. RANK 9. LST NAME 10. FST NAME 11. M.I. 12. I certify that I have performed a thorough review of the file(s) listed above in accordance with paragraph of the USMC 12a. Enterprise Cyber Security Directive 008 Secure Data Transfer. I have read all content and compared it to appropriate Security Classification Guides (SCG). Further, I certify that this file does not contain classified military information that would result in a spillage on the destination domain. I have processed the file through IC CLEAR or COMPUSEC Toolbox, and made all necessary changes to 12b. PHONE resolve all HIGH risk findings. Further I attest that this transfer is mission-essential and not based solely on convenience. 12a. SECTION 12b. PHONE 12c. NIPR 12d. SIGNATURE 13. REQUEST THE PROCESSED FILE BE RETURNED VIA: CD NIPRNET RELIABLE HUMAN REVIEWER (RHR) 14.DATE 15. RANK 16. LST NAME 17. FST NAME 18. M.I. 19. I certify that I am a Subject Matter Expert in the content of the prospective file listed above to be transferred. I have performed a 19a. Reliable Human Review (RHR) of the file(s) listed above, in accordance with paragraph of the USMC Enterprise Cyber Security Directive 008 Secure Data Transfer, including reading all content and comparing it to appropriate Security Classification Guides (SCG). Further I certify that this file does not contain Classified Military Information that would result in a spillage on the destination domain. 20. (A Second Reliable Human Reviewer is only required for JWICS High to Low Transfers) I certify that I am a Subject Matter Expert in the content of the prospective file listed above to be transferred. I have performed a Reliable Human Review (RHR) of the file(s) listed above, in accordance with paragraph of the USMC Enterprise Cyber Security Directive 008 Secure Data Transfer, including reading all content and comparing it to appropriate Security Classification Guides (SCG). Further, I certify that this file does not contain classified military information that would result in a spillage on the destination domain. 19a. SECTION 19b. PHONE 19c. NIPR 19d. SIGNATURE 20a. SECTION 20b. PHONE 20c. NIPR 20d. SIGNATURE ***FOR DATA TRANSFER AGENT (DTA) USE ONLY*** 21. DATE 22. RANK 23. LST NAME 24. FST NAME 25. M.I. 26. TRANSFER PROCESS 27. PROCESSED FILE 28. FINAL ACTION **CHECK BOX BELOW TO CONFIRM COMPLETION OF EACH PROCESS** 26a. Validate the content of each file using IC CLEAR. Perform physical review of each file. 26b. Perform a virus scan of the file(s). Ensure the latest virus definitions are installed on the workstation before scanning. 26c. For physical transfers- Obtain new magnetic media (CD-R or DVD-R only, rewriteable media is not authorized). Bum the file(s) to the CD-R or DVD-R on the source system. For non-physical transfers, load the file into ISSE Guard. 26d. Copy the file(s) from the magnetic media (CD-R or DVD-R) to the target system (physical transfer only). 26e. For physical transfers, perform another virus scan of the file(s) to ensure no virus was transferred. 26f. Re-certify the contents of the target device by executing both string-search (BUSTER or IC CLEAR). 27a. File is functional. 27b. File can be opened but is degraded. 27c. Original file format could not be opened. 28a. Files provided to the requestor on CD. 28b. Functional file ed to requestor via NIPR. 28c. Only pdf ed to requestor via NIPR. 28d. No files returned, file cannot be opened and pdf degraded. 28e. Return this completed form to the command ISSM, FDO, and Security Manager for retention. Retain a copy of this completed form for individual records. 29. I certify that I completed all procedures outlined above. SIGNATURE