CNATRAINST A N6 3 Mar 16. Subj: CNATRA ELECTRONIC MAIL DIGITAL SIGNATURE AND ENCRYPTION POLICY

Similar documents
DEPARTMENT OF THE NAVY UNITED STATES NAVAL ACADEMY 121 BLAKE ROAD ANNAPOLIS MARYLAND

Cryptologic and Cyber Systems Division

CYBER SECURITY BRIEF. Presented By: Curt Parkinson DCMA

DHSS COMPUTING ENVIRONMENTS Account Authorization Request Form

Electronic Signature Policy

Leveraging the LincPass in USDA

DoD Spear-Phishing Awareness Training. Joint Task Force - Global Network Operations

Department of Defense Cybersecurity Requirements: What Businesses Need to Know?

E-CONSTRUCTION AN UPDATE ON STATE CONSTRUCTION OFFICE E-CONSTRUCTION SYSTEMS

Document Title: Electronic Data Protection and Encryption Policy. Revision Date Authors Description of Changes

Subj: CNIC IRIDIUM SATELLITE PHONE POLICIES AND PROCEDURES

Information Technology Standards

UNIVERSITY OF MASSACHUSETTS AMHERST INFORMATION SECURITY POLICY September 20, 2017

Safeguarding Controlled Unclassified Information and Cyber Incident Reporting. Kevin R. Gamache, Ph.D., ISP Facility Security Officer

Development Authority of the North Country Governance Policies

Interagency Advisory Board HSPD-12 Insights: Past, Present and Future. Carol Bales Office of Management and Budget December 2, 2008

UNIVERSITY OF MASSACHUSETTS AMHERST INFORMATION SECURITY POLICY October 25, 2017

Service Management. What an Acquisition Practitioner Needs to Know. Karen Gomez Defense Information Systems Agency Mission Support Division

Defense Information Systems Agency (DISA) Department of Defense (DoD) Cloud Service Offering (CSO) Initial Contact Form

HIPAA Compliance Checklist

NESSO QUICKSTART GUIDE

University of Pittsburgh Security Assessment Questionnaire (v1.7)

DOD Medical Device Cybersecurity Considerations

COMPLIANCE WITH THIS PUBLICATION IS MANDATORY

ROADMAP TO DFARS COMPLIANCE

PRIVACY 102 TRAINING FOR SUPERVISORS. PRIVACY ACT OF U.S.C.552a

Department of the Navy Data Server and Data Center Waiver Scope Matrix and FAQ

Vocera Secure Texting 2.1 FAQ

Data Inventory and Classification, Physical Devices and Systems ID.AM-1, Software Platforms and Applications ID.AM-2 Inventory

DATA STEWARDSHIP STANDARDS

ENCORE II REQUIREMENTS CHECKLIST AND CERTIFICATIONS

Complete document security

Cirius Secure Messaging Single Sign-On

NYDFS Cybersecurity Regulations: What do they mean? What is their impact?

Privacy Impact Assessment for the National Cyber Security Division Joint Cybersecurity Services Pilot (JCSP) DHS/NPPD-021.

We are releasing 7 pages of responsive documents. Pursuant to FOIA, certain information has been redacted as it is exempt from release.

ORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers

PII SPOT CHECK DOCUMENTATION

National Defense University and IRMC. National Defense University

Single Sign-On. Introduction

Secure Web Fingerprint Transaction (SWFT) Access, Registration, and Testing Procedures

State of Colorado Cyber Security Policies

Bring Your Own Device Policy

Single Sign-On. Introduction. Feature Sheet

Statement of Organization, Functions, and Delegations of Authority: Office of the

Access to University Data Policy

Safeguarding Unclassified Controlled Technical Information

Department of Veterans Affairs VA DIRECTIVE April 17, 2006 WEB PAGE PRIVACY POLICY

TABLE OF CONTENTS. I. Policy 2. III. Supportive Data 2. IV. Signature Block with Effective Date 3. V. Definitions 3. VI. Protocol 4. VII.

Cybersecurity 2016 Survey Summary Report of Survey Results

Chapter 9 Section 3. Digital Imaging (Scanned) And Electronic (Born-Digital) Records Process And Formats

CONNECT TRANSIT CARD Pilot Program - Privacy Policy Effective Date: April 18, 2014

A Privacy and Cybersecurity Primer for Nonprofits Nonprofits in the Digital Age March 9, 2016

STAFF REPORT. January 26, Audit Committee. Information Security Framework. Purpose:

Defense Logistics Agency INSTRUCTION

System Access Procedures for CIMS and NRMS

Virginia State University Policies Manual. Title: Information Security Program Policy: 6110

TRICARE Operations Manual M, April 1, 2015 Records Management (RM) Chapter 9 Section 1

Cybersecurity Challenges

DoDD DoDI

Defense Information System for Security (DISS) Frequently Asked Questions (FAQs)

Defense Health Agency Protected Health Information Management Tool (PHIMT)

CONTROLS OVER ELECTRONIC DOCUMENT MANAGEMENT. Report No. D April 16, Office of the Inspector General Department of Defense

Department of Defense Past Performance Information Retrieval System- Statistical Reporting Next Generation (PPIRS-SR NG)

3. Execution. Commanders will ensure that this policy is read and adhered to by all personnel.

ACCEPTABLE USE POLICY (AUP), v 1.4, 6 January 2012

Federal Voting Assistance Program (FVAP)

Guide: HIPPA Compliance. Corporate HIPAA Compliance Guide. Privacy, productivity and remote access. gotomypc.com

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

STUDENT GUIDE Risk Management Framework Step 1: Categorization of the Information System

CERTIFICATE POLICY CIGNA PKI Certificates

DoD Identity & Access Management (IdAM) Portfolio Overview

Media Protection Program

Subcontractor OPSEC Training Government Programs

Course No. S-3C-0001 Student Guide Lesson Topic 6.1 LESSON TOPIC 6.1. Computer Security (Information Assurance (IA)) Program

Firewall Policy. Prepared By Document Version Phone Number Kevin Kuhn Version /

Department of Veterans Affairs Direct and My HealtheVet Blue Button. Glen Crandall VA Direct Program Manager

MANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors

University of Chicago Medical Center. Secure Gateway. Procedure. CBIS Information Security Office

There is an increasing desire and need to combine the logical access and physical access functions of major organizations.

Defense Security Service

Strategies for the Implementation of PIV I Secure Identity Credentials

Department of Defense Public Affairs Guidance for Official Use of Social Media

NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE

DEFENSE LOGISTICS AGENCY AMERICA S COMBAT LOGISTICS SUPPORT AGENCY. Cyber Security. Safeguarding Covered Defense Information.

U. S. AIR FORCE. Air Force Way. Vendor Guide. Version Release # S December 15, 2017

Secure Government Computing Initiatives & SecureZIP

Cyber Awareness Training Requirements

DFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com

Xerox FreeFlow Print Server. Security White Paper. Secure solutions. for you and your customers

This document/guide contains dated material; always check the ASMC website for the most recent information, policies, and other information.

DEFENSE INFORMATION SYSTEMS AGENCY P. O. BOX 549 FORT MEADE, MARYLAND Joint Interoperability Test Command (JTE) 26 Mar 13

OFFICE OF THE UNDER SECRETARY OF DEFENSE 3000DEFENSEPENTAGON WASHINGTON, DC

Information System Security

Overview of Key E.U. and U.S. Privacy and Cybersecurity Laws. Brett Lockwood Smith, Gambrell & Russell, LLP May 15, 2018

FedMall Frequently Asked Questions

Application Virtualization Hosting Environment

NYDFS Cybersecurity Regulations

User Manual for. Architect-Engineer Contract Administration Support System (ACASS) And Construction Contractor Appraisal Support System (CCASS)

University Policies and Procedures ELECTRONIC MAIL POLICY

Transcription:

DEPARTMENT OF THE NAVY CHIEF OF NAVAL AIR TRAINING 250 LEXINGTON BLVD SUITE 102 CORPUS CHRISTI TX 78419-5041 CNATRAINST 5230.7A N6 CNATRA INSTRUCTION 5230.7A Subj: CNATRA ELECTRONIC MAIL DIGITAL SIGNATURE AND ENCRYPTION POLICY Ref: (a) DODI 8520.02 (b) DON CIO Washington DC/032009ZOCT2008 (c) NETWARCOM CTO 08-07, PKI Implementation (d) JTF-GNO CTO 07-015, PKI Implementation, Phase 2 (e) NAVADMIN 248/08 (f) CNO Washington DC/071651ZDEC2004 (g) DODI 8500.01, DOD Cybersecurity, 14MARCH2014 (h) PKI Roadmap for the DOD v2.0 29SEP06 Encl: (1) List of Web Links to References 1. Purpose a. Provide policy in support of the Public Key Infrastructure (PKI) as defined in reference (a), which enhances the security of Department of the Navy (DON) Information Systems (IS) within the Chief of Naval Air Training (CNATRA) and Naval Air Training Command (NATRACOM) by utilizing digital signatures and encryption. b. Define procedures and guidelines for the effective implementation of CNATRA Electronic Mail (E-mail) Digital Signature and Encryption Policy. 2. Cancellation. CNATRAINST 5230.7 3. Applicability and Scope. This instruction applies to: a. All CNATRA and NATRACOM personnel to include military, government civilians and contractors using DON information systems.

b. All unclassified E-mails sent from a DON system or account to include, but not limited to, desktops, laptops and Personal Electronic Devices (PEDs) such as iphones, as described in references (b) and (e). 4. Definitions. Terms and definitions used in this instruction are defined in references (d), (e) and (h). a. Digital Signature. A stamp on an email, which is unique to the user and provides an accurate means of identifying the originator of a message (message authenticity). Assures the recipient that the original content of the message or document is unchanged (data integrity). Provides the sender proof of delivery and the recipient with proof of the sender s identity (non-repudiation). b. Encryption. The process of transforming data in an unintelligible form in such a way that the original data either cannot be obtained (one-way encryption) or cannot be obtained without using the inverse decryption process. c. Format Sensitive Information. Unclassified information regarding Department of Defense (DOD) capabilities, infrastructure, personnel and/or operational procedures when electronically aggregated in significant volume that could adversely affect the national interest, the conduct of federal programs or the privacy of an individual if lost, misused, accessed, or modified in an unauthorized way. This includes information that may be subject to public disclosure but requires protection when in electronic format. d. Non-Repudiation. Strong and substantial evidence of the identity of the signer of a message and of message integrity, sufficient to prevent a party from successfully denying the origin, submission or delivery of the message and the integrity of its contents. e. Sensitive Information. Any information that has not been approved for public release by a public affairs review process. Typically, this refers to For Official Use Only (FOUO), Privacy Act, or Department of State Sensitive But Unclassified (DoSSBU), or Personally Identifiable Information (PII). 2

5. Policy a. This instruction implements the policies and supplements the guidance established in references (a) through (h). b. Per DOD wide requirements, all unclassified official E- mails, sent from a DON system or account that requires message integrity and/or non-repudiation must be digitally signed. This includes E-mails that contain the following: (1) Directs, tasks or passes direction or tasking. (2) Requests or responds to requests for resources. (3) Publishes organization, position or information external to the organization (command, division or department). (4) Discusses any operational matter. (5) Discusses contract information, financial or funding matters. (6) Discusses personnel management matters. (7) The need to ensure that the E-mail originator is the actual originator. (8) The need to ensure that the E-mail content has not been tampered with during transit. (9) Active embedded hyperlink. (10) Attachments. c. The following do not need to be digitally signed: (1) Personal or non-official E-mail. (2) Pure text references to web addresses, Uniform Resource Locators (URLs) or E-mail addresses. d. In addition to section 5b, official E-mail that contains the following information must also be encrypted: 3

(1) Sensitive information, as defined in reference (d), such as the following: (a) Privacy Act and Personally Identifiable Information (PII). (b) Health Insurance Portability and Accountability Act (HIPAA). (c) Contract information. (d) For Official Use Only (FOUO). (2) Discusses any information that may be considered as an Operations Security (OPSEC) indicator. 6. Responsibility. The CNATRA Command Information Officer (CIO) will ensure compliance with DOD and DON policies and procedures for information systems. Commanding Officers, Special Assistants and Managing Department Heads of CNATRA and NATRACOM will adhere and ensure subordinate adherence to this policy. 7. Contact Information for CNATRA CIO: CNATRA (N6),9035 Ocean Drive, Suite 322, Corpus Christi, TX 78419, DSN 861-3213, Commercial (361) 961-3213. Distribution: CNATRA Website CNATRA SharePoint D. M. EDGECOMB Chief of Staff 4

LIST OF WEB LINKS TO REFERENCES CNATRAINST 5230.7A Note: If clicking the link does not work, try copying the link and pasting it into the web browser. DODI 8520.02 PKI and PK Enabling; May 24, 2011 www.dtic.mil/whs/directives/corres/pdf/852002p.pdf DON CIO Washington DC/032009ZOCT2008, DON Policy Updates for PED Security and Application of Email Signature and Encryption, 03 OCT 2008 http://www.doncio.navy.mil/download.aspx?attachid=690 NETWARCOM CTO 08-07, PKI Implementation. https://infosec.navy.mil/pki/netwarcom_cto_08-07_pki_im.pdf JTF-GNO CTO 07-015, PKI Implementation, Phase 2 https://www.cybercom.mil/j3/orders/ctos/cto_pki_phase2v17%20(11d ec07).rtf NAVADMIN 248/08 Implementation of Navy E-Mail Digital Signature Policy CNO Washington DC 042120ZSEP08 https://infosec.navy.mil/pki/navadmin_248-08.pdf CNO Washington DC/071651ZDEC2004, Navy Common Access Card (CAC) and PKI Implementation Guidance Update https://infosec.navy.mil/pki/r071651zdec04cnowashingtondcunclas. pdf DODI 8500.01, DOD Cybersecurity, 14MARCH2014 http://www.dtic.mil/whs/directives/corres/pdf/850001_2014.pdf PKI Roadmap for the DOD v2.0 29SEP06 https://infosec.navy.mil/pki/pki_roadmap.pdf Enclosure (1)

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback