Special Event Information
Our Site has been visited
times
R 211930Z OCT 98 ZYB MIN PSN 498013S25 FM SECNAV WASHINGTON DC//SN// TO ALNAV BT UNCLAS //N01500// ALNAV 084/98 MSGID/GENADMIN/SECNAV// SUBJ/DEPARTMENT OF THE NAVY WORLDWIDE WEB POLICY// REF/A/DOC/DEPSECDEF/25SEP98/-/NOTAL// REF/B/DOC/DOD/18JUL97// REF/C/RMG/CNO/21JUL95// REF/D/DOC/CNO/18SEP88// REF/E/DOC/CNO/29AUG95// REF/F/DOC/USC/1974// NARR/REF A IS A MEMORANDUM ADDRESSING INFORMATION VULNERABILITY AND THE WORLDWIDE WEB. REF B IS DOD POLICY FOR ESTABLISHING AND MAINTAINING A PUBLICLY ACCESSIBLE DOD WEB INFORMATION SERVICE. REF C, ALCOM 035/95, FORMERLY PROVIDED NAVY GUIDELINES FOR USE OF THE INTERNET. THIS ALNAV SUPERSEDES REF C. REF D, OPNAVINST 5510.1H, DEPARTMENT OF THE NAVY INFORMATION SECURITY PROGRAM REGULATION, REF E, OPNAVINST 3432.1, OPERATIONS SECURITY. REF F, THE PRIVACY ACT OF 1974, 5 U.S.C. SECTION 552A// RMKS/1. AS STATED IN REF A, SOME INFORMATION ON OUR PUBLICLY ACCESSIBLE WEB SITES PROVIDES TOO MUCH DETAIL ON NAVAL CAPABILITIES, INFRASTRUCTURE, PERSONNEL AND OPERATIONAL PROCEDURES. SUCH DETAIL, WHEN COMBINED WITH INFORMATION FROM OTHER SOURCES, MAY INCREASE THE VULNERABILITY OF DOD SYSTEMS AND POTENTIALLY BE USED TO THREATEN OR HARASS NAVAL PERSONNEL AND THEIR FAMILIES. 2. ALL NAVAL COMMANDERS WHO ESTABLISH PUBLICLY ACCESSIBLE WEB SITES ARE RESPONSIBLE FOR ENSURING THAT THE INFORMATION PUBLISHED ON THEIR SITES DOES NOT COMPROMISE NATIONAL SECURITY OR PLACE DOD PERSONNEL AT RISK. THE COMMANDER'S RESPONSIBILITY EXTENDS BEYOND GENERAL PUBLIC AFFAIRS CONSIDERATIONS REGARDING THE RELEASE OF INFORMATION INTO THE REALM OF OPERATIONAL SECURITY AND FORCE PROTECTION. COMMANDERS MUST APPLY COMPREHENSIVE RISK MANAGEMENT PROCEDURES TO ENSURE THAT THE CONSIDERABLE MISSION BENEFITS GAINED BY USING THE WEB ARE CAREFULLY BALANCED AGAINST THE POTENTIAL SECURITY AND PRIVACY RISKS CREATED BY HAVING AGGREGATED INFORMATION MORE READILY ACCESSIBLE TO A WORLDWIDE AUDIENCE.
3. DEFINITION - PUBLICLY ACCESSIBLE WORLDWIDE WEB PAGE: ANY WORLDWIDE WEB PAGE, DIRECTLY OR INDIRECTLY, CONNECTED TO THE INTERNET/NIPRNET, TO WHICH EXTERNAL ACCESS IS NOT CONTROLLED VIA AN AUTHENTICATION MECHANISM; SUCH AS USER ID AND PASSWORD. SITES WHICH SOLELY EMPLOY CUSTOMER ADDRESS FILTERING (I.E., RESTRICTING ACCESS TO .MIL ADDRESSES) ARE NOT CONSIDERED ADEQUATE TO PRECLUDE PUBLIC ACCESSIBILITY.
4. ACTION. ALL NAVAL COMMANDERS WHO HAVE ESTABLISHED PUBLICLY ACCESSIBLE WEB SITES SHALL IMMEDIATELY REVIEW THE CONTENT OF THOSE SITES AND REMOVE THE FOLLOWING INFORMATION: A. PLANS OR LESSONS LEARNED WHICH WOULD REVEAL SENSITIVE MILITARY OPERATIONS, EXERCISES, OR VULNERABILITIES. B. REFERENCE TO ANY INFORMATION THAT WOULD REVEAL SENSITIVE MOVEMENTS OF MILITARY ASSETS OR THE LOCATION OF UNITS, INSTALLATIONS, OR PERSONNEL WHERE UNCERTAINTY REGARDING LOCATION IS AN ELEMENT OF THE SECURITY OF THE MILITARY PLAN OR PROGRAM. C. ALL PERSONAL INFORMATION IN THE FOLLOWING CATEGORIES ABOUT U.S. CITIZENS, DOD EMPLOYEES AND MILITARY PERSONNEL:
1)SOCIAL SECURITY ACCOUNT NUMBERS;
2)DATES OF BIRTH;
3)HOME ADDRESSES AND
4)TELEPHONE NUMBERS OTHER THAN PHONE NUMBERS OF DUTY OFFICES WHICH ARE APPROPRIATELY MADE AVAILABLE TO THE GENERAL PUBLIC. IN ADDITION, REMOVE NAMES, LOCATIONS AND ANY OTHER IDENTIFYING INFORMATION ABOUT FAMILY MEMBERS OF DOD EMPLOYEES AND MILITARY PERSONNEL. 5. IF DETERMINED THAT THE IMMEDIATE REMOVAL OF INFORMATION WOULD ADVERSELY IMPACT ESSENTIAL MISSION ACCOMPLISHMENT WAIVERS MUST BE REQUESTED VIA CHAIN OF COMMAND. ALL NAVAL COMMANDERS WILL REPORT THROUGH THEIR IMMEDIATE SUPERIOR VIA THE CHAIN OF COMMAND (ISIC) TO SECOND ECHELON COMMANDERS WHEN THIS ACTION HAS BEEN COMPLETE. ALL SECOND ECHELON COMMANDERS WILL REPORT TO DON CIO UPON COMPLETION OF THIS TASKING BY THEIR CLAIMANCY NLT 15NOV98. ALL USMC UNITS WILL REPORT THROUGH AC/S C4I POC. 6. DURING THIS PROCESS, COMMANDERS/COMMANDING OFFICERS WILL EVALUATE THE SENSITIVITY OF TECHNOLOGICAL DATA ON THEIR WEB SITES. THESE ASSESSMENTS WILL ADDRESS THE EXTENT THAT SUCH INFORMATION, WHEN COMPILED WITH OTHER UNCLASSIFIED INFORMATION, REVEALS AN ADDITIONAL ASSOCIATION OR RELATIONSHIP THAT MEETS THE STANDARDS FOR CLASSIFICATION UNDER SECTION 1.8 (E) EXECUTIVE ORDER 12958. RECOMMENDATIONS ADDRESSING THIS ISSUE WILL BE INCLUDED IN REPORTS TO RESPECTIVE ISICS AND DON CIO. 7. A DOD TASK FORCE WILL DEVELOP POLICY AND PROCEDURAL GUIDANCE RELATED THAT ADDRESSES THE OPERATIONAL, PUBLIC AFFAIRS, ACQUISITION, TECHNOLOGY, PRIVACY, LEGAL AND SECURITY ISSUES RELATED TO THE USE OF DOD WEB SITES. THIS GUIDANCE WILL BE PROMULGATED IN APPROXIMATELY 60 DAYS. DESIGNATED DON INDIVIDUALS WILL PARTICIPATE IN THIS EFFORT AS WELL AS DEVELOP TAILORED AMPLIFYING POLICY FOR DON. IN THE INTERIM, NAVAL COMMANDERS WILL ENSURE THAT THEIR WEB SITES COMPLY WITH THE GUIDANCE PROVIDED IN THIS MESSAGE AND IN REF B. 8. INTERIM POLICY. NAVAL COMMANDERS SHALL REVIEW THEIR PUBLICLY ACCESSIBLE WEB SITES TO ENSURE COMPLIANCE WITH THE FOLLOWING:
A. ALL INFORMATION SYSTEMS WITH PUBLICLY ACCESSIBLE SERVERS WILL BE CERTIFIED, ACCREDITED AND RECEIVE A FORMAL AUTHORIZATION TO OPERATE BY THE DESIGNATED APPROVING AUTHORITY (DAA). A NETWORK RISK ANALYSIS MUST BE CONDUCTED AS PART OF THE OVERALL NETWORK SECURITY PLAN TO DETERMINE THE APPROPRIATE LEVEL OF SECURITY. DON WAN/LAN SYSTEMS SECURITY ACCREDITATIONS MUST BE UPDATED TO REFLECT THE ADDITION OF, OR EXISTENCE OF, A WEB SERVER OR OTHER INTERNET INFORMATION SERVER. B. COMMANDING OFFICERS SHALL APPOINT A PRIMARY AND AN ALTERNATE WEBMASTER, IN WRITING, AS THE COMMAND'S WEBMASTER. THE PRIMARY WEBMASTER OVERSEES THE COMMAND'S WEB SITE AND ENSURES COMPLIANCE WITH CURRENT DIRECTIVES. EACH HOME WEB PAGE WILL HAVE A DESIGNATED AUTHOR OR MAINTAINER, WHO WILL BE RESPONSIBLE FOR THE CONTENT AND APPEARANCE OF THAT WEB PAGE. THIS INDIVIDUAL'S ORGANIZATIONAL CODE, DATE OF LAST REVISION, AND AN "APPROVED BY" STATEMENT (IAW SUBPARA E BELOW) SHALL BE INCLUDED IN THE SOURCE CODE FOR EACH WEB HOME PAGE. SINCE THE INTERNET IS OPEN AND LEGALLY ACCESSED BY THE WORLDWIDE PUBLIC, INFORMATION PRESENTED IN PUBLICLY ACCESSIBLE WEB SITES REFLECTS ON THE DEPARTMENT OF THE NAVY'S PROFESSIONAL STANDARDS AND CREDIBILITY. REGARDLESS OF HOW OR BY WHOM THESE PAGES ARE ACTUALLY DEVELOPED, THE APPEARANCE, AND THE ACCURACY, CURRENCY AND RELEVANCE OF THIS INFORMATION REFLECTS DIRECTLY, OR INDIRECTLY, ON THE DEPARTMENT OF THE NAVY'S IMAGE. INFORMATION RESIDING ON A SERVER WITH A .MIL DOMAIN, MAY BE INTERPRETED BY THE WORLDWIDE PUBLIC, INCLUDING THE AMERICAN TAXPAYER AND MEDIA, AS REFLECTING OFFICIAL DON OR DOD POLICIES OR POSITIONS. THERE IS NO SUCH THING AS A PERSONAL OR UNOFFICIAL WEB PAGE ON A ".MIL" SERVER. THESE SERVERS AND THE INFORMATION THEY CONTAIN SHALL BE USED ONLY FOR OFFICIAL BUSINESS AND IN AN OFFICIAL CAPACITY. DETAILED GUIDANCE REGARDING NON-PUBLIC WEB SITES WILL BE PROMULGATED IN FORTHCOMING SECNAV POLICY. C. PUBLICLY AVAILABLE INFORMATION WILL NOT INCLUDE CLASSIFIED MATERIAL, INFORMATION THAT IS SENSITIVE IN NATURE, OR INFORMATION THAT COULD ENABLE THE RECIPIENT TO INFER CLASSIFIED INFORMATION. REQUIREMENTS FOR INFORMATION SECURITY, TO INCLUDE CLASSIFICATION, MARKING, SAFEGUARDING, TRANSMITTING AND DECLASSIFYING, AS PROMULGATED IN REF D WILL BE FOLLOWED REGARDING ALL DATA RESIDENT ON INFORMATION SYSTEMS.
D. PUBLICLY AVAILABLE INFORMATION WILL NOT VIOLATE PERSONAL PRIVACY OR THE REQUIREMENTS OF THE PRIVACY ACT (REF F). PUBLICLY AVAILABLE INFORMATION WILL NOT VIOLATE DOD POLICY THAT PROTECTS THE DISCLOSURE OF NAMES AND DUTY STATION ADDRESSESS OF INDIVIDUALS WHO ARE STATIONED OVERSEAS, ROUTINELY DEPLOYABLE OR IN SENSITIVE UNITS, WITH EXCEPTION OF FLAG OFFICERS AND PUBLIC AFFAIRS OFFICIALS. ALL COMMANDS WILL ENSURE THAT PHOTOGRAPHS, E-MAIL ADDRESSES, ORGANIZATIONAL CHARTS THAT LIST NAMES, AND OTHER BIOGRAPHICAL DATA OF INDIVIDUALS ARE NOT PLACED ON PUBLICLY AVAILABLE WEB SITES. NEITHER PUBLICLY AVAILABLE WEB SITES, NOR NON-PUBLIC DON WEB SITES WILL CONTAIN INFORMATION WHICH WOULD VIOLATE THE PRIVACY ACT.
E. THE PLACEMENT OF ELECTRONIC READING ROOM MATERIALS ON A COMMAND'S WEB SITE MUST BE CLEARED FOR THIRD PARTY DISCLOSURE UNDER THE PROVISIONS OF THE FREEDOM OF INFORMATION ACT (FOIA). F. PUBLICLY AVAILABLE INFORMATION WILL BE CLEARED THROUGH THE COMMAND'S OR ISIC'S PUBLIC AFFAIRS OFFICER (PAO), WHO WILL ENSURE THE INFORMATION FOLLOWS ALL CURRENT PUBLIC INFORMATION RELEASE AND SECURITY DIRECTIVES AND IS APPROVED FOR RELEASE BY THE COMMAND'S PAO/FOIA OFFICIAL PRIOR TO BEING PLACED ON THE COMMAND'S WEB SITE. THE PAO WILL REGISTER THE PUBLICLY ACCESSIBLE WEB SITE WITH THE GOVERNMENT INFORMATION LOCATOR SERVICE (GILS) IAW PARA 4.3 OF REF B. G. THE WEB SITE HOME PAGE WILL DISPLAY A TAILORED PRIVACY AND SECURITY NOTICE AS STIPULATED IN PARA 4.4 OF REF B. H. ALL EXTERNAL HYPERTEXT LINKS MUST ADHERE TO THE GUIDELINES OF PARA 4.5 OF REF B. 9. PURSUANT TO REF A, DIRECTOR, NAVAL CRIMINAL INVESTIGATIVE SERVICE (NCIS) WILL COLLABORATE WITH DIRECTOR OF NAVAL INTELLIGENCE (DNI) TO ENSURE A COMPREHENSIVE, MULTI-DISCIPLINE SECURITY ASSESSMENT IS CONDUCTED FOR DON WEB SITES WITHIN 3 MONTHS OF PROMULGATION OF THE FORTHCOMING DOD POLICY (DISCUSSED IN PARA 5 ABOVE). AN ANNUAL ASSESSMENT OF THESE SITES WILL BE CONDUCTED THEREAFTER. 10. POINTS OF CONTACT REGARDING THIS POLICY ARE THE FOLLOWING: A. DON CIO: MR. JOSEPH BROGHAMMER, (703) 602-6901. B. CNO N643: CWO2 THOMAS DELAINE (703) 601-1278. C. USMC C4I: MS. GILDA MCKINNON (703) 607-5546. D. CHINFO: ALAN GOLDSTEIN (703) 695-1887. 11. RELEASED BY THE HONORABLE JOHN H. DALTON, SECRETARY OF THE NAVY.// BT