NSA: Change in Fortezza for Classified Policy

30 October 1999
Source: http://infosec.navy.mil/TEXT/DOCUMENTS/6jan99.html
ADMINISTRATIVE MESSAGE
 
ROUTINE       
 
R 062245Z JAN 99  ZYB PSN 504970J25
 
FM CNO WASHINGTON DC//N643//
 
INFO CINCLANTFLT NORFOLK VA//N6//
CINCPACFLT PEARL HARBOR HI//N6//
CINUSNAVEUR LONDON UK//N6//
COMUSNAVCENT BAHRAIN//N6//
COMNAVSEASYSCOM WASHINGTON DC//03/05//
COMNAVAIRSYSCOM PATUXENT RIVER MD//4.5.1.3//
COMSPAWARYSCOM SAN DIEGO CA//PMW161//
COMNAVSUPSYSCOM MECHANICSBURG PA//07//
COMNAVSECGRU FT GEORGE G MEADE MD/N6//
COMNAVSPECWARCOM CORONADO CA//N6//
COMNAVRESFOR NEW ORLEANS LA//N6//
COMNAVCOMTELCOM WASHINGTON DC//N3//
COMSUBLANT NORFOLK VA//N43//
COMSUBPAC PEARL HARBOR HI//N43//
COMNAVSURFLANT NORFOLK VA//N6//
COMSURFPAC SAN DIEGO CA//N6//
COMNAVAIRLANT NORFOLK VA//N6//
COMNAVAIRPAC SAN DIEGO CA//N6//
ONI WASHINGTON DC//54//
DIRSSP WASHINGTON DC//16//
NRL WASHINGTON DC//5540//
FLTINFOWARCEN NORFOLK VA//N3//
DCMS WASHINGTON DC//30//
SPAWARSYSCEN CHARLESTON SC//721//
SPAWARSYSCEN SAN DIEGO CA//D87//
R 301944Z DEC 98
 
FM DIRNSA FT GEO G MEADE MD
 
TO JOINT STAFF WASHINGTON DC//J6K//
DA WASHINGTON DC//C4C//
CMC WASHINGTON DC//C4I//
CNO WASHINGTON DC//N643//
DISA WASHINGTON DC//D24/D25/D2/D3/D33/D6/AN//
HQ AFCIC WASHINGTON DC//SYNI//
 
INFO USCINCPAC HONOLULU HI//PCJ6//
USCINCEUR VAIHINGEN GE//ECJ6//
USCINCCENT MACDILL AFB FL//CCJ6//
USCINCSOC MACDILL AFB FL//SCJ6/NCR SOCOM/INFOSEC//
USCINCSO MIAMI FL//SOJ6/SCAS//
USCINCSPACE PETERSON AFB CO//SPJ6/J60//
USCINCSTRAT OFFUTT AFB NE//STJ6//
USCINCTRANS SCOTT AFB IL//TCJ6//
DCMS WASHINGTON DC//20//
HQ AFCA SCOTT AFB IL//GCI//
COMARCORSYSCOM QUANTICO VA//C41//
COGARD TISCOM ALEXANDRIA VA//OPS-4//
NCEUR VAIHINGEN GE
NCPAC HONOLULU HI//F405//
NCRDEF WASHINGTON DC//INFOSEC//
NCR ACOM NORFOLK VA
USCINCACOM NORFOLK VA//ACJ6/J2C4//
NCR STRATCOM OFFUTT AFB NE//INFOSEC//
NCR TRANSCOM SCOTT AFB IL//INFOSEC//
COMNAVCOMTELCOM WASHINGTON DC//N3//
 
UNCLAS E F T O
V51-022-98
 
SUBJECT: FORTEZZA FOR CLASSIFIED POLICY AND OPERATIONAL DOCTRINE
UPDATE
 
A. DIRNSA FT GEO G MEADE MD V51-012-98 221852Z MAY 98
B. NSA POLICY ON FORTEZZA FOR CLASSIFIED, JANUARY 1996 (NOTAL)
 
1. (U) THIS MESSAGE EXTENDS REFERENCE A THROUGH 22 MAY 2000, AND
MODIFIES IT AS NOTED BELOW.  A FORMAL INSTRUCTION ISSUED THROUGH THE
NATIONAL SECURITY TELECOMMUNICATIONS AND INFORMATION SYSTEMS SECURITY
COMMITTEE (NSTISSC) SHALL BE ISSUED IN THE NEAR FUTURE. IN THE
MEANTIME, THIS MESSAGE DESCRIBES SIGNIFICANT CHANGES IN FORTEZZA FOR
CLASSIFIED (FFC)POLICY.
 
2. (U) REFERENCE B ALLOWED FFC TO BE USED AS THE SOLE MEANS OF
ENCRYPTION TO PROTECT CLASSIFIED INFORMATION IN ANY MEDIUM NOT
SECURED BY A TYPE 1 PRODUCT OR PROTECTED DISTRIBUTION SYSTEM ONLY
THROUGH JANUARY 1, 1999. THAT LIMITATION SHALL BE ENFORCED.  THE
PROVISION IN THE REF A.(PARA 6.B.(2)) THAT ALLOWS SECRET TRAFFIC
PROTECTED BY FORTEZZA AND CHECKED BY A GUARD TO BE TRANSMITTED OVER
AN UNCLASSIFIED NETWORK (E.G. SECRET-TO-SECRET TRAFFIC OVER THE
INTERNET) IS REMOVED. THIS IS NO LONGER VIEWED AS AN ACCEPTABLE
APPROACH FOR PROTECTING CLASSIFIED INFORMATION PASSED BETWEEN
CLASSIFIED ENCLAVES OVER AN UNCLASSIFIED NETWORK.  AN EXCEPTION IS
ALLOWED FOR THE REMOTE ACCESS SECURITY PROGRAM (RASP) SECRET DIAL-IN
SOLUTION ONLY THROUGH JANUARY 1, 2002.
 
3.  (U) REFERNCE A (PARA 21.A) INCLUDED GUIDANCE FOR THE SECURE
OPERATION OF FFC CARDS USED IN THE RASP SECRET DIAL-IN SOLUTION FOR
MOBILE (I.E. TRAVELING) USERS. LIKEWISE, FORTEZZA MODEMS MUST BE KEPT
IN THE PERSONAL POSSESSION OF THE AUTHORIZED, CLEARED USER AT ALL
TIMES, OR STORED/PROTECTED IN A MANNER THAT WILL MINIMIZE THE
POSSIBILITY OF LOSS, UNAUTHORZED USE, OR TAMPERING. NSA WOULD ALSO
REMIND EVERYONE THAT REMOTE ACCESS TO CLASSIFIED NETWORKS IS NOT A
RISK-FREE ENDEAVOR AND, THEREFORE, CARE SHOULD BE TAKEN TO MAKE SURE
USERS HAVE A MISSION CRITICAL NEED BEFORE AUTHORIZING REMOTE ACCESS
ACCOUNTS.
 
4. (U) IN THE PAST, NSA RECEIVED A NUMBER OF CUSTOMER REQUESTS TO USE
THE RASP SECRET DIAL-IN SOLUTION AS A LINK ENCRYPTOR TO CONNECT LOCAL
AREA NETWORKS TRANSPORTING LARGE VOLUMES OF CLASSIFIED DATA. THE RASP
SECRET DIAL IN SOLUTION WAS DESIGNED TO SATISFY THE MORE LIMITED
REQUIREMENT OF PROVIDING SECURITY FOR TRAVELING USERS WHO NEED
TEMPORARY ACCESS TO THEIR HOME NETWORKS. THE VOLUME OF TRAFFIC AND
FREQUENCY OF USE WAS ASSUMED LOW FOR THE INTENDED APPLICATIONS. RASP
SECRET DIAL-IN SOLUTIONS ARE NOT AUTHORIZED FOR USE IN LAN-TO-LAN
APPLICATIONS OR FOR APPLICATIONS INVOLVING LARGE VOLUMES OF TRAFFIC.
FOR CURRENT OPERATIONAL NEEDS, EXISTING TYPE 1 SOLUTIONS SHOULD BE
IMPLEMENTED.
 
5. (U) IF YOU HAVE ADDITIONAL QUESTIONS CONCERNING FFC PLEASE CONTACT
CLARK WAGNER, X11 (COMM 410-854-4465; DSN 244-4465) AND FOR RASP
CONTACT THE PROGRAM MANAGER, DEBORAH ROWE, X22 (COMM 410-854-4463;
DSN 244-4463), OR LT CHRIS GAUCHER, V12 (COMM 410-854-4683; DSN
244-4683). A NATIONAL SECURITY TELECOMMUNICATIONS AND INFORMATION
SYSTEMS SECURITY INSTRUCTION ADDRESSING FORTEZZA OPERATIONAL SECURITY
DOCTRINE SHOULD BE READY FOR PUBLICATION IN EARLY 1999, AND WILL
INCORPORATE THESE CHANGES. POC FOR THE NSTISSI ON FORTEZZA IS BRIAN
HENDERSON, V511 (COMM410-854-6831).
 
BT
Administration provided by the
SPAWAR Systems Center
in Charleston, South Carolina, USA.
WebMaster@infosec.navy.mil