ADMINISTRATIVE MESSAGE
 
ROUTINE       
 
R 011504Z MAY 00  ZYB MIN ZYX PSN 749527J34
 
FM CNO WASHINGTON DC//N6//
 
TO NAVADMIN
 
INFO CMC WASHINGTON DC//C4I//
CMC WASHINGTON DC//C4I//
DON CIO WASHINGTON DC//IA//
 
UNCLAS //N02250//
NAVADMIN 110/00
 
MSGID/GENADMIN/CNO WASH DC/N6//
 
SUBJ/NAVY PUBLIC KEY INFRASTRUCTURE (PKI) IMPLEMENTATION//
 
REF/A/DOC/DEPSECDEF/99MAY06/-/NOTAL//
 
AMPN/REF A PROVIDES OSD POLICY AND TIMELINE FOR DOD PKI
IMPLEMENTATION. REF A IS AVAILABLE AT HTTP:(SLANT SLANT)
INFOSEC.NAVY.MIL/PRODUCTS.//
 
RMKS/1. THIS MESSAGE PROVIDES NAVY'S IMPLEMENTATION PLAN FOR
PRIVATE NAVY WEB SERVERS. NAVY IMPLEMENTATION FOR ALL OTHER
ELEMENTS OF REF A WILL BE ADDRESSED SEPCOR.
 
2. A PRIVATE WEB SERVER IS DEFINED AS A WEB SERVER THAT RESTRICTS
(OR ATTEMPTS TO RESTRICT) PUBLIC ACCESS TO THE WEB SERVER OR ANY
PORTION OF THE WEB SERVER. THE COMMON MEANS OF RESTRICTION ARE BY
THE USE OF PASSWORDS OR BY LIMITING ACCESS TO THE WEB SERVER TO
SPECIFIC DOMAINS (E.G. .MIL AND/OR .GOV) OR FROM SPECIFIC INTERNET
PROTOCOL (IP) ADDRESSES. PRIVATE WEB SERVERS MAY BE OPERATED UNDER
CONTRACT TO, OR UNDER OTHER FORMAL WRITTEN AGREEMENT WITH, ANY DOD
ORGANIZATION THAT CONTAINS DOD INFORMATION. WEB SERVERS NOT INTERNET
ACCESSIBLE AND E-MAIL SERVERS ARE NOT SUBJECT TO THE JUNE 2000 DATE.
THE COMPLETE DOD TIMELINE FOR IMPLEMENTATION IS AVAILABLE AT THE
INFOSEC WEB SITE, HTTP:(SLANT SLANT) INFOSEC.NAVY.MIL/PRODUCTS.
 
3. PUBLIC KEY CRYPTOGRAPHY USING DIGITAL CERTIFICATES OFFERS THE BEST
AVAILABLE TECHNOLOGY FOR SECURE TRANSMISSION OF DATA ACROSS PUBLIC
AND PRIVATE WIDE AREA NETWORKS. IT PROVIDES A HIGH DEGREE OF
ASSURANCE OF DATA CONFIDENTIALITY, DATA INTEGRITY, AND USER
IDENTIFICATION AMONG USERS OF NETWORKED APPLICATIONS, INCLUDING E-
MAIL, WEB-BASED INFORMATION SERVICES AND TRANSACTIONS, AND ELECTRONIC
COMMERCE. PKI REFERS TO THE FRAMEWORK AND SERVICES THAT PROVIDE
SECURE GENERATION, PRODUCTION, DISTRIBUTION, CONTROL AND MANAGEMENT
OF DIGITAL CERTIFICATES. PKI IS AN ESSENTIAL COMPONENT OF NAVY'S
DEFENSE IN DEPTH STRATEGY FOR INFORMATION ASSURANCE.
 
4. PER REF A, ALL DOD PRIVATE WEB SERVERS ON BOTH CLASSIFIED AND
UNCLASSIFIED NETWORKS SHALL BE ISSUED DOD PKI DIGITAL CERTIFICATES
BY 30 JUNE 2000. SERVER AUTHENTICATION CERTIFICATES WILL EMPLOY
SECURE SOCKETS LAYER (SSL) PROTOCOL. PKI ENABLING OF A WEB SERVER
BY CONFIGURING IT TO PROVIDE AND USE A PKI CERTIFICATE AND SSL WILL
NOT, BY ITSELF, ADD PROTECTION TO THE DATA STORED ON THE SERVER NOR
WILL IT OBVIATE THE REQUIREMENT FOR USER ID AND PASSWORD. BY OCT
2001,
ALL USERS OF AFFECTED WEBSITES WILL BE REQUIRED TO REPLACE USER ID
AND PASSWORD LOGIN WITH INDIVIDUAL PKI CERTIFICATES. ADDITIONAL
GUIDANCE IS AVAILABLE AT THE INFOSEC WEB SITE.
 
5. THE FOLLOWING ACTIONS ARE DIRECTED:
 
A. NAVY SECOND ECHELON COMMANDS WILL:
(1) BEGIN IMMEDIATELY TO OBTAIN AND IMPLEMENT DOD SERVER
CERTIFICATES FOR ALL PRIVATE WEB SERVERS WITHIN THEIR
CLAIMANCY TO MEET THE 30 JUNE 2000 MILESTONE. GUIDANCE AND
INSTRUCTIONS ARE AVAILABLE AT THE INFOSEC WEB SITE.
(2) OBTAIN LOCAL REGISTRATION AUTHORITY (LRA) TRAINING AND PLAN TO
DEPLOY DOD PKI VER 2.0 LRA INFRASTRUCTURE REQUIRED TO ISSUE
OPERATIONAL CLASS 3 CERTIFICATES. THIS DEPLOYMENT SHOULD BE
THE MINIMUM REQUIRED TO MEET THE 30 JUNE 2000 MILESTONE.
DIRECTOR, COMSEC MATERIAL SYSTEMS (DCMS) HAS BEEN ASSIGNED AS
THE NAVY CLASS 3 REGISTRATION AUTHORITY (RA) AND WILL PROVIDE
GUIDANCE AND SUPPORT NEEDED TO ESTABLISH LRAS WITHIN THE
NAVY. DCMS IS AVAILABLE TO EITHER PROVIDE OR COORDINATE LRA
TRAINING.
(3) COORDINATE WITH DCMS ON IMPLEMENTATION PROGRESS (I.E., NUMBER
OF CERTIFICATES INSTALLED OUT OF TOTAL REQUIRED).
(4) PROVIDE ACTIVITIES UNDER THEIR COGNIZANCE WITH SPECIFIC
IMPLEMENTATION GUIDANCE TO MEET THE DEPSECDEF MANDATED
POLICY BY THE REQUIRED MILESTONE.
B. DIRECTOR, COMSEC MATERIAL SYSTEM (DCMS) WILL:
(1) COORDINATE AND SUPPORT THE ISSUANCE OF SERVER CERTIFICATES
TO MEET THE 30 JUNE 2000 MILESTONE.
(2) PROVIDE GUIDANCE AND SUPPORT ESTABLISHMENT OF LRAS WITHIN THE
NAVY TO INCLUDE LRA TRAINING.
(3) PROVIDE WEEKLY INPUTS TO CNO (N643) ON NAVY PROGRESS TOWARD
MEETING THE 30 JUNE 2000 MILESTONE.
C. SPAWARSYSCOM (PMW 161) WILL:
(1) DEVELOP AND MAINTAIN INFORMATION/INSTRUCTIONS ON THE INFOSEC
WEB SITE TO ASSIST COMMANDS IN OBTAINING SERVER CERTIFICATES
AND ESTABLISHING LRAS.
(2) PROVIDE TECHNICAL ASSISTANCE AND HELP DESK SUPPORT TO
REQUESTING NAVY COMMANDS.
 
6. OPNAV POC FOR NAVY PKI IMPLEMENTATION IS ROBERT WEILMINSTER, CNO
N64322, (703)601-1278 DSN 329-1278, WEILMINSTER.ROBERT(AT)HQ.NAVY.
MIL. SPAWAR POC IS DENNY MATTISON, PMW 161, (619)524-7879
DSN 524-7879, MATTISON(AT)SPAWAR.NAVY.MIL. THE NAVY RA POC AT DCMS
IS RON BURNSIDE, (202) 764-0259 DSN 764-0259, DONPKIRA(AT)NCTC.NAVY.
MIL. THE PKI HELP DESK CAN BE REACHED AT (619) 553-2423 OR VIA THE
INFOSEC HELP DESK AT (800) 304-4636.
 
7. RELEASED BY RADM R. W. MAYO, USN.//
 
BT