DEPARTMENT OF THE NAVY NAVY RECRUITING DISTRICT… · NAVCRUITDISTNOLAINST 5239.4D 40 22 Apr 2015...
Transcript of DEPARTMENT OF THE NAVY NAVY RECRUITING DISTRICT… · NAVCRUITDISTNOLAINST 5239.4D 40 22 Apr 2015...
NAVCRUITDISTNOLAINST 5239.4D
40
22 Apr 2015
NAVCRUITDISTNOLA INSTRUCTION 5239.4D
From: Commanding Officer, Navy Recruiting District New Orleans
Subj: NAVY RECRUITING DISTRICT NEW ORLEANS MOBILE RECRUITER
INITIATIVE POLICY
Ref: (a) COMNAVCRUITCOMINST 5239.4A
(b) NAVCIRT, Virus Report
(c) OPNAV 5239/14 (REV 9/2011), System Authorization
Access Request - Navy (SAAR-N)
(d) Naval Network Warfare Command (NNWC), Computer Task
Order 08-08 (Update 4)
(e) COMNAVCRUITCOMINST 5234.2A, Information Technology
Configuration Management Policy
(f) 7000-14R, DoD Financial Management Regulation volume
12, Chapter 7
(g) COMNAVCRUITCOMINST 5720.11H
Encl: (1) Releasable/Non-Releasable Information Using .com
Networks
(2) Definitions
(3) NAVCRUIT 5239/2 (3-2013), Report Missing, Lost,
Stolen Damaged (MLSD) Equipment Form
(4) Custody Card for Computer and Equipment
(5) NAVPERS 1070/613 (REV. 10-81), Issuance of Government
Owned Computer and Accessories Statement of
Understanding
1. Purpose. Set forth policy for acceptable use of mobile
computing equipment, peripheral devices and Information
Technology (IT) infrastructure under the Mobile Recruiting
Initiative (MRI). This instruction is intended to complement,
reinforce, and/or strengthen the policies and procedures
established under references (a) through (g).
2. Cancellation. NAVCRUITDISTNOLAINST 5239.4C.
3. Background. Production Recruiters are a mobile sales force.
They are expected to devote in excess of fifty percent of their
time in the field prospecting new applicants and processing
Future Sailors. This requirement drives a need for IT tools
DEPARTMENT OF THE NAVY NAVY RECRUITING DISTRICT, NEW ORLEANS
400 RUSSELL AVE BLDG 192 NEW ORLEANS, LOUISIANA 70143-5077
NAVCRUITDISTNOLAINST 5239.4D
22 Apr 2015
that are highly mobile with ubiquitous access to key Manpower,
Personnel, Training and Education (MPT&E) Enterprise
systems/networks. MRI is a Next Generation Network (NGEN)
program specifically designed to satisfy Production Recruiters’
distinct business requirements. The mobility afforded under MRI
Eliminates the need for physical connections to the Navy Marine
Corps Intranet (NMCI) network. It provides Recruiters with
tools to fully function in the commercial infrastructure (.com)
environment.
4. Policy.
a. MRI delivers unfettered and ubiquitous access to key
business systems/networks. In doing so it creates renewed
emphasis on physical and electronic security, information
assurance, and ethical business practices. Although all
computers are equipped with software to prevent illegal entry
and access, improper use of MRI devices can compromise sensitive
data, destroy hardware/software, and negatively impact the
public trust in an organization. It is each user’s obligation
to adhere to strict security, Information Assurance, and ethical
business practices per reference (a) through (e) and other
applicable laws, regulations, and policies. Definitions used
herein are contained in enclosure (2). Navy Personnel,
Department of Defense (DoD) employees, and contractor personnel
working for the Navy are expected to uphold the highest
standards of conduct. Personnel that violate these policies
will be subject to Uniform Code of Military Justice (UCMJ) and
other disciplinary action set forth by applicable laws,
regulations, and policies.
b. Careful consideration must be given to overall risk to
personnel, information/data, infrastructure, equipment, and
reputation when instituting new commercial technologies and best
practices. MRI computing systems have undergone rigorous risk
analysis and have been configured to DOD/DON guidelines.
(NAVCRUITCOM) is authorized to operate MRI computers over
commercial infrastructure. Users are not authorized to make any
changes to the security baseline of MRI seats without the
expressed written consent of the command’s Information Assurance
Manager.
2
NAVCRUITDISTNOLAINST 5239.4D
22 Apr 2015
c. NAVCRUITCOM, like many institutions with a presence in a
.com environment, must address new security issues previously
not applicable to Recruiters in the field. Operation in the
.com environment exposes machines to real world security
threats. Navy Recruiters, as a major component of the first
line of security, must be more vigilant in this environment and
knowledgeable of latest security policies and intrusion schemes
by hackers.
d. MRI provides Production Recruiters the ability to
perform business transactions using social media, commercial
websites, and/or direct electronic communications with potential
applicants. Recruiters are expected to adhere to the policies,
acceptable use, license and user agreements set by the
owners/governing body of the commercially provided
communications channel. In events where commercial policy
conflicts with DOD/DON policy and regulations, the DOD/DON
policy/regulations will take precedence (unless otherwise
directed by competent authority). MRI users are directed to
contact Commanding Officers for guidance if/when commercial
policies are deemed ambiguous. Users are directed to
immediately report any/all violations of DoD/DON
policies/procedures to Commanding Officers.
e. The .com environment demands moral discipline and
ethical consideration due to the public nature of communication
and computer networks. The nature of social networking and the
culture of free flowing unstructured text where abbreviations,
colloquialism and slang exists as a norm require increased
diligence to adhere to high ethical standards in the public
domain. Social network pages should be viewed as print media
because web pages may be copied, referenced and disseminated as
examples of Navy communication in the public domain.
f. Interactions with groups and individuals may result in
requests for information about the Navy. Except for recruiting-
related information, requests for information concerning Navy
component commands from organizations or private citizens shall
be encouraged to use the process established in reference (a)
and send their requests to the appropriate command.
g. Usage of web-based Navy Recruiting applications (e.g.
Web RTools, CIRIMS, NASIS, PRIDE Mod, etc.) and social
networking sites will result in the exchange of variety of
information across the Internet. Navy Recruiters will utilize
3
NAVCRUITDISTNOLAINST 5239.4D
22 Apr 2015
DoD approved secure HTTPS/SSL communication methods while
utilizing DoD or .com applications whenever PII data may be
involved. Navy Recruiters hall collect personal information via
DoD approved methods. Absolutely no medical information shall
be associated with individuals; it is permissible, however, to
address qualifying medical conditions as a part of program
specifics. Navy Recruiters will allow Personal Identifiable
Information (PII) data to be present on MRI computers only as
long as necessary before transferring the data to the
appropriate application. After transmission to the appropriate
application, the Recruiter will immediately delete all PII data.
h. Military members shall protect their privacy
information. Navy Recruiters, however, shall identify
themselves by official name, rank, and phone number as
appropriate during their conversation with potential applicants.
Social networking aliases may be used in general conversation;
however, Recruiters must identify themselves when discussing
Navy-related programs.
i. Navy Recruiters shall never discuss ship and aircraft
locations, force structures, casualty figures, past missions or
results of operations. Intelligence sources can aggregate data
from several recruiters across websites and glean significant
information concerning Navy units, their operations and
reactions in support of future operations. Additional
information is contained within enclosure (1).
j. The internet is a powerful information tool for both
internal and external use. As per reference (d), the Public
Affairs Officer (PAO) is responsible for determining how social
networks will be used and also monitoring their use along with
any associated technological tools. The NAVCRUITCOM PAO shall
create and maintain a clear process for establishing, reviewing
and ensuring ongoing maintenance and accuracy of social
networking sites and communications.
k. Some Navy Recruiters may find it appropriate to use
music or videos on social network sites or during presentations
given via MRI equipment. Navy Recruiters shall not place or
reference information that violates copyright laws.
l. Factual statements shall be used in all communications.
Navy Recruiters have a responsibility to keep informal
communications factually accurate when discussing Navy programs.
4
NAVCRUITDISTNOLAINST 5239.4D
22 Apr 2015
Social networks are print media and can be copied and passed to
Navy and congressional leaders as complaints when potential
applicants perceive false information.
m. No personal business shall be conducted via MRI
equipment. Contacts generated on social networks shall not be
used for a personal business venture, including data mining
access for the purpose of selling contacts to marketing firms or
individuals.
n. Navy Recruiters shall report attacks or perceived
attacks on their social network sites or MRI devices via System
Administrator (SYSAD), the NAVCRUITCOM help desk or via incident
report per reference (b) on the NAVCRUITCOM Quarterdeck.
Attacks against Navy social sites could be an indication of, or
associated with, an organized attack targeted against the entire
infrastructure. To identify and respond to such attacks, all
Recruiters shall report detection of denial of service,
information gathering or phishing schemes.
o. System administrators shall ensure computer firewalls,
intrusion detection, Data Encryption at Rest (DAR) and virus
software are configured and operational in accordance with
DoD/DON Information Assurance Policy. To ensure protection
against personal and network attacks, Navy Recruiters shall not
alter the configuration of computer firewalls, intrusion
detection, DAR and virus software. Navy Recruiters will be
responsible for accepting and scheduling software patches and
virus definitions in accordance with policies set by monitoring
software installed on their MRI computers.
p. All Recruiters shall provide the following upon receipt
of MRI equipment: proof of completion of Personally
Identifiable Information (PII) training; a newly signed OPNAV
SAAR-N form/user agreement (see reference (c); proof of
completion of ALCON 025/09 annual IA training; a completed and
signed Custody Card for Computer and Equipment enclosure (4).
q. MRI devices shall never be connected to the NMCI or
other DoD/DoN networks via any (LAN) cable or (Wi-Fi)
connection. If the MRI computer is plugged into a NMCI managed
port, the port will be deactivated and a Move Add Change (MAC)
request will be required to reactivate via the Information
Assurance (IA) Manager at NAVCRUITCOM Headquarters. This
process may take up to two weeks to reactivate.
5
NAVCRUITDISTNOLAINST 5239.4D
22 Apr 2015
r. In accordance with annual Information Assurance (IA)
training and Navy policy, the connection of flash media (e.g.,
memory cards, USB flash drives) to MRI equipment is prohibited
until further notice per reference (d).
s. MRI computers are an NMCI/NGEN managed asset. However,
NAVCRUITCOM will have client system administration rights.
Therefore, the responsibility of the configuration baseline
becomes a shared responsibility between NMCI/NGEN and
NAVCRUITCOM. As a result, SYSADs are required to ensure the
standardized devise configuration as set forth by NMCI/NGEN and
NAVCRUITCOM is maintained. All proposed changes to the baseline
configuration (hardware or software) must follow NMCI/NGEN and
NAVCRUITCOM configuration management policy and processes in
accordance with reference (e).
t. The issuance of multiple portable pieces of equipment to
be used in public and potentially unsecure locations increases
the risk of missing, lost, stolen or damaged (MLSD) equipment.
Commanding Officers will establish policy to indicate
responsibility for MLSD equipment. Enclosure (3), statement of
understanding signed by the individual to who the equipment has
been issued. The replacement of MLSD MRI computes will be
accomplished via enclosure (4).
5. Oversight and Audit. Navy Recruiters need to be cognizant
that the MRI is a government computer asset and as such, will be
subject to monitoring by government agencies to include key
stroke analysis, website visitation practices and security
scans. An N7 inspection team and/or the CO/XO will perform spot
checks annually (or as directed) on at least 25% of their MRI
devices to ensure unauthorized sites are not being accessed, to
ensure PII information is being deleted, and to ensure
unauthorized data is not being captured or stored. All
personnel must be diligent and alert to avoid lapses in
discipline within the open and free conversational environment
of the .com arena. Greater freedom requires increased vigilance
and discipline to ensure we represent the Navy in a professional
manner.
6. Missing, Lost, Stolen, or Damaged (MLSD) Equipment. Navy
Recruiters shall recognize that mobile IT tools provided are
highly visible to the public and no longer have the physical
security and protection once sustained behind locked doors and
walls of Recruiting Stations. As a result, Recruiters are
6
NAVCRUITDISTNOLAINST 5239.4D
22 Apr 2015
responsible and will safeguard the information and physical
security of their computer. The replacement of a MLSD computer
system is costly. The report contained as enclosure (3) will be
completed in all cases of missing, lost stolen or damaged
equipment. Report Control Symbol NAVCRUIT 5239-4 has been
assigned to this reporting requirement. If issued equipment
(including peripherals) is damaged, lost or stolen and
negligence, determined. Recruiters will be held liable for the
replacement cost in accordance with reference (f). Failure to
follow these policies MAY result in disciplinary action and/or
repayment of lost or damaged equipment.
7. Forms and Reports. Use of the following forms and reports
are directed by this instruction:
a. NAVPERS 1070/613 Administrative Remarks, Issuance of
Government Owned Computer and Accessories enclosure (5) can be
obtained from the SYSAD.
b. NAVCRUIT 5239/2 (3-2013), Report Missing, Lost, Stolen
Damaged (MLSD) Equipment, Report Control Symbol 5239-4 enclosure
(3) is located on the cnrc.navy.mil website in the forms
section.
8. Virus.
a. A computer virus is an unauthorized program that can
damage any part or all of a computer's programs and data. These
programs systematically change small segments of code in various
".exe" and ".com" files, particularly the COMMAND.COM file. The
virus spreads from PC to PC when an individual unknowingly
copies an infected program onto another computer, and proceeds
to execute it. The virus then becomes active and, if not
detected, may render text files unreadable and programs
inoperable. Many currently known viruses have been setup to
reformat the computer's hard disk, in which case, all residing
files may be lost.
b. Precautions used to minimize the risk of a virus.
(1) Notify the SYSAD immediately upon discovery of
virus, trojan, worm or other unauthorized program.
(2) Only use "Navy-issue", government-purchased software
which has the manufacturer's sealed wrap.
7
NAVCRUITDISTNOLAINST 5239.4D
22 Apr 2015
(3) Use one or more of the antiviral programs when
downloading programs and/or utilities from online bulletin board
systems. These programs are designed to counteract a number of
known viruses. Antiviral programs can assist users in
determining the existence of various computer viruses; however,
no single program handles all known viruses. Therefore, these
packages should not be depended upon as your only line of
defense against attacks.
(4) Consult with your Automatic Data Processing Security
Officer (ADPSO) before using any non-Navy procured programs or
software.
/s/
C. A. WYNTER
Distribution List:
Electronic only, via
http://www.cnrc.navy.mil/neworleans
8
NAVCRUITDISTNOLAINST 5239.4D
22 Apr 2015
Releasable/Non-releasable Information Using .com Networks
1. In general, Recruiters may discuss all Navy Recruiting
Command programs and qualifications via .com networks. As
allowed during face-to-face meetings, Recruiters may recommend
study aids, interview tips and successful approaches used by
previous applicants on the application process. General
references to their experiences oh ships, aircraft, duty
stations etc, are a part of salesmanship to new recruits;
classified information, however, may never be discussed no
matter how dated the information may appear to be. Additional
guidance concerning releasable information is as follows:
a. Military personnel shall not expect privacy guarantees
regarding their name, rank, gross salary, duty assignments, duty
phone numbers, source of commission or enlistment, awards and
decorations, duty stations and professional military education.
b. If the information is particularly well known or widely
available within the public domain, or the military member has
made the information public, there is generally no expectation
of privacy.
c. Information that was a some time or place available to
the public but is now hard to obtain (i.e. practical obscurity)
and does not impinge on an individual’s right of privacy (name
to face recognition) is allowed to be released.
d. An individual does not have any expectation of privacy
with respect to information made public by that individual.
2. The reproducible nature of content on .com networks and the
anonymous nature of the internet require increased vigilance by
all involved. The following is a list of information that is
prohibited from release to the public in general and
particularly on .com networks:
a. Future military plans or operations.
b. Detailed information about vulnerabilities or
weaknesses.
c. Sensitive information.
d. Classified information.
Enclosure (1)
NAVCRUITDISTNOLAINST 5239.4D
22 Apr 2015
e. Rules of engagement.
f. Security measures, force protection or deceptive actions
used as part of the operation.
g. Intelligence collection activities (past and present),
including intelligence methods, targets, and results.
h. Information about downed aircraft or ships while search
and rescue operations are being planned or in progress unless
the event is clearly in plain sight of the media.
i. Specific types of ordnance expended, and (in some cases)
the methods used to expend ordnance.
j. Location and activities of special operations forces.
k. Classified aspects of equipment, procedures, and
operations must be protected from disclosure. Web clips,
videos, and unofficial comments between military members passed
from wartimes operations are potentially intelligence-rich when
compared and aggregated with other such innocent exchanges from
individuals. Information mining by intelligence operatives and
governments monitoring social network interaction may glean
information on past or future operations.
l. Ship, personnel and unit departures and arrivals are
highly visible; however, Navy Recruiters should not pass or post
such information via .com network communications or web content.
m. Navy Recruiters may not divulge information or
characteristics that may be used to distinguish or trace an
individual’s identity such as their social security number,
birth date, home address, home phone number, or biometric
records.
2 Enclosure (1)
NAVCRUITDISTNOLAINST 5239.4D
22 Apr 2015
Definitions
Computer Network. A group of two or more computers and devices
interconnected, either wired or wirelessly, to communicate with
each other and share resources and information among connected
devices.
Convertible Tablet Personal Computer (PC). A mobile computer
that can be operated as a traditional laptop (e.g., by use of a
keyboard and mouse) or as a tablet computer (e.g., by touching
the computer’s display screen).
Deployment Kit. A collection of hardware and accessories to be
issued to a user as part of the Mobile Recruiter Initiative.
Includes a mobile computer, mobile printer, mobile scanner, a
portable speaker, and associated cables. Is issued with a
rolling suitcase that houses all equipment issued as part of the
kit.
Flash Media. Portable devices utilizing flash memory, a
computer storage technology that can be erased and reprogrammed.
Can include memory cards, thumb drives, and flash drives.
Mobile Printer. A document printer designed for portable use.
Can be easily and safely transported by hand and is compatible
with mobile computers such as laptops or convertible tablet PCs.
Mobile Scanner. A document scanner designed for handheld use.
Can be easily and safely transported by hand and is compatible
with mobile computers such as laptops or convertible tablet PCs.
Navy Marine Corps Intranet (NMCI). A computer network used
exclusively by the Department of the Navy (DON) and the Marine
Corps. Is not accessible to the public.
Network. A group of two or more computers and devices
interconnected, either wired or wirelessly, to communicate with
each other and share resources and information among connected
devices.
Social Network. An information technology service that focuses
on building online communities of people who share interests and
activities, or who are interested in exploring the interests and
Enclosure (2)
NAVCRUITDISTNOLAINST 5239.4D
22 Apr 2015
activities of others. Most social network services are web
based and provide a variety of ways for users to interact, such
as e-mail, personal home pages, public forums and instant
messaging services.
Wi-Fi. A branded standard for wirelessly connecting electronic
devices to enable communication and data sharing among connected
devices.
.com Environment. The Internet as accessed via public methods
outside of the NMCI network or DOD network. Can be accessed via
a variety of internet connection types, including 3G and 4G, Wi-
Fi, or local area network (LAN) connections.
3G. An abbreviation for “third generation,” the third
generation of wireless technology standards that fulfill the
International Mobile Telecommunications-2000 (IMT-2000)
specifications set by the International Telecommunication Union.
4G. An abbreviation for “fourth generation,” the fourth
generation of wireless technology standards that fill the
International Mobile Telecommunications Advanced (IMT-Advanced)
specifications set by the International Telecommunication Union
in 2009.
2 Enclosure (2)
NAVCRUITDISTNOLAINST 5239.4D
22 Apr 2015
Enclosure (3)
NAVCRUITDISTNOLAINST 5239.4D
22 Apr 2015
2 Enclosure (3)
NAVCRUITDISTNOLAINST 5239.4D
22 Apr 2015
Custody Card for Computer and Equipment
NRD
New Orleans
Station/RSID
NRS XXX/134XXX
Member’s Name
LAST, FIRST MIDDLE
SSN (Last four digits only)
XXXX
Computer Asset Tag #
51002XXXXX
Machine Name
SLNORLXXXXXX
Items Make/model NRD Serial# Service/Serial #
Computer
HP EliteBook 2740
N/A
MXL1430XXX
Speaker
Altec Lansing iML227
624440XXXX
03221SHEA00XXXXX
Scanner
Scan Snap S1100
624440XXXX
XXXXXX
Printer
Canon ip100
624440XXXX
ABTBXXXXX
Printer Batteries
Cannon LK-62
N/A
N/A
Finger Print Scanner
FS88
624440XXXX
XXXXXX
Computer Travel Bag
Kensington
Bag #XX
N/A
I____ __ LAST, FIRST MIDDLE __ _____, accept custody of the above listed computer and equipment. I am thoroughly familiar with the provisions of NAVCRUITDISTNOLAINST 5239.4D. I understand that by accepting custody, I will be held accountable for the “Care and Safety” of this computer and equipment assigned to me.
Enclosure (4)
NAVCRUITDISTNOLAINST 5239.4D
22 Apr 2015
ADMINISTRATIVE REMARKS NAVPERS 1070/613 (REV. 10-81) S/N 0106-LF-010-6991
SHIP OR STATION
NAVY RECRUITING DISTRICT, NEW ORLEANS Issuance of Government Owned Computer and Accessories
__________________________________________________________ You have been issued a government-owned computer and accessories. The use of this computer is intended to aid you of your duties as a recruiter or recruit support personnel for the United States Navy. There are certain policies that are needed to be followed to ensure proper operation is followed which in reduces down time of your computer system if a failure were to occur. Failure to follow these policies can result in disciplinary action.
All computers are subject to spot inspections and monitoring at all times. Any modification of your computer by yourself or unauthorized personnel is unacceptable. This includes changes in software or hardware. Privately licensed software may not be installed unless permission from the Commanding Officer is obtained in writing. Illegal software can cause failures within the recruiting programs and other associated software, which can impact you and others of their duties. Illegal software applications include: personal Internet access, personal e-mail software, down loaded files or software from the Internet, pornographic material and any other applications.
Information and physical security of your computer is paramount. The replacement of a stolen computer system can be costly. It needs to be understood that you are responsible for your machine. If a computer is stolen and negligence is determined, you can be held liable for the replacement cost. Also, the information stored inside your computer is of a sensitive nature and falls within Privacy Act guidelines. You should always take steps to guard against unauthorized access to this material. All computers are equipped with password software to prevent illegal entry and to prevent access to sensitive information. In accordance with NAVCRUITDISTNOLAINST 5239.4D Section 4, Paragraph r: At no time will MRI computers be left unattended (locked/unlocked) in vehicles (GOV/Personal), to include the trunk.___
Your computer has been provided with an e-mail capability. Your access will be through Microsoft Outlook by default. However, if you are in possession of a “Mobile Recruiter Initiative” computer (MRI) you will need to access your E-mail through the specified Microsoft Outlook Web Access. These services have been provided to help you function more effectively in your job. Remember that the Navy Recruiting Command server computer is not as large as commercial services. This means large amounts of personal e-mail will bottle neck the system and cause failures for everyone. Although the occasional e-mail note to a friend or a family member is as acceptable as receiving a personal phone call or two at work, abuse of the system will not be tolerated. The same applies to browsing on the Internet. Viewing or downloading pornographic material on the Internet is strictly prohibited. The use of your computer, Internet and e-mail services to manage, maintain, or operate any form of business or profit generating enterprise is strictly prohibited.
System Administrators have the capabilities to monitor computers, e-mail accounts and the locations you have visited on the Internet. Please be aware that any e-mail you transmit or receive can be requested by outside parties under the Freedom of Information Act. Contact the command System Administrators for any questions you may have regarding these policies.
__ LAST, FIRST MIDDLE / __________ __________ / ________ /_________ (Print Name: Last, First, Middle) (Member’s Signature) (Rank/Rate) (Date)
_____________________ / GS-9/SYSAD / ___________ (Witness Signature) (Rank/Rate) (Date)
Enclosure (5)