IMPLEMENTATION OF NAVY ELECTRONIC MAIL (EMAIL) DIGITAL SIGNATURE POLICY

RAAUZYUW RUEWMCS0000 2481721-UUUU--RUCRNAD
ZNR UUUUU
R 041721Z SEP 08
FM CNO WASHINGTON DC//N6//
TO NAVADMIN
BT
UNCLAS //N03000//
NAVADMIN 248/08
MSGID/GENADMIN/CNO WASHINGTON DC/N6/AUG// 
SUBJ/IMPLEMENTATION OF NAVY ELECTRONIC MAIL (EMAIL) DIGITAL SIGNATURE 
POLICY// 


REF/A/RMG/JTF-GNO 07-15/071650ZAPR2008/-/NOTAL// REF/B/RMG/CNO 
WASHINGTON DC/071651ZDEC2004/-/NOTAL// REF/C/DOC/DODI 
8520.2/01APR2004/-// REF/D/RMG/DON CIO WASHINGTON DC/202041ZAUG2007/-
/NOTAL// NARR/REF A IS JOINT TASK FORCE - GLOBAL NETWORK OPERATIONS 
(JTF-GNO) COMMUNICATIONS TASKING ORDER (CTO) 07-015 REVISION 1, PUBLIC 
KEY INFRASTRUCTURE (PKI) IMPLEMENTATION, PHASE 2. REF B IS NAVY COMMON 
ACCESS CARD (CAC) AND PUBLIC KEY INFRASTRUCTURE (PKI) IMPLEMENTATION 
GUIDANCE UPDATE. REF C IS DOD INSTRUCTION 8520.2, PUBLIC KEY 
INFRASTRUCTURE (PKI) AND PUBLIC KEY (PK) ENABLING. REF D IS DON 
SECURITY GUIDANCE FOR PERSONAL ELECTRONIC DEVICES (PED).
POC/SETH B. GANG/CIV/NAVNETWARCOM/NORFOLK VA
/TEL:757-417-6754 X3/TEL:DSN 537-6754 X3/EMAIL:SETH.GANG(AT)NAVY.MIL 
/SMAIL:SETH.GANG(AT)NAVY.SMIL.MIL//
POC/BOB WEILMINSTER/CTR/OPNAV N6/PENTAGON, VA/TEL:703-604-1264 
/EMAIL:ROBERT.WEILMINSTER1.CTR@NAVY.MIL//
GENTEXT/REMARKS/1. THIS NAVADMIN IS IN SUPPORT OF PHASE II OF PKI 
IMPLEMENTATION PER REF A, AND DIRECTS THE FULL IMPLEMENTATION OF THE 
NAVY EMAIL DIGITAL SIGNATURE POLICY TO INCLUDE THE REQUIREMENT TO CAC-
ENABLED BLACKBERRIES AS STATED IN REFS B AND C.  
2. THIS POLICY APPLIES TO ALL UNCLASSIFIED EMAIL SENT FROM A DEPARTMENT 
OF DEFENSE (DOD)-OWNED, OPERATED, OR CONTROLLED SYSTEM OR ACCOUNT TO 
INCLUDE, BUT IS NOT LIMITED TO, DESKTOPS, LAPTOPS AND, PER REF D, 
PERSONAL ELECTRONIC DEVICES (PEDS) LIKE BLACKBERRIES. 
3. PER REFS B, C, AND D, THE NAVY DEPLOYED CAC AND CAC READERS IN 2003 
AND 2004 TO IMPLEMENT THE IMPROVED NETWORK SECURITY MEASURES OF 
CRYPTOGRAPHIC LOGON, DIGITAL ENCRYPTION AND DIGITAL SIGNATURES. A 
DIGITAL SIGNATURE IS A "STAMP" ON AN EMAIL, WHICH IS UNIQUE TO THE USER 
AND PROVIDES AN ACCURATE MEANS OF IDENTIFYING THE ORIGINATOR OF A 
MESSAGE (MESSAGE AUTHENTICITY). A DIGITAL SIGNATURE ASSURES THE 
RECIPIENT THAT THE ORIGINAL CONTENT OF THE MESSAGE OR DOCUMENT IS 
UNCHANGED (DATA INTEGRITY). A DIGITAL SIGNATURE ALSO PROVIDES THE 
SENDER WITH PROOF OF DELIVERY AND THE RECIPIENT WITH PROOF OF THE 
SENDER'S IDENTITY (NONREPUDIATION). 
4. PER REFS A, B, AND C, DIGITAL SIGNING OF EMAILS IS A REQUIREMENT 
ACROSS DOD. ALL EMAILS REQUIRING DATA INTEGRITY, MESSAGE AUTHENTICITY, 
AND/OR NONREPUDIATION MUST BE DIGITALLY SIGNED. THIS INCLUDES ANY EMAIL 
THAT: 
A. DIRECTS, TASKS, OR PASSES DIRECTION OR TASKING.
B. REQUESTS OR RESPONDS TO REQUESTS FOR RESOURCES.
C. PROMULGATES ORGANIZATION, POSITION, OR INFORMATION EXTERNAL TO THE 
ORGANIZATION (DIVISION, DEPARTMENT, OR COMMAND).
D. DISCUSSES ANY OPERATIONAL MATTER.
E. DISCUSSES CONTRACT INFORMATION, FINANCIAL, OR FUNDING MATTER. 
F. DISCUSSES PERSONNEL MANAGEMENT MATTERS.
G. THE NEED EXISTS TO ENSURE THAT THE EMAIL ORIGINATOR IS THE ACTUAL 
AUTHOR. 
H. THE NEED EXISTS TO ENSURE THAT THE EMAIL HAS NOT BEEN TAMPERED WITH 
IN TRANSIT.
I. IS SENT FROM A DOD-OWNED SYSTEM OR ACCOUNT WHICH CONTAIN AN EMBEDDED 
HYPERLINK (E.G., ACTIVE LINK TO A WEB PAGE, WEB PORTAL, ETC.) MUST BE 
DIGITALLY SIGNED. PURE TEXT REFERENCES (NON-ACTIVE INTERNET LINKS) TO 
WEB ADDRESSES, UNIFORM RESOURCE LOCATORS (URL), OR EMAIL ADDRESSES DO 
NOT REQUIRE A DIGITAL SIGNATURE. 
J. IS SENT FROM A DOD-OWNED SYSTEM OR ACCOUNT WHICH CONTAIN AN 
ATTACHMENT (ANY TYPE OF ATTACHED FILE) MUST BE DIGITALLY SIGNED.
4. COMMANDERS MUST ENSURE PERSONNEL AWARENESS AND COMPLIANCE WITH THIS 
REVISED POLICY NO LATER THAN 90 DAYS FROM THE DATE OF THIS NAVADMIN.
5. RELEASED BY VICE ADMIRAL HARRY B. HARRIS, JR., DCNO N6.// 
BT 
#0000 
NNNN


%d bloggers like this: