This message supersedes the guidance in ref (e).Ĥ.b. ![]() This message identifies the steps to submit a CSfC package request and Marine Corps Authorization to Connect (ATC) to avoid impeding progress at the tactical and base levels.Ĥ.a. However, compliance to regulations and refs (a) through (f) must be enforced for the security of information. Deputy Commandant for Information (DC I) supports the Fleet Marine Forces (FMF) with innovative ideas to securely exchange data for the acceleration of command and control decision-making. This message is intended to clarify the registration and accreditation process for CSfC capability packages (CP).ģ. The use of CSfC will become the service’s primary method to protect classified data exchanges.Ģ. ![]() HOGUE/CAPT/HQMC DC/I IC4 ICN BRANCH/TEL: Commercial Solutions for Classified (CSfC) precisely layers and architects the latest commercial technologies to protect information up to the Top Secret level. BIENZ/CIV/HQMC DC/I IC4 CY BRANCH/TEL: ROSENBLATT/MAJ/HQMC DC/I IC4 ICN BRANCH/TEL: L. LETTEER/CIV/HQMC DC/I IC4 CY BRANCH/TEL: J. REF F IS TABLET PROCUREMENT, CONFIGURATION, SUSTAINMENT, AND ACCOUNTABILITY GUIDANCE.// REF E IS THE POLICY GUIDANCE FOR THE PROCUREMENT OF COMMERCIAL SOLUTIONS FOR CLASSIFIED SYSTEMS. REF D IS THE MARINE CORPS ASSESSMENT AND AUTHORIZATION PROCESS MANUAL. REF C IS THE MARINE CORPS CYBERSECURITY ARCHITECTURE MANUAL. REF B IS THE DOD INSTRUCTION ON THE RISK MANAGEMENT FRAMEWORK. NARR/REF A IS THE GUIDE FOR THE SECURITY CERTIFICATION AND ACCREDITATION OF FEDERAL INFORMATION SYSTEMS. SUBJ/UPDATED POLICY GUIDANCE FOR COMMERCIAL SOLUTIONS FOR CLASSIFIED SYSTEMS// Sources: CNSSI 4009-2015 under approval to operate The official management decision given by a senior organizational official to authorize operation of an information system and to explicitly accept the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation based on the implementation of an agreed-upon set of security controls.MSGID/GENADMIN/CMC DCI IC4 WASHINGTON DC// ![]() Sources: CNSSI 4009-2015 under accreditation The official management decision issued by a designated accrediting authority (DAA) or principal accrediting authority (PAA) to authorize operation of an information system and to explicitly accept the residual risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals. OMB Circular A-130 (2016) Formal declaration by a designated accrediting authority (DAA) or principal accrediting authority (PAA) that an information system is approved to operate at an acceptable level of risk, based on the implementation of an approved set of technical, managerial, and procedural safeguards. Authorization also applies to common controls inherited by agency information systems. Sources: NIST SP 800-79-2 under ATO The official management decision given by a senior Federal official or officials to authorize operation of an information system and to explicitly accept the risk to agency operations (including mission, functions, image, or reputation), agency assets, individuals, other organizations, and the Nation based on the implementation of an agreed-upon set of security and privacy controls. 1 under Security Authorization (to Operate) NIST SP 800-39 under Security Authorization(to Operate) Authorization to Operate One of three possible decisions concerning an issuer made by a Designated Authorizing Official after all assessment activities have been performed stating that the issuer is authorized to perform specific PIV Card and/or Derived Credential issuance services. Sources: NIST SP 800-16 under Approval to Operate See Authorization (to operate). Sources: CNSSI 4009-2015 under security authorization (to operate) seeCertificationandAccreditation.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |