UPDATED POLICY FOR THE USE OF EMBEDDED COMPUTER CAPABILITIES AND PERIPHERALS TO SUPPORT TWO-WAY COLLABORATION

[Tony]

UNCLASSIFIED//

ROUTINE

R 201903Z MAY 20 MID110000716460U

FM CNO WASHINGTON DC

TO NAVADMIN

INFO CNO WASHINGTON DC

BT
UNCLAS

NAVADMIN 148/20

PASS TO OFFICE CODES:
FM CNO WASHINGTON DC//N2N6//
INFO CNO WASHINGTON DC//N2N6//

MSGID/GENADMIN/CNO WASHINGTON DC/N2N6/MAY//

SUBJ/UPDATED POLICY FOR THE USE OF EMBEDDED COMPUTER CAPABILITIES AND 
PERIPHERALS TO SUPPORT TWO-WAY COLLABORATION//

REF/A/MEMO/DOD SISO/1MAY20//
REF/B/MEMO/DEPSECDEF/22MAY18//
REF/C/MEMO/DOD CIO/21APR16//
REF/D/MEMO/N2NGI/26OCT15//
REF/E/INST/ICD 705/27SEP17//
REF/F/MEMO/DOD CIO/13APR20//

NARR/REF A IS DEPARTMENT OF DEFENSE (DOD) SENIOR INFORMATION SECURITY OFFICER
(SISO) MEMORANDUM ON GUIDANCE FOR THE USE OF EMBEDDED COMPUTER CAPABILITIES 
AND EXTERNAL COMPUTER PERIPHERALS IN TELEWORK ENVIRONMENTS.  
REF B IS DEPUTY SECRETARY OF DEFENSE MEMORANDUM ON MOBILE DEVICE RESTRICTIONS 
IN THE PENTAGON.  
REF C IS DOD CIO MEMORANDUM ON INTRODUCTION AND USE OF WEARABLE FITNESS 
DEVICES AND HEADPHONES WITHIN DOD ACCREDITED SPACES AND FACILITIES.  
REF D IS DEPUTY DIRECTOR OF NAVAL INTELLIGENCE MEMORANDUM ON DEPARTMENT OF 
THE NAVY SENSITIVE COMPARTMENTED INFORMATION FACILITY PERSONAL PORTABLE 
ELECTRONIC DEVICES CLARIFICATION MEMORANDUM.  
REF E IS INTELLIGENCE COMMUNITY DIRECTIVE (ICD) 705 TECHNICAL SPECIFICATIONS 
FOR CONSTRUCTION AND MANAGEMENT OF SENSITIVE COMPARTMENTED INFORMATION 
FACILITIES V 1.4. 
REF F IS DOD CHIEF INFORMATION OFFICER (CIO) MEMORANDUM ON AUTHORIZED 
TELEWORK CAPABILITIES AND GUIDANCE.// 
POC1/SUSAN BRYERJOYNER/CAPT/OPNAV N2N6G5/EMAIL:  
SUSAN.BRYERJOYNER1(AT)NAVY.MIL
/TEL:  571-256-8422//
POC2/RANDY AKERS/DON INFOSEC/EMAIL:  RANDY.AKERS(AT)NAVY.MIL
/TEL:  703-601-0477//
POC3/MARK LAWTON/NAVY SSO/EMAIL:  MARK.LAWTON1(AT)NAVY.MIL/TEL:  703-604-
5736// POC4/DEIDRA BASS/NAVINTEL ISSM/EMAIL:  DEIDRA.BASS(AT)NAVY.MIL
/TEL:  (301) 669-3213//
POC5//ROBERT NITZENBERGER/DON SAP SENIOR AUTHORIZING OFFICIAL
/EMAIL:  ROBERT.NITZENBERGER(AT)NAVY.MIL/TEL:  (202) 284-1301//

RMKS/1.  This NAVADMIN consolidates guidance from references (a) through (f) 
to provide one authoritative policy for the use of embedded computer 
capabilities and peripherals to support collaboration in telework 
environments and government workspaces (unclassified, classified, collateral 
classified, Sensitive Compartmented Information Facility (SCIF), and Special 
Access Program (SAP)).  For the purpose of this NAVADMIN, the following 
definitions are provided:
    a.  Computers are electronic devices that store and process data (e.g.
desktop/laptop, tablets, smartphones).
    b.  Embedded computer capabilities are a combination of built-in hardware 
and software designed to provide a specific function (e.g. built-in web 
cameras, microphones, Wi-Fi).
    c.  Computer peripherals are external devices (e.g. common access card 
(CAC) readers, web cameras, microphones, keyboards, mice, monitors, printers) 
that are physically or wirelessly (e.g. Wi-Fi, Bluetooth) connected to 
computers.

2.  Embedded computer capabilities  Use on Navy-issued computers.
    a.  Authorized in telework environments and unclassified government 
workspaces only.
    b.  Prohibited in any classified government workspaces, per reference 
(a).
    c.  The following authorities are responsible for establishing processes 
for enabling prior to telework and disabling prior to re-introducing these 
computers back into higher classified workspaces (collateral classified, 
SCIF, and SAP):
        (1) For collateral classified spaces, up to the Top Secret level, the 
Navy Senior Information Security Officer (SISO) is the approval authority and 
will coordinate with the Deputy Undersecretary of the Navy, as required.
        (2) For Navy-accredited SCIFs, the Special Security Officer (SSO), 
with concurrence from the Naval Intelligence (NAVINTEL) Command Information 
Officer (CIO), is the approval authority.  Navy commands that use SCIFs 
accredited by other agencies (e.g. NSA, DIA) shall comply with guidance from 
those agencies.
        (3) For Navy-accredited SAP Facilities (SAPFs), the Director, DON SAP 
Central Office (SAPCO) is the approval authority.  Navy commands that use 
SAPFs accredited by other agencies (e.g. NSA, DIA) shall comply with guidance 
from those agencies.

3.  Navy-issued peripherals.
    a.  Telework environments.
        (1) Authorized on personally-owned computers.
    b.  Unclassified workspaces.
        (1) The use of headsets with microphones and web cameras in 
unclassified government workspaces is restricted to training and mission 
essential tasks that require two-way communication.  They are NOT authorized 
for unofficial use.
    c.  Collateral classified workspaces.
        (1) Authorized up to the Top Secret level, to include common, 
restricted and collateral open storage areas, with the following limitations:
            (a) Reference (b) remains in force for mobile devices in any 
Pentagon workspace that is designated or accredited for the processing, 
handling, or discussion of classified information.
            (b) Must be government procured using the network provider 
Approved Products List (APL).
                1.  Effective immediately, commands will only procure 
peripherals contained on APLs established by their network providers.
                    a.  NMCI APL can be accessed at 
https://www.homeport.navy.mil/services/downloads/nmcicertifieddevicelist.xls
                    b.  ONEnet APL can be accessed at 
https://navyonenet.com/navy-one-net-products/
                2.  Previously procured peripherals that do not comply with 
this NAVADMIN will be replaced as soon as fiscally feasible, but not later 
than 31 December 2020.
            (c) Headsets without microphones, per reference (c):
                1.  Must be unplugged when not in use.
                2.  Must be wired.
                3.  May use either a 3.5mm audio jack or USB port.
                4.  Cannot contain noise-cancelling functionality.
                5.  May be used on a system with any classification level, 
and once disconnected, are not considered classified.
            (d) Headsets with microphones, per reference (c):
                1.  Must be unplugged when not in use.
                2.  Must be wired.  (Push to talk preferred, if available.)
                3.  May use either a 3.5mm audio jack or USB port.
                4.  Cannot contain noise-cancelling functionality.
            (e) Web Cameras
                1.  Use must be approved by the appropriate authority 
identified in para 2 above.
                2.  May only be used on systems at the classification level 
of the space.  For example, in a collateral SECRET open storage area an 
external web camera may be connected to the SECRET workstation only.
                3.  Waivers regarding use of external web cameras on 
workstations at a lower classification level than the workspace may be 
approved on a case-by-case basis by the Navy SISO for select situations (e.g. 
offices with doors).
    d.  Navy-accredited SCIFs.
        (1) May be authorized by the Navy SSO or Navy Regional SSO (RSSO) on 
a case-by-case basis, with the following limitations:
            (a) Reference (b) remains in force for mobile devices in any 
space in the Pentagon that is designated or accredited for the processing, 
handling, or discussion of classified information.
            (b) All peripherals used in SCIF workspaces must be government 
procured using the network provider APL.
                1.  Effective immediately, commands will procure only 
computer peripherals contained on approved products lists established by 
their network providers.
                2.  Previously procured peripherals (e.g. headsets, web 
cameras, microphones, etc.) used in classified spaces will be replaced as 
soon as fiscally feasible, but not later than 31 December 2020.
            (c) Headsets without microphones.
                1.  Must be unplugged when not in use.
                2.  Must be wired.
                3.  May use either a 3.5mm audio jack or USB port. If the 
headsets connect via a USB port, the Navy SSO will coordinate with the NIA 
CIO prior to issuing a determination.
                4.  Headsets cannot contain noise-cancelling functionality.
                5.  Per reference (d), headsets must be government procured.
                6.  May be used on a system with any classification level, 
and once disconnected, are not considered classified.
            (d) Headsets with microphones.
                1.  Must be unplugged when not in use.
                2.  Must be wired and have push to talk capability.
                3.  May use either a 3.5mm audio jack or USB port.  If the 
headsets connect via a USB port, the Navy SSO will coordinate with the Naval 
Intelligence Activity (NIA) CIO prior to issuing a determination.
                4.  Headsets cannot contain noise-cancelling functionality.
                5.  Per reference (d), headsets must be government procured.
            (e) Web Cameras
                1.  Per reference (e), recording capabilities and restricted 
technologies (e.g. audio and video recorders, cameras, microphones, and 
devices with USB connectivity) introduce vulnerabilities to information and 
therefore impact SCIF security.
                2.  Cameras are considered medium risk portable electronic 
devices and may be allowed in a SCIF with approval of the CSA or Navy SSO, 
with concurrence of the NAVINTEL CIO with appropriate mitigations in place.
                3.  Reference (e) does not distinguish between digital and 
web cameras.  Direct all waiver requests to the Navy SSO.
    e.  Navy-accredited SAPFs.
        (1)  May be authorized by the Director, DON SAPCO on a case-by-case 
basis.

4.  Personally-owned peripherals, wired or Bluetooth-enabled  Use on Navy-
issued computers.
    a.  Not authorized in any classified workspaces.
    b.  Authorized in telework environments and unclassified government 
workspaces, with the following exceptions:
        (1) Per reference (a), peripherals manufactured by any source that is 
designated by Navy or the Defense Information Systems Agency (DISA) as being 
prohibited are not allowed.  This includes any company prohibited by law, to 
include Huawei, Zhong Xing Telecommunication Equipment (ZTE), Hikvision, 
Hytera, and Dahua.  (NOTE:  Users are encouraged to use the DISA APL at 
https://disa.deps.mil/org/SE6/Lists/APL/AllItems.aspx to inform their 
personal peripheral procurements).
        (2) Per reference (a), storage devices (e.g. Universal Serial Bus 
(USB) memory sticks, hard drives, digital cameras, etc.) are prohibited.
        (3) Per reference (a), external monitors are prohibited, when using 
USB connections.
            (a) Per reference (a), external monitors using VGA, DVI, HDMI, or 
Display Port connections, provided they do not have any memory storage 
capabilities, are authorized.
        (4) Per reference (f), any personally-owned device that provides 
print functions, including multi-function devices, are prohibited.

5.  This NAVADMIN will remain in effect until cancelled or superseded.

6.  Released by VADM Matthew J. Kohler, Deputy Chief of Naval Operations for 
Information Warfare, OPNAV N2N6.//

BT
#0001
NNNN
UNCLASSIFIED//