DDN MGT Bulletin: 9504         DISA DDN Defense Communications System
         31 March 1995         Published by: DDN Network Info Center
                               (NIC@NIC.DDN.MIL)  (800) 365-3642
     
				 DEFENSE  DATA  NETWORK
				 MANAGEMENT  BULLETIN
     
The DDN MANAGEMENT BULLETIN is distributed online by the DDN Network 
Information Center under DISA contract as a means of communicating 
official policy, procedures and other information of concern to 
management personnel at DDN facilities.  Back issues may be read 
through the TACNEWS server ("@n" command at the TAC) or may be 
obtained by FTP (or Kermit) from the NIC.DDN.MIL host [192.112.36.5] 
using login="anonymous" and password="guest".  The pathname
for bulletins is ddn-news/ddn-mgt-bulletin-nn.txt (where "nn" is the 
bulletin number).
************************************************************************
THIS DDN MANAGEMENT BULLETIN SUPERCEDES DDN MANAGEMENT BULLETIN 9503, 7
FEBRUARY 1995. THIS BULLETIN PROVIDES UPDATED INFORMATION ON APPLICABLE
SECURITY-RELATED DIRECTIVES, DDN USAGE FOR ADVERTISEMENT OR RECRUITING
PURPOSES, AND CURRENT DDNNSO POINT-OF-CONTACT PHONE NUMBERS. REQUEST NODE 
SITE COORDINATORS AND HOST ADMINISTRATORS DISSEMINATE THIS INFORMATION TO 
ALL DDN USERS.
************************************************************************
     
SUBJECT: DDN SECURITY CONSIDERATIONS AND NETWORK CONDUCT

This DDN Management Bulletin provides information regarding security policy, 
procedures and network conduct relative to the DDN community. It provides a 
general overview of the responsibilities of the DDN NSO, SCC, Host 
Administrator and Network User. It also includes point of contact information 
for the Network Security Officer and the Security Coordination Center. 
**********************************************************************
     
     
1. There has been an increasing number of DOD policy violations concerning 
proper use of the Defense Data Network (DDN). These include unauthorized 
advertising, commercial organizational recruitment, electronic chain-letters,
and transmission of unofficial or commercial information.
     
2. Network users are reminded that forwarding this type of unofficial 
correspondence is in direct violation of DOD policy. The Defense Data Network 
is intended "For Official Use Only". Only authorized users engaged in U.S. 
Government Business or applicable research or those who are directly involved 
in providing operations or systems support for Government-owned or -sponsored 
computer communications equipment may use the DDN. It is the policy of the 
U.S. Government that agencies shall establish and maintain a cost-effective 
system of internal controls to provide reasonable assurance that Government 
resources are protected against fraud, waste, mismanagement, or 
misappropriation. DODD 5200.28, DCAC 310-P70-79 and JCS MOP 195 apply.
     
3. Users of the DDN must not violate privacy or other applicable laws and 
should NOT use the networks for advertising or recruiting purposes, other than
legitimate DOD-sponsored and/or authorized business and activities, without
the express permission of the Defense Information Systems Agency. Unauthorized
use of the DDN is illegal, and violators are subject to prosecution under
Title 18 of the Federal Criminal Code. 
     
4. Use of the DDN constitutes consent to adhere to DOD policy regarding 
security considerations and network conduct. DISA reserves the right to 
discontinue DDN access to any user(s) who are not conducting legitimate 
Government business/activity.

5. The DDN Network Security Officer (NSO) is the security point-of-contact 
within DISA for the operational management of the DDN. The NSO is responsible 
for establishing and issuing DDN operational security procedures and 
guidelines. The NSO conducts investigations of network-related security 
incidents, working closely with the SCC, network managers, host administrators
and federal investigative agencies, as appropriate. The DISA NSO point-of- 
contact is listed below:
     
RM1 Kyra T. Jenkins, DISA/WE3353, COMM: (703)735-8066, DSN: 653 
E:mail JENKINSK@CC.IMS.DISA.MIL
     
6. The Security Coordination Center (SCC) acts in conjunction with the DDN NSO
to coordinate actions related to security incidents and network
vulnerabilities. The SCC relays security-related information to the NSO and 
works with him/her in handling network security problems. The SCC also issues 
DDN Security Bulletins to network users. The SCC can be reached by the
following means:
     
Phone: 1-800-365-DNIC or E:mail SCC@NIC.DDN.MIL.
     
7. Host Administrators are responsible for the enforcement of all DDN policies
at their site(s), and for maintaining a reasonable level of protection from 
the possibility of network compromise.  They must act as liaisons with the DDN
Network Security Officer (DDNNSO), the Security Coordination Center (SCC),
vendors, law enforcement bodies, and other appropriate agencies to resolve any
outstanding security problems and prevent their recurrence.
     
8. Network users are responsible for keeping abreast of current security 
policy and guidelines. The DDN is routinely monitored and users are reminded 
that improper activity on the network is strictly prohibited. Violations 
should be reported in accordance with established procedures. Questions 
concerning procedures, security considerations and network conduct should be 
addressed to the appropriate host administrator, service or agency.
     
9. POC for this bulletin is RM1 Kyra T. Jenkins, DISA-WE3353, (703)735-8066.