DISN DIAL-IN DATA SERVICES REGISTRATION PROCEDURES 1. GENERAL a. Background DISN dial-in data services will be provided on the NIPRNET and the SIPRNET by Communications Servers. Just as the Communications Servers (Comm Servers) support more than the functionality of Terminal Access Controllers (TACs) on the MILNET, the registration process to obtain Communications Server Access has also been improved to provide more flexibility, and accountability to the Services and Agencies, and better obtainability to the end user. The registration system also takes into consideration, the change from the usage sensitive billing (for connection time and packets sent/received) to the flat fees under the DISN subscriber rate structure. b. User Transition (1) NIPRNET Because of the changes in the billing structure and the user authorization process, current holders of MILNET TAC Cards will not be automatically registered for a Comm Server (CS) Card. All Comm Server users and registration authorities will be established under the new registration process. To facilitate the transition from TACs to Comm Servers, TAC Card holders will be able to access the MILNET/NIPRNET by either a TAC or a Comm Server; and Comm Server Card holders will also be able to access the networks by either a TAC or a Comm Server. This dual access capability will only be permitted until sufficient Comm Servers have been deployed. Details of the transition of users from TACs to Comm Server will be covered in future Management Bulletins. (2) SIPRNET The secret level DDN network, DSNET1, had no dial-in data service and thus had no TAC Card users. Therefore, all Comm Server users and registration authorities for SIPRNET will be established under the new registration process. Although it is possible that a user or registration authority on SIPRNET can also have the same role on NIPRNET, each network will have a separate registration and billing process. A SIPRNET CS Card will not allow access to NIPRNET and a NIPRNET CS Card will not allow access to SIPRNET. c. Registration Overview The Communications Server registration process will be administered by the DoD Network Information Center (NIC) for NIPRNET customers and by the SIPRNET Support Center (SSC) for SIPRNET customers, under the direction of DISA/WESTHEM WE3353. Registration will make use of templates submitted via electronic mail, similar to the process used for TAC Cards; however, unlike the TAC Card system, the authority to request Comm Server Cards will not be automatically granted to host administrators of network backbone connections. Instead there will be a hierarchical designation of this authority, starting at the Service/Agency level. At this level, the registration point of contact is called the Service/Agency Access Authority (SAA). Below the Service/Agency level will be an intermediate level of one or more Regional Access Authorities (RAAs). This level gives the Service/Agency an option to delegate registration and financial responsibility to a lower level (e.g. MAJCOM or Base/Camp/Station), if desired. However, if no delegation is desired, then the SAA can be dual-hatted as also the RAA. The last level of this registration hierarchy is called the Local Access Authority (LAA). The Local Access Authority has a role similar to that of host administrators under the TAC Card system, to include being responsible for the registration, re- validation, and network activity of individual dial-in users. Another entity that needs introduction is the Organizational Card Custodian (OCC). Each OCC is responsible for up to 25 CS Cards that can be used by more than one individual (but, not by more than one at any given time). d. Definitions and Responsibilities (1) Communications Server A device that provides remote dial-in access to the data services over the DISN. The Cisco 2511 will be deployed on NIPRNET and SIPRNET as the Communications Server device. (2) ORGID A unique five character identifier assigned to a Local Access Authority by the NIC or SSC. The LAA must first be properly registered by the Regional Access Authority to the NIC or SSC. One or more ORGIDs must also be registered with DITCO by official message to associate them with a billing Program Designator Code (PDC). ORGIDs will be associated with billing data by incorporation into the Communications Service Authorization (CSA) number at DITCO. The ORGID also becomes part of the user's identification (Userid) that appears on a Comm Server Card. (3) Communications Server Card Communications Server Cards are issued to registered users and contain the "access code" needed to access the network by a Comm Server. There are two types of Communication Server Cards; one for specific named individuals, and another for shared use by a small, controlled group of individuals. Either type of card can only be used by one person, for a single comm server dial-in connection, at any given time. (a) Individual Communications Server Card This card contains a unique User Identification (Userid) and an Access Code (AC) that enables a person to gain remote dial-in access to the data services over DISN by means of a communications server connected to the DISN IP Router layer. The Userid consists of the unique NIC "handle" that identifies the user and the unique NIC ORGID that identifies the appropriate Local Access Authority. Each individual user Comm Server Card will be charged for a one- time initiation fee and a monthly recurring fee (Note that a break in service will result in another initiation fee to be charged). Individual Comm Server Cards will be replaced by the NIC on an annual basis during re-registration with a new access code; however the new card will not incur an initiation fee if the individual's service is continuous, under the same Local Access Authority. (b) Organizational Card This type of Comm Server Card is temporarily given to a user who does not have individual access privileges. Each card contains a unique User Identification (Userid) (UID) and Access Code (AC) that enables a person to gain remote dial-in access to the data services over DISN by means of a communications server connected to the DISN IP Router layer. The Userid consists of the unique NIC handle that identifies a specific card under the control of a specific Organizational Card Custodian (OCC), and the unique NIC ORGID that identifies the appropriate Local Access Authority. An Organizational Card may also be given temporarily to an authorized new user who has not yet received an individual CS Card. Organizational Cards are sent directly to the OCC, who in turn, issues them for temporary use as appropriate. Although these cards are shared for use by more than one individual, each card only authorizes one comm server connection at any given time, and violation of this condition may result in permanent deactivation of the card and possibly in the revocation of OCC privileges. These cards are issued annually to the OCC by the NIC after validation of the custodian's authority by the appropriate Local Access Authority. Each custodian can be issued a maximum of 25 cards per year. Organizational Cards will be charged an annual initiation fee and a monthly recurring usage fee. All Organizational Cards of an individual Local Access Authority will expire on the same annual anniversary date, even if some of the cards are obtained partially through the annual period. 4. Access Authorities There are three types of access authorities: Service/Agency Access Authorities, Regional Access Authorities, and Local Access Authorities. Each authority has responsibility for the policies, practices, and activity of Communications Server usage within his domain. Each level of authority must have a primary administrator and an alternate registered. All administrators must have a working e-mail mailbox (for the appropriate network) that is registered at the NIC or at the SSC, as appropriate. (a) Service/Agency Access Authority (SAA) The SAA is the access administrator of a Service or DoD Agency who is responsible for the policies, practices, and concerns of Service or DoD Agency pertaining to DISN dial-in data services. The Service/Agency Access Authority appoints regional administrators and ensures that the information in the NIC database pertaining to them is accurate. The Service/Agency Access Authority is responsible for enforcing access security and official use practices for all users within the Service/Agency. (b) Regional Access Authority (RAA) The RAA is the access administrator who is responsible for the policies, practices, and concerns of an access region. An access region is a flexible element of the registration hierarchy that can be used by the Service/Agency to distribute or delegate the registration and/or financial accountability of Comm Server use. If the Service/Agency does not wish to use this level, the SAA simply registers himself as the only RAA for the Service/Agency. However, the RAA level is built into this system to help Services/Agencies who intend to implement accountability at the MAJCOM or Base/Camp/Station levels. The Regional Access Authority appoints Local Access Authorities and ensures that the information in the NIC database pertaining to them is accurate. The Regional Access Authority is responsible for enforcing access security and official use practices for all users within the scope of his access region. Upon registration of a Local Access Authority at the NIC/SSC, the RAA will be informed of the ORGID to be associated with that Local Access Authority. The RAA, either directly or through the SAA, must provide to DITCO, via official message , the Program Designator Code (PDC) to be used for the billing of Comm Server Cards registered by each Local Access Authority. The same PDC can be associated with more than one Local Access Authority, even by Local Access Authorities under different RAAs, depending on the billing preferences of the Service/Agency. (c) Local Access Authority (LAA) The Local Access Authority is the access administrator who is responsible for the policies, practices, and concerns of an access area. The Local Access Authority registers individual Comm Server users, registers Organizational Card Custodians along with their authorized number of Organizational Cards, and ensures that the information in the NIC database pertaining to the individual users and Organizational Card Custodians is accurate. The Local Access Authority is responsible for enforcing access security and official use practices for all users within the scope of his access area. (d) Organizational Card Custodian (OCC) The OCC is the individual entrusted by the local access authority to manage a set of organizational cards. Each OCC may manage a maximum of 25 cards. Each Local Access Authority can designate as many OCCs as needed to properly manage the amount and distribution of cards required by his local area; however, each OCC registered must be a different individual. The primary and/or alternate Local Access Authority can also be registered as an OCC. The OCC is responsible for enforcing access security and official use practices for all organizational cards issued to him. 2. REGISTRATION a. Service/Agency Access Authority Registration (1) Initial Registration The office of primary responsibility of a Service or DoD Agency will provide the NIC/SSC, via e-mail, the name of the primary and alternate of the Service/Agency Access Authority, the valid e-mail address for correspondence, and a valid commercial telephone number. The NIC/SSC will be notified immediately of any changes of administrators, e-mail address, or telephone number. The Service/Agency Access Authority is responsible for enforcing access security and official use practices for all Comm Server users within the Service/Agency. The SAA will determine how to use the registration hierarchy and billing accountability of these authorization procedures within their Service/Agency and should make these policies known to the NIC/SSC so that out of order requests for authorizations can be referred back to them or their subordinate levels as appropriate. (2) Periodic Registration Validation The information pertaining to the Service or DoD Agency and any designated alternate will be verified and updated semi-annually. The NIC/SSC will send via e-mail an Access Registration Template to the appropriate Service/Agency Access Authority. The e-mail message also contains the latest information pertaining to the registration validation process. The Service/Agency Access Authority will acknowledge receipt of the file within 3 days, and make any necessary corrections, returning the file to the NIC/SSC within 14 days. b. Regional Access Authority Registration (1) Initial Registration The Service/Agency Access Authority registers all Regional Access Authorities by submitting an Access Registration Template. Instructions for completing the template are included with the template. Blank templates are available on-line in the templates directory at the NIC/SSC. The template must be submitted via e-mail from the designated mailbox of the Service/Agency Access Authority. Upon receipt of the template the NIC/SSC Registrar will acknowledge receipt of the template, confirm the identity of the Service/Agency Access Authority, and inspect the template. Correctly completed templates will be processed and the Regional Access Authority will be registered in the NIC/SSC database. All Regional Access Authorities must have a valid, working e-mail address, and a valid commercial telephone number. The e-mail address may be a role mailbox established for the purpose of access authority administration. Templates that are incorrectly completed or whose format has been altered will be returned to the Service/Agency Access Authority for correction. (2) Periodic Registration Validation The information pertaining to the Regional Access Authority and any designated alternate will be verified and updated semi-annually. The NIC/SSC will send via e-mail an Access Registration Template to the appropriate Service/Agency Access Authority. The Access Registration Template contains information that is currently in the NIC/SSC database for the Regional Access Authority. The e-mail message also contains the latest information pertaining to the registration validation process. The Service/Agency Access Authority will acknowledge receipt of the file within 3 days, and make any necessary corrections returning the file to the NIC/SSC within 14 days. c. Local Access Authority (1) Initial Registration (a) The Regional Access Authority registers all Local Access Authorities by submitting a completed Access Registration Template. Instructions for completing the template are included with the template. Blank templates are available on-line in the templates directory at the NIC/SSC. The template must be submitted via e-mail from the designated mailbox of the Regional Access Authority. (b) Upon receipt of the template the NIC/SSC Registrar will acknowledge receipt of the template, confirm the authority of the Regional Access Authority, and inspect the template. Correctly completed templates will be processed, and the Local Access Authority will be registered in the NIC/SSC database. All Local Access Authorities must have a valid, working e-mail address, and a valid commercial telephone number. The e-mail address may be a role mailbox established for the purpose of access authority administration. Templates that are incorrectly completed or whose format has been altered will be returned to the Regional Access Authority for correction. (c) The initial registration of Local Access Authority will result in the assigning of a unique five character ORGID. Once registered and the ORGID generated, the NIC will again e-mail to the Regional Access Authority, a partially completed Access Registration Template containing the registered information for the Local Access Authority. Before the Local Access Authority is permitted to registered individual users or request organizational cards, this ORGID along with a valid Program Designator Code (PDC) must be registered with DITCO for billing purposes This registration will be done by official message in accordance with DITCO's instructions; and with a copy going to DISA/WE3353. The template that provided the ORGID to Regional Access Authority should be, once again, returned to the NIC/SSC with the sender's Plain Language Address (PLA) and Date-Time-Group (DTG) for the message sent to DITCO. (d) During the user transition period the Local Access Authority has 30 days after his/her complete registration at the NIC to request comm server cards for all current TAC Card holders and not incur the initial registration fee. Requests for comm server cards for current TAC Card holders after this 30 day period, will incur the initial registration fee. (2) Periodic Registration Validation The information pertaining to the Local Access Authority and any designated alternate will be verified and updated semi-annually. The NIC/SSC will send via e-mail an Access Registration Template to the Regional Access Authority. The Access Registration Template contains information that is currently in the NIC/SSC database for that Local Access Authority. The e-mail message also contains the latest information pertaining to the registration validation process. The Regional Access Authority will acknowledge receipt of the file within 3 days, make any necessary corrections and return the file to the NIC/SSC within 14 days. The Service/Agency Access Authority will be notified if any Regional Access Authority fails to comply with registration validation. Failure to comply may result in revocation of access authority for the local area. d. Organizational Card Custodian (1) Initial Registration The Local Access Authority registers all Organizational Card Custodians by submitting a completed Access Registration Template. Instructions for completing the template are included with the template. Blank templates are available on-line in the templates directory at the NIC/SSC. The template must be submitted via e-mail from the designated mailbox of the Local Access Authority. Upon receipt of the template the NIC/SSC Registrar will acknowledge receipt of the template, confirm the authority of the Local Access Authority, and inspect the template. Correctly completed templates will be processed, the Organizational Card Custodian will be registered in the NIC/SSC database, and the requisite number of Organizational Access Cards will be mailed to the Organizational Card Custodian within 10 working days. All Organizational Card Custodians must have a valid, working e-mail address, a valid US Postal address, and a valid commercial telephone number. The e-mail address may be a role mailbox established for the purpose of access authority administration. A valid US Postal address is any state, APO, FPO, or other designated political entity that has been assigned a two (2) letter abbreviation by the US Postal Service. Templates that are incorrectly completed or whose format has been altered will be returned to the Local Access Authority for correction. The dial-in service initiation fee is charged annually for each Organizational Card issued. All Organizational Cards of an individual Local Access Authority will expire on the same annual anniversary date, even if some of the cards are obtained partially through the annual period. If the Organizational Access Cards are returned by the US Postal Service another initiation fee may be charged to reprocess each card if the return was caused by inaccurate registration information or other similar cause. In these cases the Local Access Authority will be notified of the returned cards and must correct the invalid information before the request will be reprocessed. (2) Periodic Registration Validation The information pertaining to the Organizational Card Custodian will be verified and updated annually. The NIC/SSC will send via e-mail an Access Registration Template to the Organizational Card Custodian. Also, the Local Access Authority will receive a notice that the Organizational Card Custodian is undergoing registration validation. The Access Registration Template contains information that is currently in the NIC/SSC database for the Organizational Card Custodian. The e-mail message also contains the latest information pertaining to the registration validation process. The Organizational Card Custodian will acknowledge receipt of the file within 3 days and make any necessary corrections, and return the template to the NIC/SSC within 14 days. Upon receipt of the template the NIC/SSC Registrar will acknowledge receipt of the template file and inspect the templates. Correctly completed templates will be processed, and the requisite number of Organizational Cards will be sent via US Mail to the Organizational Card Custodian. The dial-in service initiation fee is charged annually for each Organization Card issued. All Organizational Cards of an individual Local Access Authority will expire on the same annual anniversary date, even if some of the cards are obtained partially through the annual period. If the Organizational Cards are returned by the US Postal Service another initiation fee may be charged to reprocess each card if the return was caused by inaccurate registration information or other similar cause. In these cases the Local Access Authority and the Organizational Card Custodian will be notified of the returned cards and they must correct the invalid information before the request will be reprocessed. Templates that are incorrectly completed or whose format has been altered will be returned to the Organizational Card Custodian for correction. All previous Organizational Cards will be invalidated at 45 days from the start of the validation process. The Local Access Authority will be notified if any Organizational Card Custodian fails to comply with registration validation. Failure to comply will result in revocation in organizational card service for that Local Access Authority. e. Individual Access Registration (1) Initial Registration Individual remote dial-in access cards are only issued to users who are registered at the NIC/SSC. Only those individuals, with an official government business need should be authorized an individual Communications Server Card. A Local Access Authority registers an individual by submitting a completed User Registration Template. Instructions for completing the template are included with the template. Blank templates are available on-line in the templates directory at the NIC/SSC. The template must be submitted via e-mail from the mailbox of the Local Access Authority. Upon receipt of the template the NIC/SSC Registrar will acknowledge receipt of the template, confirm the authority of the Local Access Authority, and inspect the template. Correctly completed templates will be processed, the user will be registered in the NIC/SSC database, and an individual Comm Server Card will be mailed to the user within 10 working days. All individual access users must have a valid, working e-mail address and a valid US Postal address. A valid US Postal address is any state, APO, FPO, or other designated political entity that has been assigned a two (2) letter abbreviation by the US Postal Service. Each individual user Comm Server Card will be charged for a one-time initiation fee. Templates that are incorrectly completed or whose format has been altered will be returned to the authority for correction. If a Comm Server Card is returned by the US Postal Service another initiation fee may be charged to reprocess each card if the return was caused by inaccurate registration information or other similar cause. In these cases the Local Access Authority will be notified of the returned cards and must correct the invalid information before the request will be reprocessed. (2) Periodic Registration Validation The information pertaining to individual access users will be verified and updated annually. The NIC/SSC will send, via e-mail, User Revalidation Templates to the Local Access Authority for review/updating. These user templates contain information that is currently registered in the NIC/SSC's database. The Local Access Authority is to acknowledge receipt of the file within 3 days. The Local Access Authority is to review, update and return these templates to the NIC/SSC per the instructions accompanying revalidation templates. Time constraints will be placed on each revalidation depending upon the size of such revalidation. Upon the return of the User Revalidation Templates, the NIC/SSC Registrar will acknowledge receipt of the templates and review each for processing. Properly completed templates will be processed, and those requiring access cards will have them issued within 10 working days. Templates which are incorrectly completed or whose format has been altered will be returned to the Local Access Authority for correction. The Regional Access Authority will be notified if any Local Access Authority fails to comply with the completion of an annual revalidation. Failure to comply could result in revocation of Access Authority for a Local Access Authority and the invalidation of all Individual Access Cards associated with its revalidation. Any user invalidated by a Local Access Authority or invalidated due to the Local Access Authority's failure to respond to a revalidation will result in a break in service for that user. An initiation fee will be charged to reprocess that user and issue a new Individual Comm Server Card. If a Comm Server Card is returned by the US Postal Service another initiation fee may be charged to reprocess each card if the return was caused by inaccurate registration information or other similar cause. In these cases the Local Access Authority will be notified of the returned cards and must correct the invalid information before the request will be reprocessed.