20 September 1991


From:  Commander, Naval Ocean Systems Center
To:    All Codes


Ref:   (a) OPNAVINST 5239.1A, Department of the Navy Automatic Data Processing
           Security Program
       (b) NOSCINST 5500.1A, Security Manual
       (c) OPNAVINST 5510.1H, Department of the Navy Information and Personnel
           Security Program Regulation

Encl:  (1) Sample Network Security Officer (NSO) Memorandum

1.  Purpose.  To establish NOSC policies and procedures governing generalized
communications backbone (GCB) security and configuration management, and to
assign responsibility for GCB operations.

2.  Cancellation.  NOSCINST 5239.1.

3.  Scope.  The provisions of this instruction apply to any communications
equipment (Government-owned, leased, or contractor furnished) connected to the

4.  Background.  The GCB network consisting of fiber optics, broadband
coaxial, baseband coaxial, and twisted pair cable provides interconnectivity
capabilities for all NOSC computing resources.  Use of the GCB is encouraged
for all legitimate tasks in support of the NOSC mission.  References (a)
through (c) provide network security policy for the NOSC GCB.

5.  Policy

    a.  The GCB local area network shall be centrally managed and maintained
by the Networking and Communications Branch, Code 913, Network Control Center

    b.  The acquisition of GCB equipment and any interfaces shall be coordi-
nated and planned by the NCC to ensure compatibility and to avoid duplication
of effort.  Users shall not alter the network before notifying the NCC.

    c.  Use of the GCB shall conform to applicable Navy directives regarding
network security.  Accreditation to operate this network will be obtained from
the NOSC Automation Data Processing Security Officer (ADPSO) as required by
reference (b).

    d.  Failure to notify the NCC before altering the configuration of the
GCB, or disconnecting and connecting users, may result in a disconnection and
require reaccreditation of the system(s) involved.

20 September 1991

6.  Responsibilities

    a.  Code 90.  The Head, Engineering and Computer Sciences Department, Code
90, is responsible to the Technical Director, Code 01, for the management and
development of the GCB.

    b.  Code 91.  The Head, Computer Sciences and Resources Division, Code 91,
is responsible for ensuring that the provisions of this instruction are

    c.  Code 913.  The Head, Networking and Communications Branch, Code 913,
is the GCB Network Security Officer (NSO) and is responsible for procurement,
administration of the NCC, and technical management of the GCB.  The GCB NSO
is responsible to the NOSC ADPSO for the applicable network security require-
ments stipulated in references (a) and (b).  All procurement of equipment
which will be directly connected to send or receive signals over the GCB must
be approved by the NSO through the Information Resources Management (IRM)
Focal Point Office, Code 9103.

    d.  Network Control Center (NCC).  The NCC is responsible for:

        (1) The location, maintenance, repair, and installation of Sytek
20/100 Packet communication units (t-boxes).

        (2) Installation of any compatible direct interface device to the GCB
and any subnetwork generated by these devices.

        (3) Allocation of channel frequencies.

        (4) Repair, maintenance, and improvements to the GCB.

        (5) Resolution of network malfunction and user problems.

        (6) Registration of all network interface devices and system connec-
tions through the NSO and Division ADP System Security Officers (DADPSSO's).

        (7) Responding to new GCB service requirements and installation

        (8) Allocation of station-owned fiber optic cable pairs.

        (9) Management of network devices connected to the GCB. 

    e.  Division ADP System Security Officer (DADPSSO).  It is the responsi-
bility of each NOSC DADPSSO to support the NSO in identifying and obtaining
accreditation for all systems in their division with a point of entry to the
GCB.  The DADPSSO will notify the NSO by memorandum (see enclosure (1)) of all
GCB connections through interface devices such as bridges, terminals, PC's,
dial-up devices, routers, repeaters, work stations, and multiplexors.  GCB
equipment under custody of the NSO will be accredited through the Code 91

    f.  GCB Users.  It is the user's responsibility to:

        (1) Report any problem with the GCB to the NCC at ext. 32770.


                                                         NOSCINST 5239.1A
                                                         20 September 1991

        (2) Notify the NCC of service requirements and installation requests.

        (3) Not alter parameters, locations, or connections of any GCB

        (4) Notify, via memorandum, and obtain approval from the NSO for all
equipment that will be connected to the GCB.  This includes but is not limited
to ethernet fiber cable, optical fiber cable, and video equipment.  

        (5) Notify the NCC of appropriate network addresses for all devices
connected to the GCB.

        (6) Check with the DADPSSO, before GCB connection, to confirm that the
system is properly accredited.

        (7) Notify the NOSC ADPSO and the GCB NSO of all network security

7.  Directive Responsibility.  The Head, Computer Sciences and Resources Divi-
sion, Code 91, is responsible for keeping this instruction current.

                                                         /s/J. D. FONTANA



20 September 1991


                                                         NOSCINST 5239.1A
                                                         20 September 1991



From:   Code            (DIVISION ADPSSO)
To:     Code 913, Network Security Officer


Ref:    (a) NOSCINST 5239.1A, Policy on network management and security for
the         GCB

1.  The following is a list of accredited systems in Code             with
points of entry to the GCB.

Device directly connected to the GCB, i.e., bridge, multiplexor/location:

                                            Equipment    Ethernet/Internet
User Name          Code     Bldg./Rm.       Connected        Address      

                                                         Enclosure (1)