R 051500Z FEB 20 MID510000918454U FM COMNAVRESFORCOM NORFOLK VA TO NAVRESFOR INFO COMNAVRESFOR NORFOLK VA COMNAVRESFORCOM NORFOLK VA BT UNCLAS ALNAVRESFOR 001/20 PASS TO N6, ISSM, SIPRNET TRUSTED AGENTS AND LOCAL REGISTRATION AUTHORITIES MSGID/GENADMIN/COMNAVRESFOR NORFOLK VA// SUBJ/SIPRNET PUBLIC KEY INFRASTRUCTURE (PKI) SERVICES IMPACT DUE TO /DISA TOKEN MANAGEMENT SYSTEM (TMS) OUTAGE AND MIGRATION// REF/A/MSGID:GENADMIN/NCMS WASHINGTON DC/302044ZJAN20// NARR/REF A IS ALCOM SIPRNET PUBLIC KEY INFRASTRUCTURE (PKI) SERVICES IMPACT DUE TO DISA TOKEN MANAGEMENT SYSTEM (TMS) OUTAGE AND MIGRATION// POC/BENNINGTON,J/N6/TEL:DSN 757-322-6650/ EMAIL:JEFFREY.BENNINGTON(AT)NAVY.MIL// GENTEXT/REMARKS/1. TAKE BELOW QUOTED MESSAGE FOR ACTION.// QUOTE MSGID/GENADMIN,USMTF,2008/NCMS WASHINGTON DC/ SUBJ/SIPRNET PUBLIC KEY INFRASTRUCTURE (PKI) SERVICES IMPACT DUE TO /DISA TOKEN MANAGEMENT SYSTEM (TMS) OUTAGE AND MIGRATION/ REF/A/MSGID:MSG/NSACSS FT GEORGE G MEADE MD/232022ZJAN2020/-/NOTAL/ REF/B/MSGID:GENADMIN/NCMS WASHINGTON DC/162146ZDEC2019/ REF/C/MSGID:EXORD/FLTCYBERCOM/291947ZJUL2019/ REF/D/MSGID:GENADMIN/NCMS WASHINGTON DC/281315ZFEB2019/ NARR/REF A IS TOKEN MANAGEMENT SYSTEM (TMS) OUTAGE AND MIGRATION TO THE DEFENSE INFORMATION SYSTEMS AGENCY (DISA) NEXT GENERATION (NEXTGEN) ARCHITECTURE. REF B IS ALCOM 148/19 PUBLIC KEY INFRASTRUCTURE (PKI) FLEET SUPPORT (CORRECTED COPY). REF C IS FLTCYBERCOM EXORD 19-064, SIPRNET TOKEN MANAGEMENT SYSTEM (TMS) UPDATE. REF D IS ALCOM 035/19 AUTHORITY TO OPERATE (ATO) FOR SHORE SIPRNET PKI LOCAL REGISTRATION AUTHORITY (LRA) WORKSTATIONS./ POC/BELCHER,J/N6/UNIT:NCMS WASHINGTON DC/NAME:JOINT BASE ANDREWS /TEL:DSN 312-857-3348/EMAIL:JOHN.R.BELCHER(AT)NAVY.MIL/ GENTEXT/REMARKS/1. (U//FOUO) THIS UNNUMBERED ALCOM PROVIDES NOTIFICATION, IMPACTS, AND ACTIONS REQUIRED DUE TO THE MIGRATION OF THE LEGACY TOKEN MANAGEMENT SYSTEM (TMS) TO DEFENSE INFORMATION SYSTEMS AGENCY (DISA) NEXT GENERATION (NEXTGEN) ARCHITECTURE SCHEDULED TO OCCUR 24 FEB TO 02 MAR 2020 AS OUTLINED IN REF A. TMS IS THE SYSTEM USED TO MANAGE SECURE INTERNET PROTOCOL ROUTER NETWORK (SIPRNET) TOKENS AND CERTIFICATES. DURING THE MIGRATION, REGISTRATION AUTHORITIES (RA), LOCAL REGISTRATION AUTHORITIES (LRA) AND TRUSTED AGENTS (TA) WILL BE UNABLE TO PROVIDE ROUTINE SERVICES TO SIPRNET USERS TO INCLUDE TOKEN ISSUANCE AND ENROLLMENT, TOKEN PIN RESETS, REVOCATION, AND KEY RECOVERY. USERS WITH SIPRNET TOKEN CERTIFICATES EXPIRING DURING THE MIGRATION PERIOD OF 24 FEB TO 02 MAR MUST TAKE PROMPT ACTION TO NOTIFY THEIR LOCAL TA, LRA, OR NCMS REGIONAL LRA IAW REF B TO ENSURE THEY ARE ISSUED A NEW SIPRNET TOKEN PRIOR TO THOSE DATES. A COMPLETE LIST OF TOKENS EXPIRING IS POSTED AT (LOWER CASE) HTTPS://WWW.UAR.CAS.NAVY.SMIL.MIL/SECRET/NAVY/39/SITE.NSF IN THE "TMS NEXTGEN UPGRADE" FOLDER UNDER THE "PKI POLICIES" SECTION. THE ONLY SERVICE THAT WILL BE AVAILABLE DURING THE MIGRATION IS THE REVOCATION OF CERTIFICATES DUE TO LOSS OR COMPROMISE. SPECIFIC CONTACT INSTRUCTIONS ARE PROVIDED BELOW IN PARA 6 TO ADDRESS LOSS OR COMPROMISE SITUATIONS. 2. (U/FOUO) IAW REF C AND ISO THE UPCOMING TMS NEXTGEN MIGRATION, NAVY MARINE CORPS INTRANET (NMCI) AND OCONUS NAVY ENTERPRISE NETWORK (ONE-NET) DISTRIBUTED REQUIRED MIDDLEWARE UPDATES TO WORKSTATIONS USED BY TRUSTED AGENTS. IT IS CRITICAL THAT TA'S VALIDATE THE SUCCESSFUL INSTALLATION OF THE 90METER CARD ISSUANCE WORKSTATION (CIW) VERSION 1.0.20 MIDDLEWARE TO ENSURE SUSTAINED SIPRNET PKI OPERATIONS. PREVIOUS VERSIONS OF 90METER CIW WILL NOT FUNCTION FOLLOWING TMS NEXTGEN MIGRATION RESULTING IN UNACCEPTABLE WAIT TIMES FOR NEW SIPRNET TOKENS AND LOSS OF SIPRNET ACCESS FOR USERS. 3. (U) VERIFICATION AND TESTING. COMMAND TA'S MUST ENSURE CIW VERSION 1.0.20 HAS BEEN SUCCESSFULLY DEPLOYED TO THE WORKSTATIONS THEY USE TO ACCESS TMS. ISO OF THIS EFFORT, WORKSTATIONS MUST BE POWERED ON AND CONNECTED TO THE NETWORK TO RECEIVE THE UPDATED CIW. POST-INSTALLATION VERIFICATION MUST BE COMPLETED BY OPENING THE APPLICATION, ENSURING NO ERRORS ARE RECEIVED, NOTING THE VERSION NUMBER IS 1.0.20, AND CONFIRMING THE ABILITY TO PERFORM ROUTINE OPERATIONS SUCH AS TOKEN ENROLLMENT, FORMATTING, AND PIN RESETS. IF PROMPTED TO ENTER A "PHONE HOME" URL WHEN FIRST STARTING CIW, ENTER THE FOLLOWING (USE LOWERCASE): HTTPS://TMS-TPS-1.CSD.DISA.SMIL.MIL:443/CGI-BIN/HOME/INDEX.CGI. 4. (U) SEVERAL WORKSTATIONS THROUGHOUT THE NMCI ENTERPRISE MAY NOT HAVE RECEIVED THE NEW VERSION OF CIW DUE TO OFFLINE STATUS AT THE TIME OF RECENT SOFTWARE DISTRIBUTION. IF CIW 1.0.20 DID NOT DEPLOY TO A REQUIRED NMCI SEAT, TA'S SHOULD INITIATE A SOFTWARE CONNECT USING RADIA. UPON INITIATION OF THE SOFTWARE CONNECT, NMCI WORKSTATIONS WILL DISPLAY THE "RADIA CLIENT AUTOMATION CONNECT DEFERRAL" BOX WHICH WILL LIST APPLICATIONS AWAITING INSTALLATION. IF LISTED, THE TA SHOULD SELECT 90METER CIW 1.0.20 AND CLICK THE BUTTON LABELED "ALLOW". FOLLOWING INSTALLATION, TA'S MUST TEST THE APPLICATION AS OUTLINED ABOVE IN PARA 3. ASSISTANCE WITH USING SOFTWARE CONNECT OR RADIA SHOULD BE REFERRED TO THE APPROPRIATE HELP DESK OR LOCAL IT SUPPORT STAFF. IF ISSUES REMAIN FOLLOWING THE INSTALLATION OF CIW 1.0.20, TA'S MUST CONTACT THE APPROPRIATE HELP DESK BELOW: A. NMCI: CONTACT THE NMCI SERVICE DESK AT 1-866-843-6624 OR SERVICEDESK(UNDERSCORE)NAVY(UNDERSCORE)PRIMARY(AT)NAVY.SMIL.MIL. B. ONE-NET: CONTACT THE APPLICABLE REGIONAL HELP DESK (1) FAR EAST HELP DESK: 011-81-468-16-3883 OR DSN: 315-243-3883. (2) EUROPE HELP DESK: 011-39-081-568-4357 OR DSN: 314-626-4357. (3) BAHRAIN HELP DESK: 011-973-1785-6287 OR DSN: 318-439-6287. 5. (U) IF TA SIPRNET WORKSTATIONS DID NOT RECEIVE CIW 1.0.20 (I.E., WERE NOT IDENTIFIED AS NEEDING CIW AS OUTLINED ABOVE IN PARA 2) FOLLOWING A SOFTWARE CONNECT, TA'S MUST REQUEST THE SOFTWARE USING THE FOLLOWING PROCESS AS APPLICABLE TO THEIR NETWORK: A. NMCI: CONTACT LOCAL CUSTOMER TECHNICAL REPRESENTATIVE (CTR) TO REQUEST INSTALLATION OF THE CIW VERSION 1.0.20 LEGACY APPLICATION VIA A MOVE/ADD/CHANGE (MAC) REQUEST. B. ONE-NET: CONTACT THE APPROPRIATE REGIONAL HELP DESK AS LISTED IN PARA 4.B AND REQUEST A SIPRNET SYSTEM CENTER CONFIGURATION MANAGER (SCCM) SOFTWARE PACKAGE FOR 90METER CARD ISSUANCE WORKSTATION 1.0.20. 6. (U//FOUO) DURING THE NEXTGEN MIGRATION SCHEDULED FROM 24 FEB TO 02 MAR 2020, NO SIPRNET TOKEN OR SIPRNET CERTIFICATE ACTIONS CAN BE TAKEN EXCEPT FOR THE REVOCATION OF CERTIFICATES IN THE CASE OF KEY COMPROMISE OR TOKEN LOSS. IN THE EVENT OF KEY COMPROMISE OR TOKEN LOSS, COMMANDS MUST CONTACT THE DOD PKI PROGRAM MANAGEMENT OFFICE (PMO) USING THE CONTACT INFORMATION BELOW: A. DOD PKI PMO: 410-854-4900 OR DODPKIPMO(AT)NSA.GOV. FOR AFTER HOURS SUPPORT (1700-0700 EST), CONTACT THE DISA GLOBAL SERVICE DESK (GSD) AT 1-844-347-2457 OR DISA.GSD.EST(AT)MAIL.MIL OR DISA.GSD.EST(AT)MAIL.SMIL.MIL. 7. (U//FOUO) OTHER NON-ENTERPRISE MANAGED WORKSTATIONS AFFECTED. A. ASHORE LOCAL REGISTRATION AUTHORITIES (LRAS) OPERATING COMMAND MANAGED WORKSTATIONS IAW REF D ARE NOT COVERED BY THIS SOFTWARE UPDATE AND MUST ENSURE ALL REQUIRED SOFTWARE IS REQUESTED FROM NAVAL INFORMATION WARFARE CENTER ATLANTIC (NIWC LANT) IAW REF C, LOCAL COMMAND PKI SYSTEM ADMINISTRATORS ARE RESPONSIBLE FOR INSTALLING AND CONFIGURING ALL REQUIRED UPDATES. B. AFLOAT TA'S AND LRA'S USING IT-21 WORKSTATIONS MUST FOLLOW PROGRAM OF RECORD (POR) GUIDANCE./ UNQOUTE 8. (U//FOUO) RELEASED BY CAPT ERRIN P. ARMSTRONG, CHIEF OF STAFF.// BT #0003 NNNN