NextQR CodePrev

PROPER SAFEGUARDING OF CUI WITHIN MICROSOFT 365 (M365)

https://www.marines.mil/News/Messages/Messages-Display/Article/4038087/proper-safeguarding-of-cui-within-microsoft-365-m365/

R 222108Z JAN 25 MARADMIN 031/24  MSGID/GENADMIN/CMC DCI WASHINGTON DC// SUBJ/PROPER SAFEGUARDING OF CUI WITHIN MICROSOFT 365 (M365)// REF /A/DODI 8510.01// REF /B/SECNAVINST 5239.3C//  REF /C/MCO 5239.2B// NARR/REF A IS THE RISK MANAGEMENT FRAMEWORK FOR DEPARTMENT OF  DEFENSE (DOD) SYSTEMS. REF B IS DEPARTMENT OF THE NAVY (DON)  CYBERSECURITY POLICY. REF C IS MARINE CORPS CYBERSECURITY POLICY.// POC/W. J. BUSH/CIV/DCI IC4 CY/COMM 571-256-8869/EMAIL:  WILLIAM.BUSH(AT)USMC.MIL// POC/B. J. BIENZ/CIV/DCI IC4 CY/COMM: 703-439-7489/EMAIL:  BONNIE.BIENZ(AT)USMC.MIL// POC/L. A. DARKE/CIV/DCI IC4 ICC/COMM: 571-256-9086/EMAIL:  LEONARD.DARKE(AT)USMC.MIL// GENTEXT/REMARKS/1.  (CUI) Purpose.  This message reminds users of  the need to properly safeguard and protect CUI introduced into or  through the Microsoft 365 (M365) office productivity and  collaboration suite. 2.  (CUI) Situation.   2.a.  The current system configurations and settings of M365 are set to enable maximum productivity of users of the Marine Corps  Enterprise Network - Niprnet (MCEN-N)/unclassified.  While the M365 system is capable of hosting CUI up to and including impact level 5 Data, it is incumbent on individual users to ensure that required  controls are implemented to provide the appropriate level of  protection beyond environment baseline configurations.  Examples  where CUI requires additional protections are in the cases of  personally identifiable information (PII) and personal health  information (PHI). 2.b.  Additionally, the power platform, which is accessed via M365,  must be assessed for risk to the network. 3.  (CUI) Action. 3.a.  (CUI) MCEN-N users who generate or introduce cui into M365 are reminded of their responsibility for implementing required  cybersecurity controls for their data.  These include, but are not  limited to, appropriate implementation of file access controls for  files containing PII and implementation of access and audit controls for PHI.  Failure to apply necessary controls may result in  unplanned or unannounced removal of files from the network. 3.b.  (CUI) The program executive officer for digital and the  supporting information system security manager for the M365 suite on the MCEN-N/Unclassified network will submit updated authorization  documentation which includes the power platform suite of  capabilities with associated cybersecurity controls, to the Marine  Corps authorizing official for review, assessment, and certification no later than 31 May 2025. 3.c.  (CUI) No later than 31 May 2025, the United States Marine  Corps authorizing official designated representative will publish  guidance in accordance with ref (c) concerning risk management  activities in support of development within the power platform to  include remediation of already developed applications.  4.  (U) Direct all questions to message point of contacts. 5.  (U) Request widest dissemination of this message by addressees  to subordinate commands. 6.  (U) Release authorized by Lieutenant General Melvin G. Carter, Headquarters Marine Corps, Deputy Commandant for Information.//

CookiesThis site is not officially connected to or endorsed by the USMC.CopyrightPrivacy