NextQR CodePrev

PROPER SAFEGUARDING OF CUI WITHIN MICROSOFT 365 (M365)

https://www.marines.mil/News/Messages/Messages-Display/Article/4069623/proper-safeguarding-of-cui-within-microsoft-365-m365/

R 181812Z FEB 25 MARADMIN 071/25   MSGID/GENADMIN/CMC DCI WASHINGTON DC//  SUBJ/PROPER SAFEGUARDING OF CUI WITHIN MICROSOFT 365 (M365)//  REF /A/DODI 8510.01//  REF /B/SECNAVINST 5239.3C// REF /C/MCO 5239.2B//  NARR/REF A IS THE RISK MANAGEMENT FRAMEWORK FOR DEPARTMENT OF  DEFENSE (DOD) SYSTEMS. REF B IS DEPARTMENT OF THE NAVY (DON)  CYBERSECURITY POLICY. REF C IS MARINE CORPS CYBERSECURITY POLICY//  POC/W. J. BUSH/CIV/DCI IC4 CY/COMM 571-256-8869/EMAIL:  [email protected]//  POC/B. J. BIENZ/CIV/DCI IC4 CY/COMM: 703-439-7489/EMAIL:  [email protected]//  POC/L. A. DARKE/CIV/DCI IC4 ICC/COMM: 571-256-9086/EMAIL:  [email protected]//  GENTEXT/REMARKS/1.  Purpose.  This message reminds users of the need  to properly safeguard and protect CUI introduced into or through the  Microsoft 365 (M365) office productivity and collaboration suite.  2.  Situation.    2.a.  The current system configurations and settings of M365 are set  to enable maximum productivity of users of the Marine Corps  Enterprise Network - Niprnet (MCEN-N)/unclassified.  While the M365  system is capable of hosting CUI up to and including impact level 5  Data, it is incumbent on individual users to ensure that required  controls are implemented to provide the appropriate level of  protection beyond environment baseline configurations.  Examples  where CUI requires additional protections are in the cases of  personally identifiable information (PII) and personal health  information (PHI).  2.b.  Additionally, the power platform, which is accessed via M365,  must be assessed for risk to the network.  3.  Action.  3.a.  MCEN-N users who generate or introduce cui into M365 are  reminded of their responsibility for implementing required  cybersecurity controls for their data.  These include, but are not  limited to, appropriate implementation of file access controls for  files containing PII and implementation of access and audit controls  for PHI.  Failure to apply necessary controls may result in  unplanned or unannounced removal of files from the network.  3.b.  The program executive officer for digital and the supporting  information system security manager for the M365 suite on the  MCEN-N/Unclassified network will submit updated authorization  documentation which includes the power platform suite of  capabilities with associated cybersecurity controls, to the Marine  Corps authorizing official for review, assessment, and certification  no later than 31 May 2025.  3.c.  No later than 31 May 2025, the United States Marine Corps  authorizing official designated representative will publish guidance  in accordance with ref (c) concerning risk management activities in  support of development within the power platform to include  remediation of already developed applications.   4.  Direct all questions to message point of contacts.  5.  Request widest dissemination of this message by addressees to  subordinate commands.  6.  Release authorized by Lieutenant General Melvin G. Carter,  Headquarters Marine Corps, Deputy Commandant for Information.// 

CookiesThis site is not officially connected to or endorsed by the USMC.CopyrightPrivacy