NAVY MIL-HDBK-804-1990 NETWORK USER ID AND PASSWORD PROCEDURES《网络用户身份和密码程序》.pdf

1、MILITARY HANDBOOK NETWORK USER ID AND PASSWORD PROCEDURES Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-_- - MIL-HDBK-804 IP m 7777970 0055877 4 MIL-HDBK-804(0M) FOREWORD 1. Automation Command (NAVDAC), Department of Navy (DON) and is available for

2、 use by all Departments and Agencies of the;Department of Defense (DOD). This military handbook (MIL-HDBK) is approved for use by the Naval Data 2. Beneficial comments (recommendations, additions, deletions) and any pertinent data which may be of use in improving this document should be addressed to

3、: Commander, Naval Data Automation Command (COMNAVDAC), Washington Navy Yard, Washington, DC 20374-1662 using the Standardization Document Improvement Proposal (DD Form 1426) appearing at the end of this document or by letter. 3. review and refinement of current procedures for user IDS and passwords

4、 necessary. and responsibilities for information systems (IS) security. The use of advanced communications network technology in the Navy makes Also of importance is the clear definition of organizational roles 4. roles and responsibilities for computer and network security in the Navy. Worldwide Mi

5、litary Command and Control System (WWMCCS) has also identified responsibilities, procedures, and requirements for IS security throughout the WWMCCS community. The WMCCS Intercomputer Network (WIN) accommodates roles and responsibilities that are similar, applicable, and adaptable to Navy network req

6、uirements. This handbook amplifies those roles and responsibilities as they apply to the administration and control of user identification (ID) and passwords Navy-wide. 5. This handbook was reviewed and considered by the Auditor General of the Navy for incorporation into the Naval Audit Service Auto

7、matic Data Processing Audit Program. This handbook was coordinated with the Defense Communications Agency for compatibility with Defense Data Network (DDN) and with the Joint Chiefs of Staff (JCS) for authorization to assign user IDS using Navy symbols defined in JCS Publication (PUB) 6-03.7 (supers

8、edes JCS PUB 22). This handbook provides for changes in the user ID and related procedures, especially the standard user ID site code, since the initial publication of Naval Data Automation Command (NAVDAC) PUB 17.10 in March 1984. The Department of the Navy Computer Security Program has defined var

9、ious The ii Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-MIL-HDBK-80Y IP m 9997970 0055900 7 m CONTENTS PARAGRAPH 1. 1.1 1.2 1.3 1.4 2. 2.1 2.1.1 2.1.2 2.2 2.3 3. 3.1 3.2 4. 4.1 4.1.1 4.1.2 4.2 4.2.1 4.2.2 4.3 4.3.1 4.3.2 4.3.3 4.3.4 4.3.5 4.3.6 4

10、.4 4.5 5. 5.1 5.1.1 5.1.2 5.2 5.3 5.4 5.5 5.6 5.7 5.8 PAGE . SCOPE 1 Scope 1 Purpose 1 Content . 1 Applicability 1 . APPLICABLE DOCUMENTS 2 Government documents 2 Specifications, standards, and handbooks 2 Other Government documents, drawings, and publications . 2 Non-Government publications 3 Order

11、 of precedence 3 DEFINITIONS AND ABBREVIATIONS 4 Definitions 4 Abbreviations 4 Background 5 IS security policy 5 Network security management 5 Administration Automatic Data Processing Security Officer (ADPSO) 5 Network Security Officer (NSO) 5 Responsibility . 5 . . . . . . 5 GENERAL REQUIREMENTS .

12、5 . . Commander, Naval Data Automation Command (COMNAVDAC) . . 6 6 Automatic Data Processing Security Officer (ADPSO) 6 Network Security Officer (NSO) 6 Customers and users 6 Contractor(s) 6 Responsibilities for Navy networks 6 Navy activities . . . Information and assistance 7 DETAILED REQUIREMENTS

13、 8 8 8 8 Standard user ID site code assignment 8 Standard user ID site code assignment exception 8 Accessrequest. 9 User ID assignments 9 . . Navy standard user ID format Standard user ID site code Standard user ID user code . . . . Password assignment and control . 10 User notification 11 ADPSO coo

14、rdination 11 iii Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-PARAGRAPH 5.9 5.9.1 5.9.2 6. 6.1 6.2 6.3 APPENDIX MIL-HDBK-04 IP m 9999970 0055701 9 m MIL-HDBK-804(0M) CONTENTS Misuse and vulnerabilities , , . . , . . . . . , . . . . . Abuse and vio

15、lation . . . . . . . . . . . . . , . . . . . Resolution . . . . . NOTES . Intended use . . . , . . . . . . . , . . . . . . . . . . . Issue of DODISS . . . . . . . , . . . . . . . , . . . Navy Information Systems Standards (NISS) . . . . . . . LIST OF APPROVED NAVY INFORMATION SYSTEMS STANDARDS . . ,

16、 . PAGE 11 11 11 12 12 12 12 13 iv Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-flIL-HDBK-Oq IP m 7777770 0055702 O m MIL-HDBK-804(0M) 1 SCOPE 1.1 Scope. This handbook describes the administrative procedures, common user ID format, and controls fo

17、r user IDS and passwords within the Navy IS community for networked systems. 1.2 Purpose. The purpose of this handbook is to provide procedures for the administration and control of user IDS and passwords in the Navy network for networked systems support. 1.3 Content. This handbook is consistent wit

18、h current Department of Defense (DOD) procedures for the WWMCCS and the DDN. 1.4 Applicability. The provisions of 6his handbook are applicable to users of Navy common user networks or networks which cross major Navy command boundaries (hereafter referred to as Navy networks), host computers, and ter

19、minals. Included are Navy networks classified below Secret, for example; Unclassified, For Official Use Only, Privacy, and Confidential. -3 1 Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-MIL-HDBK-04 IP m 7777770 0055703 2 m 2. APPLICABLE DOCUMENTS

20、 2.1 Government documents. 2.1.1 Specifications, standards, and handbooks. The following specifications, standards, and handbooks form a part of this document to the extent specified herein, listed in the issue of the DOD Index of Specifications and Standards (DODISS) and supplement thereto, cited i

21、n the solicitation (see 6.2). Unless otherwise specified, the issues of these documents are those FEDERAL INFORMATION PROCESSING STANDARDS (FIPS) FIPS 112 - Password Usage (includes CSC-STD-002-85, see below). FIPS 112 is not listed in the DODISS of 1 November 1989. (Copies of Federal Information Pr

22、ocessing Standards (FIPS) listed in the DODISS are available to DOD activities from the Standardization Documents Order Desk, Building 4D, 700 Robbins Avenue, Philadelphia, PA 19111-5094. Others must order copies of FIPS from the National Technical Information Service, 5285 Port Royal Road, Springfi

23、eld, VA 22161-2171.) 2.1.2 Other Government documents, drawings. and Dubiications. The following other Government documents, drawings, and publications form a part of this document to the extent specified herein. are those cited in the solicitation. Unless otherwise specified, the issues SECNAVINST

24、5239.2 of 15 Nov 1989 OPNAVINST 5239.1A of 1 Apr 1985 JCS PUB 6-03.7 of Apr 1988 CSC-STD-002-85 of 12 April 1985 - Department of the Navy Automated Information Systems (AIS) Security Program (Stock Number 0579-LD-054-7880) (cited in paragraphs 2.3 and 4.1.1). Department of the Navy Automatic Data Pr

25、ocessing Security Program with change 1 (Stock Number 0579-LD-051-1321) (cited in paragraphs 2.3, 4.1.1, 4.2.1, 4.2.2, and 4.3) Security Policy for the Worldwide Military Command and Control System (WWMCCS) Intercomputer Network (Stock Number 0579-LP-001-0750) (supersedes JCS PUB 22, WWMCCS ADP Syst

26、em Security Manual). JCS PUB 6-03.7 is cited in paragraph 5 on page ii and in paragraphs 4.1.2 and 4.3.1). Guideline (included as appendix E of FIPS - - - Department of Defense Password Management 112) (Copies of SECNAVINST 5239.2, OPNAVINST 5239.18 and JCS PUB 6-03.7 are available from the Commandi

27、ng Officer, Naval Publications and Forms Center, 5801 Tabor Avenue, Philadelphia, PA 19120-5099. Use DOD Single Line Item Requisition (DD Form 1348) citing the stock numbers shown above. Copies of CSC-STD-002-85 are available from the Superintendent of Documents (SupDoc), U. S. Government Printing O

28、ffice (GPO), Washington, DC 20402, 202-783-3238, SupDoc stock number 008-000-00443-9, $1.75. Single copies are available to Government activities 2 Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-MIL-HDBK-04 IP W 7797770 005570V MIL-HDBK-804(0M) with

29、out charge from the DOD Computer Security Center (CSC), Fort George G. Meade, Maryland 20755, Autovon 235-8742, Commercial 301-688-8742. However, CSC-STD-002-85 is reprinted as appendix E of FIPS 112.) 2.2 Non-Government publications. Not Applicable. 2.3 Order of Drecedence. and regulations unless a

30、 specific exemption has been obtained. a conflict between the text of this handbook and the Navy instructions cited herein, the Navy instructions take precedence. that instruction takes precedence over OPNAVINST 5239.1A. Nothing in this handbook supersedes applicable laws In the event of As stated i

31、n SECNAVINST 5239.2, 3 Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-I_-_ - - MIL-HDBK-04 IP m 9999770 0055905 b m 3. DEFINITIONS AND ABBREVIATIONS 3.1 Definitions. Definitions are contained in section 1 (Terms and Conventions) of FIPS 112 and in s

32、ection 4 (Definitions) of appendix E of FIPS 112. 3.2 Abbreviations. page and paragraph number for page ii (foreword) and appendix. Abbreviations which appear only in the appendix are not included. Abbreviations with index to location by paragraph number or ADPSO COMNAVDAC CSC DD DDN DOD DODISS DON

33、FIPS ID IS JCS NARDAC NAVDAC NDAT S NISS NSO MIL-HDBK O PNAV I NS T PUB SECNAVINST SNDL STD WIN WTJMCCS Automatic Data Processing Security Officer, 4.2.1, 4.3.3, 4.3.5, 4.3.6, 4.4, 5.1.1, 5.2, 5.4, 5.5, 5.6, 5.7, 5.8. 5.9.1, 5.9.2 Commander, Naval Data Automation Command, page ii, 2; 4.-3.1; 4.2.1;

34、4.3.1; 5.1.1 Computer Security Center, 2.1.2; 5.6 Department of Defense, page ii, 2; 2.1.2; 6.3 Defense Data Network, page ii, 5; 1.3; appendix, 17.20 Department of Defense, page ii, 1; 1.3; 2.1.1; 4.1.2; 4.3.5; DOD Index of Specifications and Center, 2.1.1; 6.2 Department of the Navy, page ii, 2; 4

35、.1.1 Federal Information Processing Standard, 2.1.1; 3.1; 5.6 Identification, page ii, 3,4,5; 1.1; 1.2; 4.1.2; 4.2.1; 4.2.2; 5.1; 5.6; 6.3 4.3.3; 5.1; 5.1.1; 5.1.2; 5.2; 5.3; 5.4b(l); 5.4b(2); 5,4b(3); 5.4; 5.5; 5.6; 5.7; 5.8; 5.9.1; 6.1 Information System, page ii, 3; 1.2; 4.1.1; 4.1.2; 4.2.1; 4.3.

36、2; 4.4; 5.4; 5.4b(2); 5.6; 6.1; Joint Chiefs of Staff, page ii, 5; 2.1.2; 4.3.1 Military Handbook, page ii, 1 Navy Regional Data Automation Center, 4.2.1 Naval Data Automation Command, page ii, 1; 4.2.1 Naval Data Automation Technical Standards, 6.3 Navy Information System Standards, 6.3 Network Sec

37、urity Officer, 4.2.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, Office of the Chief of Naval Operations Instruction, 2.1.2; Publication, page ii, 5; 2.1.2; 4.1.2; 4.3.1; Secretary of the Navy Instruction, 2.3, 4.1.1 Standard Navy Distribution List, 5.2a Standard, 2.1.1 WWMCCS Information Network, page ii, 4; 4.1.

38、2; 5.1 Worldwide Military Command and Control System, page ii, 4 4.4a, 5.8, 5.9.1, 5.9.2 4.1.1; 4.2.1; 4.2.2; 4.3 4 Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-MIL-HDBK-04 IP 9979770 0055906 4. GENERAL REQUIREMENTS 4.1 Background. 4.1.1 IS securi

39、ty policy. SECNAVINST 5239.2 and OPNAVINST 5239.18 establish the Department of the Navy (DON) IS Security Program and provide guidance on the development and implementation of IS security policies, responsibilities, and procedures for Navy IS activities, systems, and networks. 4.1.2 Network security

40、 management. - JCS PUB 6-03.7 identifies roles, responsibilities, procedures, and requirements for administration of IS security throughout the WWMCCS community including the WIN. the basis for Navy implementation of network security management because the WWMCCS network environment is similar CO an

41、d satisfies DON network requirements for user IDS and passwords. DOD document that addresses network security management and that defines the roles and responsibilities associated with user IDS and passwords. DON uses JCS PUB 6-03.7 as JCS PUB 6-03.7 is also the only fully coordinated 4.2 Administra

42、tion 4.2.1 Automatic Data Processing Security Officer (ADPSO). OPNAVINST 5239.18 requires Navy activities using or planning to use Navy networks to appoint an ADPSO. Activities should formally notify the Commander, NAVDAC (COMNAVDAC) of their ADPSO assignment by providing this information in writing

43、 to COMNAVDACs agent, the Navy Regional Data Automation Center (NARDAC) Newport. NARDAC Newports address is: Commanding Officer Navy Regional Data Automation Center, Newport Code 53, Building 1A Newport, RI 02841-5053 Autovon 948-2685, Commercial 401-841-2685 Each ADPSO is responsible for user ID an

44、d password administration for all subordinate activity IS sites, including host computer and terminal locations. 4.2.2 Network Securitv Officer (NSO). OPNAVINST 5239.1A indicates that the NSO designated for each Navy network implements network security primarily through coordination with the activit

45、y ADPSOs connected to that network. The NSO also conducts risk assessments to evaluate the security posture of each network component (i.e., host system, terminal, node configuration) and develops a plan to assure that each ADPSO maintains adequate security protection so that network c-mrity or reli

46、ability is not compromised. User ID and password control in compliance with this handbook should be certified by the NSO for all ADPSOs on the same network. 5 Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-MIL-HDBK-804 IP U 7777370 0055707 T U 4.3 R

47、esDonsibility. The responsibilities outlined below are in accordance with OPNAVINST 5239.1A. 4.3.1 Commander. Naval Data Automation Command (COMNAVDAC). COMNAVDAC is the Program Manager for the Department of the Navy ADP Security Program and the approving authority for Navy networks operating in a m

48、ulti-level or controlled Security mode. COMNAVDAC administers user ID and password control in the Navy within the framework of the DON ADP Security Program. the three position standard user ID site code to all Navy activities, and keeps the user ID series assignments consistent with JCS PUB 6-03.7.

49、is maintained for use within Navy by NARDAC Newport. COMNAVDAC also assigns A list of ADPSOs 4.3.2 Navv activities. in writing a single ADPSO to act as the focal point for all activity IS security matters and sends this information to NARDAC Newport. The Commanding Officer of each Navy activity appoints 4.3.3 Automatic Data Processing Security Officer (ADPSO). The activity ADPSO ensures