DTG: 111618Z MAR 97

FROM: HQ USAF WASHINGTON DC//SC//

TO: ALMAJCOM-FOA//CV/SC/DO/LG/IN/XP/DP/IG/SG/PA/HO/DR//

UNCLAS

SUBJECT: AIR FORCE ELECTRONIC BULLETIN BOARDS AND INTERNET WORLD WIDEWEB HOME PAGES

1. PLEASE ENSURE WIDEST DISSEMINATION OF THIS MESSAGE TO YOUR

SUBORDINATE COMMANDERS.

2. A RECENT AUDIT REVEALED PROBLEMS IN CONTROLLING ELECTRONIC BULLETIN BOARDS AND INTERNET WORLD WIDE WEB HOME PAGES. THIS MESSAGE HIGHLIGHTS THESE PROBLEMS AND PROVIDES GUIDANCE TO PREVENT THEM.

3. PROBLEM: SEVERAL INSTALLATIONS ESTABLISHED BULLETIN BOARDS AND HOME PAGES WITHOUT FIRST ESTABLISHING AND VALIDATING THE REQUIREMENT FOR THEM AND WITHOUT OBTAINING DESIGNATED APPROVING AUTHORITY (DAA) APPROVAL.

A. ESTABLISHING ELECTRONIC BULLETIN BOARDS AND HOME PAGES WITHOUT A VALID REQUIREMENT WASTES VALUABLE COMPUTER AND PERSONNEL RESOURCES.

B. PROCESS REQUIREMENTS FOR ELECTRONIC BULLETIN BOARDS AND HOME PAGES THROUGH THE SUPPORTING COMMUNICATIONS UNIT. ESTABLISHING BULLETIN BOARDS AND HOME PAGES WITHOUT OBTAINING DAA APPROVAL VIOLATES AF DIRECTIVES AND NEEDLESSLY EXPOSES SYSTEMS TO HACKER ATTACK AND INAPPROPRIATE USE. THE DAA IS THE OFFICIAL WITH THE AUTHORITY TO FORMALLY ASSUME RESPONSIBILITY FOR OPERATING THESE SYSTEMS BASED ON ATTAINING AN ACCEPTABLE LEVEL OF RISK. AIR FORCE POLICY (AFI 33-112) REQUIRES DAA APPROVAL FOR ELECTRONIC BULLETIN BOARDS AND HOME PAGES. THE DAA, WITH ASSISTANCE FROM THE CERTIFYING OFFICIAL AND WING INFORMATION PROTECT OFFICE, EVALUATES REQUIREMENTS,VERIFIES SECURITY SAFEGUARDS, AND PROVIDES DEFINITIVE DIRECTION TO ENSURE SECURITY OF THESE SYSTEMS.

4. PROBLEM: SEVERAL HOME PAGES DISPLAYED OR PROVIDED LINKS TO INAPPROPRIATE INFORMATION. FOR EXAMPLE, ONE HOME PAGE HAD POINTERS TO COMMERCIAL SLEAZE AND GOSSIP WEB SITES.

A. LINKS TO THIS INAPPROPRIATE INFORMATION BRING DISCREDIT TO THE AIR FORCE AND MAY BE CONSTRUED AS OFFICIAL AIR FORCE ENDORSEMENT OF THESE ACTIVITIES.

B. WE NEED CLOSE PERSONAL ATTENTION OF THE ACCOUNTABLE SUPERVISORS AND COMMANDERS TO PREVENT THIS FROM HAPPENING. SUPERVISORS AND COMMANDERS NEED TO REMIND THEIR PEOPLE THAT THEY LEAVE "ELECTRONIC FOOTPRINTS" WHEN THEY NAVIGATE THE "INFORMATION SUPER HIGHWAY."

5. PROBLEM: SEVERAL HOME PAGES DISPLAYED UNAPPROVED INFORMATION. FOR EXAMPLE, ONE HOME PAGE DISPLAYED THE TYPES OF WEAPONS STORED IN THAT INSTALLATION'S ARMORY. OTHER HOME PAGES DISPLAYED INFORMATION PROTECTED UNDER THE PRIVACY AND FREEDOM OF INFORMATION ACTS.

A. RELEASING INFORMATION WITHOUT PROPER APPROVAL VIOLATES AF DIRECTIVES AND PUBLIC LAW (IN THE PRIVACY ACT CASE) AND IS BOTH EMBARRASSING AND DETRIMENTAL TO THE AIR FORCE.

B. REVIEWS BY THE APPROPRIATE PUBLIC AFFAIRS OFFICE ARE REQUIRED AND WILL HELP PROTECT THE U.S. GOVERNMENT, THE DOD, AND THE INDIVIDUAL DOD MEMBERS.

6. PROBLEM: SEVERAL INSTALLATIONS ALLOWED UNCONTROLLED ACCESS TO INAPPROPRIATE INFORMATION.

A. COMMANDERS AND SUPERVISORS NEED TO EDUCATE AND ENSURE THEIR PERSONNEL USE THE INTERNET FOR OFFICIAL AND AUTHORIZED PURPOSES.

B. AUTHORIZED USE MEANS THAT THE INTERNET USER'S SUPERVISOR (WHO IS A COMMISSIONED OFFICER OR CIVILIAN GS-11 OR ABOVE IN THE USER'S CHAIN OF COMMAND), IAW THEATER CINC AND MAJCOM POLICIES, CAN PERMIT PERSONAL USE OF THE INTERNET UNDER THE FOLLOWING CONDITIONS:

(1). THE USE DOES NOT ADVERSELY AFFECT THE EMPLOYEE'S PERFORMANCE OF DUTIES.

(2). THE USE IS OF REASONABLE DURATION AND FREQUENCY AND, WHENEVER POSSIBLE, IS MADE DURING THE MEMBER'S PERSONAL TIME (NON-DUTY HOURS).

(3). THE USE SERVES A LEGITIMATE PUBLIC INTEREST, SUCH AS KEEPING MEMBERS AT THEIR WORKSTATIONS, IMPROVING MORALE, ENHANCING PROFESSIONAL SKILLS, OR FURTHERING EDUCATION.

(4). THE USE DOES NOT REFLECT ADVERSELY ON THE AIR FORCE (INCLUDING BUT NOT LIMITED TO, USES INVOLVING PORNOGRAPHY OR ANY OTHER USE THAT IS INCOMPATIBLE WITH PUBLIC SERVICE OR AIR FORCE POLICY).

(5). THE USE DOES NOT OVERBURDEN THE COMMUNICATIONS SYSTEM AND DOES NOT CREATE SIGNIFICANT ADDITIONAL COSTS TO THE AIR FORCE.

7. USE THE GUIDANCE IN AFI 33-129, TRANSMISSION OF INFORMATION VIA THE INTERNET. THIS INSTRUCTION DEFINES THE ROLES AND RESPONSIBILITIES OF PERSONNEL USING AND MAINTAINING INTERNET ACCESS. IT ALSO OUTLINES RESPONSIBILITIES AND PROCEDURES FOR ACCESSING INFORMATION AND PROPERLY ESTABLISHING, REVIEWING, POSTING, AND MAINTAINING GOVERNMENT INFORMATION ON THE INTERNET.

8. YOUR PERSONAL ATTENTION TO THESE INTERNET ISSUES IS NECESSARY TO PRECLUDE THE MISUSE OF GOVERNMENT RESOURCES, ENSURE THE PROTECTION OF OUR INFORMATION AND COMMUNICATIONS SYSTEMS, AND TO PROTECT THE IMPORTANT INFORMATION IN OUR SYSTEMS.

9. POC AT HQ USAF/SCXX IS LT COL FRANK MCGOVERN, DSN: 224-9287, E-MAIL: MCGOVERF@AF.PENTAGON.MIL; POC AT SAF/PA IS CAPT TERRY BOWMAN, DSN: 225-8561, E-MAIL: BOWMANT@AF.PENTAGON.MIL.