************************************************************************ DDN MGT Bulletin 119 DISA DDN Defense Communications System 1 March 1993 Published by: DDN Network Info Center (NIC@NIC.DDN.MIL) (800) 365-3642 DEFENSE DATA NETWORK MANAGEMENT BULLETIN The DDN MANAGEMENT BULLETIN is distributed online by the DDN Network Information Center under DISA contract as a means of communicating official policy, procedures and other information of concern to management personnel at DDN facilities. Back issues may be read through the TACNEWS server ("@n" command at the TAC) or may be obtained by FTP (or Kermit) from the NIC.DDN.MIL host [192.112.36.5] using login="anonymous" and password="guest". The pathname for bulletins is ddn-news/ddn-mgt-bulletin-nn.txt (where "nn" is the bulletin number). ************************************************************************ PLEASE PASS TO ALL MILNET NODE SITE COORDINATORS. FOR DISA AREAS, PLEASE PASS AS A LOCAL AREASTA. THIS INFORMATION HAS ALSO BEEN RELEASED AS CONUSMILNETSTA 04/93 Subject: Policy for Crypto Re-Keying of MILNET ISTs 1. One of the most common reasons for MILNET inter-switch trunk (IST) outages is crypto coordination problems at MILNET sites at HJ times. We have been working hard to reduce these occurences, with significant success. However, problems still occur. The best solution to this problem is for all MILNET ISTs to use OTAR. DISA has an ongoing effort to assist the net control stations (NCSs) to convert to OTAR. The MILNET POC for OTAR is SSgt Joe Buchanan, DSN 222-2771, commercial (703) 692-2771. We have found another partial solution. We have researched the crypto procedures required for MILNET ISTs not currently using OTAR. This bulletin restates existing policy for encryption in MILNET ISTs where OTAR is not implemented. 2. Standard NSA policy states that unclassified network circuits that do not use OTAR may use a monthly crypto period with no update. This means that the traffic encryption key (TEK) may be loaded into the crypto device monthly and no daily update is required. This bulletin establishes the monthly crypto period with no update as the standard for MILNET ISTs that are not using OTAR. This procedure should be implemented ASAP. The deadline for converting to this procedure is 19 Mar 1993. 3. Two procedures have been defined: 1) the procedure that must be followed when a circuit outage occurs and 2) for sites that are not manned seven days a week, the procedure for installing the next TEK when the first of the month occurs on a week-end or holiday a. If a circuit fails but the crypto equipment re-synchs automatically after restoral, loading of new TEK is not required. Please note that a KG-84A will retain key during power or circuit outages only if fresh fill-hold batteries are installed. If a circuit fails and the crypto equipment does not re-synch automatically, the "next up" segment of TEK will be loaded. In order to re-establish the normal period, the KG-84A will also be loaded on the first of the next month. b. When the first of the month occurs on a week-end or holiday at a site not manned during that time, the monthly loading of the TEK will be accomplished on the next duty day at a time established by the NCS. This situation should be coordinated with the MILNET monitoring center (1-800-451-7413). 4. DISA POCs for this topic are: Maj Ted A. Tatchio (DSN 222-2757, commercial 703-692-2757) email: milnetmgr@ddn-conus.ddn.mil Mr Rod McDaniel, DSN 222-7580, commercial 703-692-7580) email: cmcmgr@ddn-conus.ddn.mil 5. This CONUSMILNETSTA will remain in effect until cancelled by this office.