5 FAH-11 H-830
ESTABLISHING NETWORK EXTENSIONS
(CT:IAH-27; 07-16-2024)
(Office of Origin: DT/EA)
5 FAH-11 H-831 Network Extensions
(CT:IAH-27; 07-16-2024)
a. Conducting Department business may require the extension of the Department’s OpenNet and ClassNet networks to non-Department entities. A network extension under these circumstances is an expansion of OpenNet or ClassNet boundaries to include deployment of Department-approved hardware at a non-Department entity location. A network extension does not involve an interconnection to another system or extranet. While not requiring the formal memoranda of agreements or understandings set forth in 5 FAH-11 H-820, the establishment of these network extensions must comply with Department regulations and contract provisions, and be documented via a memorandum of agreement, contract modification, or Form DD-254, Department of Defense Contract Security Classification Specification as appropriate, between the sponsor and the non-Department entity (e.g., another U.S. government agency or contractor housing the extension). (For agreement format examples, see 5 FAH-11 Exhibits H-831(1) - (4). The Department also uses Department of Defense Form DD-254.)
b. Department policy, 12 FAM 642.4-4, requires that both the Bureau of Diplomatic Technology’s Office of External Affairs (DT/EA) and the Directorate of Cyber Operations’s Information Systems Security Office (DT/CO/ISSO) approve all network extensions, based on assessments of the requested extension’s compliance with Department policy.
5 FAH-11 H-832 EXTENSION Planning
(CT:IAH-27; 07-16-2024)
a. The sponsoring bureaus planning a network extension must first develop a business case justifying the requirement. A memorandum detailing the business case should be sent to DT/EA and DT/CO/ISSO stating why the extension is necessary and what Department mission the extension will support. The memorandum should also provide details on the planned extension’s off-site location, point of contact at the off-site location, the extension’s hardware requirements, the intended users, the estimated support costs, and the planned site-specific security controls.
b. Requested extensions that involve contractual sites will also require contract modifications to assure protection of the Department’s and other parties’ interests. For classified contracts, the Contract Security Classification Specification (Form DD-254, Department of Defense Contract Security Classification Specification) must include the contractor’s responsibilities for assuring the security of the extension.
5 FAH-11 H-833 REQUEST PROCESS
(CT:IAH-27; 07-16-2024)
a. DT/EA coordinates the sponsoring bureau’s extension request with the Bureau of Diplomatic Security (DS) (e.g., with the Office of Information Security’s Industrial Division (DS/IS/IND) if the request is for an extension at a contractor site, and the Facilities Security Division (DS/C/PSP/FSD) if the request is for an extension at another USG agency), with the Enterprise Network Management Office(DT/OPS/ENM), and with the Cyber Operation’s Information Systems Security Office (DT/CO/ISSO):
(1) The Enterprise Network Management Office (DT/OPS/ENM), reviews the extension request and makes an operational assessment of the planned connection, and provides clearance or non-clearance on the request to DT/EA;
(2) DT/CO/ISSO reviews the request and provides co-approval or disapproval of the request to DT/EA;
(3) Upon receiving the DT/OPS/ENM clearance and DT/CO/ISSO co-approval, DT/EA provides an interim approval with security requirements to the sponsoring bureau. If DT/OPS provides a non-clearance or DT/CO/ISSO and/or DT/EA provides a disapproval, the request will be denied;
(4) When DT/EA confirms the security requirements have been met, a final approval regarding the extension is provided to the sponsoring bureau, and DT/OPS/ENM. DT/CO/ISSO must co-sign the approval; and
(5) If at any time DT/EA determines that the extension is no longer in compliance with the terms of the approval, it may be revoked. The sponsoring bureau will have an opportunity to correct any deficiencies before an approved extension is revoked;
b. When interim approval is granted, DT/EA will provide the terms and conditions for implementing the network extension.
c. DT/EA will provide the sponsoring bureau a reason an extension request has been denied, as well as the action required to obtain approval for a network extension. d. Approvals are valid for a maximum of one year and must be renewed to continue past each year. The sponsoring bureau must request a renewal at least 30 days in advance of the approval’s expiration. DT/EA and DT/CO/ISSO must approve and DT/OPS/ENM must clear all renewals.
e. The sponsoring bureau must notify DT/EA and DT/CO/ISSO promptly if the extension is discontinued (e.g., when the extension is no longer needed).
5 FAH-11 H-834 THROUGH H-839 UNASSIGNED
5 FAH-11 Exhibit H-831(1)
Agreement Format for OpenNet/ClassNet Extensions to Department Contractors
(CT:IAH-2; 03-12-2007)
I. Purpose – state what the agreement authorizes and why it is necessary- include summary of business case justification
II. Contractual Authorization – cite contract provisions authorizing connection (i.e., Form DD-254, Department of Defense Contract Security Classification Specification)
III. Applicability and Definitions – characterize nature and sensitivity of data and the appropriate classification thereof
IV. Conditions and Responsibilities
Describe method of interconnection
Identify exact locations of connection (i.e., server connections) and purpose of user access
Define hardware requirements and who will provide such equipment or resources
State what organization is responsible for supporting the connection
Estimate support costs and how they will be shared
Define how user access is limited by router/firewall connections
Describe incident reporting procedures
Cite establishment of encrypted links
Must include acceptance to comply with 12 FAM 600 security requirements
V. Security Checks
Date of the Bureau of Diplomatic Security (DS) validation of physical security at drop location
Date of the Global Information Technology Risk office’s (DT/E-CISO/GITR) risk analysis (only required when standard DOS security requirements cannot be met but business need for an extension persists.)
Date of Enterprise Network Management (DT/OPS/ENM) approval
VI. Effective Date of Agreement – cite agreement’s effective date
VII. Termination/Suspensions of Agreement
Define procedures for terminating the agreement- who may terminate or suspend the agreement and under what conditions
VIII. Signature Blocks
For Department of State For Sponsoring Bureau
DT
______________________ ____________________________
(Signature) (date) (Signature) (date)
5 FAH-11 Exhibit H-831(2)
Agreement Format for OpenNet/ClassNet Extension to Other Federal Agencies
(CT:IAH-27; 07-16-2024)
I. Purpose – state what the agreement authorizes and why it is necessary and include summary of business case justification
II. Authorization – cite Memorandum of Understanding provisions authorizing connection
III. Applicability and Definitions – characterize nature and sensitivity of data and the appropriate classification thereof
IV. Conditions and Responsibilities
Describe method of interconnection
Identify exact locations of connection (i.e., server) and purpose of user access
Define hardware requirements and who will provide such equipment or resources
State what organization is responsible for supporting the connection
Estimate support costs and how they will be shared
Define how user access is limited by router/firewall connections
Describe incident reporting procedures
Cite establishment of encrypted links
Must include acceptance to comply with 12 FAM 600 security requirements
V. Security Checks
Date of the Bureau of Diplomatic Security (DS) validation of physical security at drop location
Date of the Global Information Technology Risk office’s (DT/E-CISO/GITR) risk analysis (only required when standard DoS security requirements cannot be met but business need for an extension still persists)
Date of Enterprise Network Management (DT/OPS/ENM) approval
VI. Effective Date of Agreement – cite agreement’s effective date
VII. Termination/Suspensions of Agreement
Define procedures for terminating the agreement- who may terminate or suspend the agreement and under what conditions
VIII. Signature Blocks
For Department of State For Federal Agency
(Signature) (date) (Signature) (date)
5 FAH-11 Exhibit H-831(3)
Agreement Format for OpenNet/ClassNet Extensions to Other Governments
(CT:IAH-27; 07-16-2024)
I. Purpose – state what the agreement authorizes and why it is necessary - include summary of business case justification
II. Authorization – cite government or International Agreement provisions authorizing connection
III. Applicability and Definitions – characterize nature and sensitivity of data and the appropriate classification thereof
IV. Conditions and Responsibilities
Describe method of interconnection
Identify exact locations of connection (i.e., server) and purpose of user access
Define hardware requirements and who will provide such equipment or resources
State what government is responsible for supporting the connection
Estimate support costs and how they will be shared
Describe how users are cleared for access
Define how user access is limited by router/firewall connections
Describe incident reporting procedures
Cite establishment of encrypted links
Must include acceptance to comply with 12 FAM 600 security requirements
V. Security Checks
Date of the Bureau of Diplomatic Security (DS) validation of physical security at drop location
Date of the Global Information Technology Risk office’s (DT/E-CISO/GITR) risk analysis (only required when standard DoS security requirements cannot be met but business need for an extension still persists)
Date of the Enterprise Network Management (DT/OPS/ENM) approval
Date of the Office of the Legal Advisor (L) approval
VI. Effective Date of Agreement – cite agreement’s effective date
VII. Termination/Suspensions of Agreement
Define procedures for terminating the agreement- who may terminate or suspend the agreement and under what conditions
VIII. Signature Blocks
For Department of State For other government entity
(Signature) (date) (Signature) (date)
5 FAH-11 Exhibit H-831(4)
Format for Temporary OpenNet Extensions to Other Nongovernment Entities Agreement
(CT:IAH-27; 07-16-2024)
I. Purpose – state what the agreement authorizes and why it is necessary - include summary of business case justification
II. Authorization – cite legal document authorizing the connection
III. Applicability and Definitions – characterize nature and sensitivity of data and the appropriate classification thereof
IV. Conditions and Responsibilities
Describe method of interconnection
Identify exact locations of connection (i.e., server) and purpose of user access
Define hardware requirements and who will provide such equipment or resources
State what government is responsible for supporting the connection
Estimate support costs and how they will be shared
Describe how users are cleared for access
Define how user access is limited by router/firewall connections
Describe incident reporting procedures
Cite establishment of encrypted links
Must include acceptance to comply with 12 FAM 600 security requirements
V. Security Checks
Date of the Bureau of Diplomatic Security (DS) validation of physical security at drop location
Date of the Global Information Technology Risk office’s (DT/E-CISO/GITR) risk analysis (only required when standard DoS security requirements cannot be met but business need for an extension persists)
Date of the Enterprise Network Management (DT/OPS/ENM) approval
Date of the Office of the Legal Advisor’s (L’s) approval [required if agreement is with a foreign non-government entity]
VI. Effective Date of Agreement – cite agreement’s effective date
VII. Termination/Suspensions of Agreement
Define procedures for terminating the agreement - who may terminate or suspend the agreement and under what conditions
VIII. Signature Blocks
For Department of State For non-government entity
(Signature) (date) (Signature) (date)