On April 1, the Department of the Navy Chief Information Officer released the memo "Amplifying Guidance to the DON Acceptable Use Policy Regarding Collaboration Tools."
SUBJECT: Amplifying Guidance to the Department of the Navy Acceptable Use Policy Regarding Collaboration Tools
Reference: DON Acceptable Use Policy of 25 FEB 2020
This memo provides amplifying guidance to reference (a) on the acceptable use of the Department of the Navy (DON) IT; i.e., Government Furnished Equipment (GFE). Use of collaboration tools greatly enhance our warfighting and business process capabilities during the COVID-19 crisis; however, the use of unauthorized collaboration tools on DON IT could expose critical information or introduce vulnerabilities.
Commands are to remind personnel that use of unauthorized commercial collaboration tools or commercial e-mail on GFE is a violation of DON acceptable use policy, and DODI 5200.48 policy on handling Controlled but Unclassified Information (CUI).
DISA's Defense Collaboration Service (DCS) is the only DoD-approved collaboration tool. Additionally, Global Video Services (GVS), Secure Access File Exchange (SAFE), and Intelink are all DoD approved capabilities for use on GFE. Commands are not to establish vendor agreements or contracts for use of new collaboration tools during the COVID-19 crisis without DON CIO advance approval.
In the next week and through the duration of the National Pandemic, DoD CIO will authorize the use of the Commercial Virtual Remote (CVR) Environment, which will provide DoD teleworkers with access to a subset of Microsoft Office 365 (O365) capabilities to facilitate continuity of operations using home or personal computers. The CVR Environment is actively being launched and will be available to the entire Department of Defense.
The CVR Environment will consist of content generation and collaboration tools including Word, Excel, PowerPoint, and Teams, that are integrated with Microsoft OneDrive cloud storage capability. The CVR Environment is anticipated to be authorized by exception to process limited categories of CUI information, and will be decommissioned after the crisis. Service CIOs will promulgate additional guidance establishing specific guidelines on the categories of CUI authorized within the CVR environment.
While this policy does not prohibit participating in a collaboration with an outside organization which has established a meeting with other non-DON/DoD approved collaboration tools, it remains the responsibility of the individual employee to properly protect and handle CUI at all times.
Aaron D. Weis