Embedded computer capabilities used on Navy-issued computers are authorized in telework environments and unclassified government workspaces only. They are prohibited in any classified government workspaces, per reference (a).
The following authorities are responsible for establishing processes prior to telework and disabling prior to re-introducing these computers back into higher classified workspaces (collateral classified, SCIF, and SAP):
Navy-issued peripherals in telework environments are authorized on personally owned computers. In unclassified workspaces, the use of headsets with microphones and web cameras is restricted to training and mission essential tasks that require two-way communication. They are NOT authorized for unofficial use.
- Authorized up to the Top Secret level, to include common, restricted and collateral open storage areas, with the following limitations:
- Reference (b) remains in force for mobile devices in any Pentagon workspace that is designated or accredited for the processing, handling, or discussion of classified information.
- Must be government procured using the network provider Approved Products List (APL).
Effective immediately, commands will only procure peripherals contained on APLs established by their network providers.
NMCI APL available on:
https://www.homeport.navy.mil/services/downloads/nmcicertifieddevicelist.xls
ONEnet APL available on:
https://navyonenet.com/navy-one-net-products/
Previously procured peripherals that do not comply with this NAVADMIN will be replaced as soon as fiscally feasible, but not later than Dec. 31, 2020.
Headsets without microphones, per reference (c):
- Must be unplugged when not in use.
- Must be wired.
- May use either a 3.5mm audio jack or USB port.
- Cannot contain noise-cancelling functionality.
- May be used on a system with any classification level, and once disconnected, are not considered classified.
Headsets with microphones, per reference (c):
- Must be unplugged when not in use.
- Must be wired. Push to talk preferred, if available.
- May use either a 3.5mm audio jack or USB port.
- Cannot contain noise-cancelling functionality.
Web Cameras
Use of web cameras must be approved by the appropriate authority identified above, and may only be used on systems at the classification level of the space. For example, in a collateral SECRET open storage area an external web camera may be connected to the SECRET workstation only.
Waivers regarding use of external web cameras on workstations at a lower classification level than the workspace may be approved on a case-by-case basis by the Navy SISO for select situations, for example, offices with doors.
Navy-accredited SCIFs may be authorized for web camera use by the Navy SSO or Navy Regional SSO (RSSO) on a case-by-case basis, with the following limitations:
- Reference (b) remains in force for mobile devices in any space in the Pentagon that is designated or accredited for the processing, handling, or discussion of classified information.
- All peripherals used in SCIF workspaces must be government procured using the network provider APL.
Effective immediately, commands will procure only computer peripherals contained on approved products lists established by their network providers. Previously procured peripherals (e.g. headsets, web cameras, microphones, etc.) used in classified spaces will be replaced as soon as fiscally feasible, but no later than Dec. 31, 2020.
Headsets
Headsets without microphones must be unplugged when not in use; may use either a 3.5mm audio jack or USB port. If the headsets connect via a USB port, the Navy SSO will coordinate with the NIA CIO prior to issuing a determination.
Headsets cannot contain noise-cancelling functionality. Per reference (d), headsets must be government procured. They may be used on a system with any classification level, and once disconnected, are not considered classified.
Headsets with microphones must be unplugged when not in use. They must be wired and have push to talk capability, and may use either a 3.5mm audio jack or USB port. If the headsets connect via a USB port, the Navy SSO will coordinate with the Naval Intelligence Activity (NIA) CIO prior to issuing a determination.
Headsets with microphones cannot contain noise-cancelling functionality. Per reference (d), headsets must be government procured.
Web Cameras with Recording and Restricted Technologies
Per reference (e), recording capabilities and restricted technologies, such as audio and video recorders, cameras, microphones, and devices with USB connectivity, introduce vulnerabilities to information and therefore impact SCIF security.
Cameras are considered medium risk portable electronic devices and may be allowed in a SCIF with approval of the CSA or Navy SSO, with concurrence of the NAVINTEL CIO with appropriate mitigations in place.
Reference (e) does not distinguish between digital and web cameras. Direct all waiver requests to the Navy SSO. Navy-accredited SAP Facilities (SAPFs) may be authorized use by the Director, DON SAP Central Office (SAPCO) on a case-by-case basis.
Personally owned peripherals, wired or Bluetooth-enabled, use on Navy-issued computers are not authorized in any classified workspaces, are authorized in telework environments and unclassified government workspaces, with the following exceptions:
-- Per reference (a), peripherals manufactured by any source that is designated by the Navy or the Defense Information Systems Agency (DISA) as being prohibited are not allowed. This includes any company prohibited by law, to include Huawei, Zhong Xing Telecommunication Equipment (ZTE), Hikvision, Hytera, and Dahua. (Note: Users are encouraged to use the DISA APL at https://disa.deps.mil/org/SE6/Lists/APL/AllItems.aspx to inform their personal peripheral procurements).
-- Per reference (a), storage devices (e.g., Universal Serial Bus (USB) memory sticks, hard drives, digital cameras, etc.) are prohibited.
-- Per reference (a), external monitors are prohibited, when using USB connections.
-- Per reference (a), external monitors using VGA, DVI, HDMI, or Display Port Connections, provided they do not have any memory storage capabilities, are authorized.
-- Per reference (f), any personally owned device that provides print functions, including multi-functional devices, are prohibited.
This NAVADMIN will remain in effect until canceled or superseded.
Points of contact for guidance: