Login Procedures to Change for a Number of SIGINT Applications in 2007

DYNAMIC PAGE -- HIGHEST POSSIBLE CLASSIFICATION IS TOP SECRET // SI / TK // REL TO USA AUS CAN GBR NZL (U//FOUO) Login Procedures to Change for a Number of SIGINT Applications in 2007 FROM: M. Brooks Emrick SIGINT Systems Engineering Office (S01A) Run Date: 12/28/2006 (C//REL) In 2007, PASSPORT will be phased out and replaced by PKI and CASPORT. (U) Attention, all SIGINT analysts and IT personnel who use or support the following applications: (C//REL) ASSOCIATION, BABBLEQUEST, BANYAN, CHALKFUN, CONTRAOCTAVE, DISHFIRE, EKS (Enterprise Knowledge System, aka KSP), ENCORE (including SIGDEV Portal), GLOBALREACH, GLOBALVISION (Thin Client), HOMEBASE, JACKSPARROW, MAINWAY, MARINA (aka YACHTSHOP), MISSION MANAGEMENT, OCTSKYWARD, PLATINUMPLUS, QUARRYGEM, SEDB Analysis Environment, SEEKTRAIN, SIGINT NAVIGATOR, SPOTBEAM, TOYGRIPPE (U) In 2007, the login procedures for the above applications will change - NSA is decommissioning the PASSPORT system and migrating to the use of PKI and CASPORT. Users may already have noticed the addition of PKI logins, or seen messages on the subject. (U) Migration Schedule (U//FOUO) Applications will migrate on approximately the following schedule. Owners and developers of these systems will separately notify their users of when exact changes will occur. (C//REL) Applications currently using PKI logins, or will, by 1 January 2007 : BABBLEQUEST, EKS (Enterprise Knowledge System aka KSP), HOMEBASE, JACKSPARROW, PLATINUMPLUS, QUARRYGEM, SEEKTRAIN, TOYGRIPPE (C//REL) Applications that will migrate by 1 February 2007 : ASSOCIATION, BANYAN, CHALKFUN, CONTRAOCTAVE, DISHFIRE, GLOBALREACH, GLOBALVISION (Thin Client), MARINA (aka YACHTSHOP), MISSION MANAGEMENT, OCTSKYWARD, SPOTBEAM (C//REL) Applications migrating by 1 May 2007 : ENCORE MAINWAY, SEDB "Arcview" Analysis Environment, and SIGINT Navigator

(U) What This Change Means to the User (U//FOUO) If you have not done so already, please get a PKI certificate issued to you by a Trusted Agent (" go PKI " on NSAnet for more information). You will receive a private key or keys (enciphered computer files) to install in your personal account. You will then be able to generate and verify digital signatures and enable encrypt/decryption of email and files. The certificate can also be used to log into applications that are PKI enabled, such as those above. The PKI certificate works in lieu of a password; however, it does NOT change the need to have an account on a system to get access. (U) Note: These changes in NO way affect the way users log into NSAnet. These changes are applicable only to the database and applications listed above. (U//FOUO) If You Are Unable to Get a PKI Certificate... (U//FOUO) If you cannot obtain a PKI certificate for logistical reasons (e.g. field users not near a Trusted PKI Agent, or other problem), follow the instructions below to obtain a backup CASPORT password until you are able to obtain a PKI certificate. These instructions apply to both NSAers and Second Parties: 1. (U//FOUO) On NSANet , you can access the CASPORT web page at " go casport " 2. (U//FOUO) From the Second Party Mall , access the CASPORT web page via: 3. (U//FOUO) As you enter the site, it may ask for a PKI cert, but you can enter without one if you hit the "cancel" button. (U//FOUO) If you are using Netscape , you may get an error: "Security error: domain name mismatch", hit OK to continue, then when it prompts you "Please enter the master password for the Software Security Device" -- hit "Cancel" to get in. (U//FOUO) If you are using Internet Explorer , it may put up a box that says "Web site you want to visit requests identification" -- hit "Cancel" and it will let you in. 4. (U//FOUO) For NSA users : once on the CASPORT home page, click the "my identity" tab. On the right hand side of that page, third paragraph down in the "Password Reset" box; there is a link "Trouble Ticket" to apply for a CASPORT Password. Apply and list your justification. 5. (U//FOUO) For Second Party users : once on the CASPORT home page, click the "2 P" box under the CASPORT logo, click the "Create Account" tab and fill out the form to start the process. (U//FOUO) Special Note for Users of JWICS and JWICS/GHOSTWIRE: (U//FOUO) If you access these applications via JWICS and JWICS/GHOSTWIRE and use a web browser, should be able to login with PKI. Applications that are not accessed through a web browser probably will not work with PKI. However, because connection conditions vary widely, users should test their PKI certificate as soon as possible and be prepared to request a backup CASPORT password. Please contact the individual application help desk and/or this office if you encounter difficulties. (U) Training for Administrators (U//FOUO) Training is available for PASSPORT Delegated Administrators on using the group management capability within CASPORT. Please contact the CASPORT team to make arrangements. (U) For Further Info: (U) POC: M. Brooks Emrick, @nsa.ic.gov , , S01A

(U) References: (a) DoD Instruction 8500.2, Information Assurance Implementation, February 6, 2003 (b) Intelligence Community Public Key Infrastructure (PKI) Overarching Policy for the SCI Fabric, 25 October 1999 "(U//FOUO) SIDtoday articles may not be republished or reposted outside NSANet without the consent of S0121 (DL sid_comms)." DYNAMIC PAGE -- HIGHEST POSSIBLE CLASSIFICATION IS TOP SECRET // SI / TK // REL TO USA AUS CAN GBR NZL DERIVED FROM: NSA/CSSM 1-52, DATED 08 JAN 2007 DECLASSIFY ON: 20320108