From the Office of CIO Communications

Today’s interconnected business environment brings with it increased dependence on information and information systems. While email can be a vital link, the variety of network and computer system vulnerabilities that can be exploited when accessing DON email from non-DoD owned computers cannot be ignored.

Accordingly, NAVAIR end users are permitted to use Outlook Web Access (OWA) to conduct official business as long as they have authorization from their Commanding Officer or Level I and have submitted the “NMCI User Agreement for Outlook Web Access” located on the Office of CIO Web site at https://cio.navair.navy.mil.

Commanding Officer(s) or Level I(s) can authorize OWA for individual users with a valid mission need, and in doing so, must also assume responsibility for ensuring the military, Federal civilian employee or NAVAIR contractor personnel submit the User Agreement. NAVAIR contractors should submit signed User Agreement through their Contracting Officer Representative (COR). The COR will submit the User Agreement to his/her respective Commanding Officer/Level I for approval.

The NMCI User Agreement for Outlook Web Access contains, but is not limited to, the following conditions:

- Non-DoD computers must have appropriate firewall and virus software installed.

- OWA should be accessed through a Public Key Infrastructure (PKI)-enabled Common Access Card (CAC). CAC-based authentication to OWA requires installation and use of smart card reader and middleware.

- Non-DoD computers cannot be publicly accessible computers (e.g., hotel, universities, libraries, Internet café, kiosks, etc.).

- OWA user must own the non-DoD computer (not a friend or relative).

- If OWA user is not the sole user of the computer, the operating system must support multiple accounts (WIN IT, WIN 2000, WIN XP only). The OWA user shall be the only person with administrative access to the operating system and OWA’s user account shall be protected by use of a strong password.

Furthermore, in accordance with COMNAVAIR message 20 Jul 05, NAVAIR Policy for the Unclassified Navy Marine Corps Intranet Outlook Web Access for Military, Federal Civilian Employees and NAVAIR Contractors, Commanding Officer or Level I has the additional responsibility of determining the means and procedures for procuring the CAC readers and middleware required to authenticate to OWA. A smart card reader will be available from the NMCI peripheral catalog in the near future, but for now, CAC-compatible Smart card reader packages are available to DON Commands at www.itec-direct.navy.mil and can be privately purchased from various commercial vendors, including CDW, Inc. www.cdw.com and Envoy Data Corp. www.envoydata.com. Additional information on enterprise licensing and government middleware purchasing under the DoD’s Enterprise Software Initiative is available at www.doncio.navy.mil for Navy users and https://www.noc.usmc.mil/PKI/ for Marine Corps users.

Refer to COMNAVAIR message 20 Jul 05 for further information. The message and the NMCI User Agreement for Outlook Web Access are located on the Office of CIO Web site (https://cio.navair.navy.mil).

The NMCI Help Desk (1.866.THE.NMCI) is responsible for providing assistance for OWA-related network, server and account problems; it is not responsible for assisting users with non-NMCI workstation and peripheral configuration.