This policy defines agency efforts to be compliant with federal guidance for IPv6.
Beginning in 2005, the Federal government began an initiative that served as a catalyst to commercial development and adoption of Internet Protocol Version 6 (IPv6). Designed to replace IPv4, which has been in use since 1983, these protocols are globally unique numeric identifiers necessary to distinguish individual entities that communicate over the Internet.
The regulatory authorities include:
- OMB Memorandum M-21-07, Completing the Transition to Internet Protocol Version 6 (IPv6), November 19, 2020
- OMB Memorandum M-05-22, Transition Planning for Internet Protocol Version 6 (IPv6), August 2, 2005 (rescinded by M-21-07)
- OMB Memorandum dated September 28, 2010, Transition to IPv6
- OMB Circular A-130, Managing Information as a Strategic Resource
- Federal Acquisition Regulation; FAR Case 2005-041, Internet Protocol Version 6 (IPv6)
ROLES AND RESPONSIBILITIES
The memorandum identifies clear activities agencies must conduct with indication of roles required to take action.
- The Chief Executive Officer (CEO) is responsible for establishing an agency-wide integrated project team (including acquisitions, policy and technical members) or other governance This team will be required to govern and enforce IPv6 efforts.
- The Director of Policy and Planning in the Office of the Chief Information Officer will develop this policy and incorporate required language.
- The Chief Information Security Officer is responsible for privacy incident response and incident reporting.
- The Director of Web Services is responsible for providing assistance in publishing this policy on the public website.
Network information systems
By the end of Fiscal Year (FY) 2023, all new networked Federal information systems will be IPv6-enabled at the time of deployment. The agency’s strategic intent is to phase out the use of all IPv4 systems.
As MCC interacts with external partners, we will work to encourage migration to IPv6 for all network interfaces.
Public/External Facing Systems/Server
MCC shall complete upgrading all public/external facing servers and services, and internal client applications that communicate with public Internet services and supporting enterprise networks to operationally use native IPv6.
MCC shall follow all guidance in the FAR regarding future acquisitions of networked information technology with IPv6 requirements. MCC shall:
- Unless the agency Chief Information Officer waives the requirement, when acquiring information technology using Internet Protocol, the requirements document must include reference to the appropriate technical capabilities defined in the USGv6 Profile (NIST Special Publication 500-267) and the corresponding declarations of confidence defined in the USGv6 Test Program.
- Continue to use the USGv6 Profile to define agency or acquisition specific requirements for IPv6 capabilities when purchasing networked information technology and services. Going forward, this should include specifying the requirement for hardware and software to be capable of operating in an IPv6-only environment.
- Continue to require potential vendors to document compliance with such IPv6 requirement statements through the USGv6 Test Program.
- In rare circumstances where requiring demonstrated IPv6 capabilities would pose undue burden on an acquisition action, provide a process for agency Chief Information Officers to waive this requirement on a case-by-case basis. In such cases, the purchasing agency shall request documentation from vendors detailing explicit plans (e.g., timelines) to incorporate IPv6 capabilities to their offerings.
MCC will follow best practices in securing networked information technology utilizing IPv6. MCC shall:
- Ensure that plans for full support for production IPv6 services are included in IT security plans, architectures, and acquisitions.
- Ensure that all systems that support network operations or enterprise security services are IPv6- capable and can operate in IPv6-only environments.
- Follow applicable Federal guidance and leverage industry best practices, as appropriate, for the secure deployment and operation of IPv6 networks.