DEPARTMENT OF THE AIR FORCE - static.e-publishing.af.mil

DEPARTMENT OF THE AIR FORCE

HEADQUARTERS UNITED STATES AIR FORCE WASHINGTON DC

MEMORANDUM FOR DISTRBUTION C MAJCOMs/ANG/FOAs/DRUs

AFI21-101_AFGM2019-01 21 May 2019

FROM: HQ USAF/A4 1030 Air Force Pentagon Washington, DC 20330-1030

SUBJECT: Air Force Guidance Memorandum to Air Force Instruction 21-101, Aircraft and Equipment Maintenance Management

By Order of the Secretary of the Air Force, this Air Force Guidance Memorandum extends the previous guidance memorandum to Air Force Instruction (AFI) 21-101, Aircraft and Equipment Maintenance Management. Compliance with this Memorandum is mandatory. To the extent its directions are inconsistent with other Air Force publications, the information herein prevails, in accordance with Air Force Instruction 33-360, Publications and Forms Management.

The attached memorandum continues the implementation of Maintenance Cyber Discipline responsibilities and updates eTools requirements and user responsibilities.

This Memorandum becomes void after one year has elapsed from the date of this Memorandum, or upon incorporation by interim change to, or rewrite of AFI 21-101, Aircraft and Equipment Maintenance Management whichever is earlier.

Attachment: Guidance Changes

CEDRIC D. GEORGE Major General, USAF DCS/Logistics, Engineering & Force Protection

2 AFGM2019-01 Revision to AFI 21-101

Attachment Guidance Changes

(ADD) 1.3.4. MAJCOMs assigned combat coded fighter aircraft will coordinate with MDS

Lead/Using Commands and the MAJCOM A-3 to develop and document standardized Mission

Design Series (MDS), Primary Aerospace Vehicle Authorized (PAA) specific utilization rate

standards in their supplements to this instruction. At a minimum the rates will:

(ADD) 1.3.4.1. Consider aggregated/analyzed unit generation capability data to identify and

document standard MDS turn patterns by PAA in their supplements to Chapter 15 this

instruction.

(ADD) 1.3.4.2. Account for standard avionics and weapons training configurations.

(ADD) 1.3.4.3. Account for standard Technical Order (TO) No Later Than (NLT) driven turn

time inspections and Average Sortie Duration (ASD).

(ADD) 1.3.4.4. Include a process for supporting units in assessing shortfalls and developing

action plans.

(ADD) 1.5.2. MAJCOMs that conduct Mission Generation Assessments or similar weapon

system logistic evaluations in order to validate unit readiness will:

(ADD) 1.5.2.1. Provide units a standardized assessment report containing, as a minimum,

positive, negative and areas for improvement feedback to facilitate crosstell to like units.

(ADD) 1.5.2.2. Analyze unit generation processes to capture and communicate best practices.

(ADD) 1.5.2.3. Analyze unit generation performance to identify and communicate noteworthy

trends.

(ADD) 1.5.3. MAJCOMs will annually report their top three trends and causal factors to the

Logistics Working Group to facilitate debate to identify and mitigate potential limiting factors.

MAJCOMs will submit their top three trends to the AF/A4LM workflow NLT 30 days prior to

each Logistics Working Group meeting to usaf.pentagon.af-a4.mbx.a4lm-workflow@mail.mil.

(Replace) 1.14.1. MAJCOMs will establish minimum requirements that ensure units (home

station and deployed) maintain equitable distribution of supervision (Officer and SNCO) across

all on-duty shifts in their supplement to this AFI. (T-2).

(ADD) 1.19. Maintenance Cyber Discipline

(ADD) 1.19.1. Introduction. Maintaining positive maintenance cyber discipline practices of

Department of Defense Information Technology is critical to sustaining the mission. Department

of Defense Instruction 8500.01, Cybersecurity, defines both hardware and software that is

physically part of, dedicated to, or essential in real time to the mission performance of a special

purpose systems. Department of Defense Information Technology is the most common

Information Technology encountered in flightline environments, and includes (but is not limited

to) electronic tools, support equipment, and aircraft. The culture of positive cyber security must

be fostered by all maintenance personnel.

(ADD) Table 1.2. Tiered Interface Examples

TIER Type of Interface

Examples

Applicable TOs

1

On-Board

EC-130, XX-135, E-3, E-8

Device TO

2 Directly Connected F-22 PMA, F-35 PMA, Viper MLV, CAPRE, CETS, DTADS Device TO

3 Indirectly Connected

Test/Support Equip, ATS,ATE, AIS, VDATS

TO 33-1-38

4 Not Connected

eTools

TO 00-5-1

(ADD) 1.19.1.1. All users must review airframe Security Classification Guides, Technical Order

TO 33-1-38, Cyber Security Incident Reporting, and applicable technical manuals and

3 AFGM2019-01 Revision to AFI 21-101

instructions when determining the classification of cyber security incidents and vulnerability documents. (T-1). (ADD) 1.19.2. Authorized and unauthorized uses. End users must have the ability to distinguish between authorized and unauthorized uses. (ADD) 1.19.2.1. Authorized uses must be vetted through a formal cyber security assessment process and are directed in specific to Technical Order guidance. (T-1). Authorized uses are specifically defined by the governing Technical Orders or equivalent publication. (ADD) 1.19.2.2. Unauthorized uses include: connecting any hardware, uploading or downloading software, or media not explicitly defined by Technical Orders. This includes: personal devices, phones, tablets, computers, Universal Serial Bus drives, and similar devices. Department of Defense Information Technology and derivative Air Force Publications and Technical Orders provide users guidance on Automated Computer Program Identification Number System devices acquired from local Communications Squadrons, and media obtained from Department of Defense contractors. (ADD) 1.19.3. Malicious Code. Malicious code or scripts are the most serious threat to cyber systems. Personnel must be able to detect, prevent, and report suspected corrupted systems. Detection is governed by the applicable publications and technical orders. Not all information technology systems have a detection method (such as virus scan capabilities). Prevention is established by the strength of the unit's focus on Maintenance Cyber Discipline Training and compliance. Personnel who suspect Malicious Code/Cyber Issues while using information technologies systems are required to take immediate reporting and remediation actions as defined in TO 33-1-38 and this Air Force Instruction. (ADD) 1.19.4. Lead Commands will coordinate with Weapons System Program Managers, using MAJCOMs/ANG to consolidate and communicate system specific cyber incident events to establish and sustain continuous cyber threat situational awareness reporting. The intent of this communication is to optimize cyber threat awareness and mitigation strategies to the operational users. (Replace) 2.2.3. Ensure a coordinated wing/base instruction is developed that implements procedures to control tools, equipment, electronic devices, and establish cyber discipline requirements that provide operational guidance across all wing/base agencies dispatching to aircraft runway/taxi/parking and maintenance areas. (T-1). (ADD) 2.2.6. Ensure maintenance and communications organizations effectively collaborate and respond to cyber security incidents for maintenance and report in accordance with TO 33-1-38. (ADD) 2.4.9.1.1. Ensure Master Training Plans (MTPs) include annual Maintenance Cyber Discipline training. (T-1). (Replace) 2.4.14. Establish measures that ensure all maintenance personnel are assigned IAW the Duty Title Tool, are available, and utilized to accomplish critical maintenance tasks necessary to integrate maintenance capabilities that optimize Aircraft Availability (AA). (T-1). Maximize utilization of 7-skill level maintenance personnel in the grade of E-5 to E-7 in direct mission generation roles and avoid/minimize their use in staff positions or non-maintenance duties. (T-1). Note: Consider utilization of Civil Service MXG/SQ Unit Program Coordinators to consolidate programs to maximize availability of sortie generation maintainers (NCOs) on the flightline to maximize AA. (Replace) 2.4.52. Establish procedures to ensure assigned units have sufficient Electronic Tools (eTools) availability to execute their assign mission. (T-1). (ADD) 2.4.55. Appoint in writing a Wing Avionics Manager (WAM) or designated official who will:

4 AFGM2019-01 Revision to AFI 21-101

(ADD) 2.4.55.1. Serve as the maintenance focal point for all avionics related interactions between PMs, MAJCOMs, Lead Commands, Wing, Operations and Maintenance or equivalent activities to discern and implement changes in avionics configuration requirements. (ADD) 2.4.55.2. Verify Reliability, Availability, Maintainability for Pods (RAMPOD) updates are completed daily IAW 21-103. (T-1). (ADD) 2.4.55.3. Ensure classified pods/components or equipment are stored in authorized areas IAW DODM 5200.01-V3, DOD Information Security Program; Protection of Classified Information, and AFI 16-1404, Air force Information Security Program. (T-1). (ADD) 2.4.55.4. Ensure classified aircraft/Support/Test equipment are stored in authorized areas IAW DODM 5200.01-V3 and AFI 16-1404. (T-1). (ADD) 2.4.55.5. Review the Department of Defense Information Technology Quality Assurance (QA) cyber systems deficiency detection capabilities list annually to ensure risks to the local mission have been mitigated and escalate issues which require additional attention. (T-1). (Add) 2.4.56. Maintenance Group Commanders or equivalents with approved waivers will coordinate with the Communication Squadron Cyber Security Liaison and/or Information System Security Managers to identify specific requirements and publish local guidance on restrictions of the use of Portable Electronic Devices (PED) in classified processing areas. (T-1). (Add) 2.4.57. Establish user procedures that call for the immediate removal from service and turn in to responsible office when test/support equipment is suspected of having malware. The responsible office will take required action to scan and if needed repair the equipment. (T-1). (Add) 2.4.57.1. Ensure any eTool suspected of having malware is turned into the support section for turn-in to the responsible computer maintenance office for evaluation/repair. (T-1). (ADD) 2.6.2. Ensure only authorized duty titles are assigned for all 2AXXX maintenance personnel IAW the AF/A4LM Duty Title Tool located at . (T-1). (ADD) 2.8.3.1. Ensure all maintenance personnel who utilize Department of Defense Information Technology have received appropriate Maintenance Cyber Discipline Training. (Replace) 2.8.13. Coordinate with local communication squadron to ensure proper eTools configuration (operating system, virus checkers, etc.) is maintained. (T-1). The Squadron Commander will coordinate with lead Technical Order Distribution Office (TODO)/Functional System Administrator (FSA) to resolve TO requirements that are not being satisfied. (T-1). (Replace) 2.8.13.1. Establish procedures to coordinate with the applicable functional OPR to ensure licenses, certification, configuration, maintenance and administrative and physical security of eTools (hardware and software) is conducted IAW applicable 33-series and 17-series AFIs, and Chapter 8 of this AFI. (T-1). (Add) 2.8.15. Establish procedures that prohibit the introduction of government or personal cellular/personal communications system and/or Radio Frequency (RF), Infrared (IR) wireless devices, and other devices such as cell phones and tablets, and devices that have photographic or audio recording capabilities into areas (e.g., rooms, offices) where classified information is stored processed or discussed IAW AFMAN 17-1301 Computer Security (COMPUSEC). (T-1). Coordinate waiver requests with the applicable Approving Official (AO), and ensure adherence to Certified TEMPEST Technical Authority (CTTA) requirements IAW DODD 8100.02, Use of Commercial Wireless Devices, Services, and Technologies in the Department of Defense (DoD) Global Information Grid (GIG) written approval by the AF CTTA IAW AFI 16-1404, NIST SP 800-53A Revision 4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations, Building Effective Security Assessment Plans, and the Enterprise Authorizing Official (AO) IAW AFI 31-101, AFMAN 17-1301. (T-1).

5 AFGM2019-01 Revision to AFI 21-101

(Replace) 3.9.1. Ensure accurate and timely pod and support equipment status is updated or verified daily in Reliability, Availability, Maintainability, for Pods IAW AFI 21-103 for pods under the control of the Aircraft Maintenance Squadron. (T-1). (Replace) 4.11.7.2. Track and schedule all inspections, maintenance, removal, installation, transportation trailers, and adapters in the Maintenance Information System (MIS). (T-1). (ADD) 5.2.1.13. Develop a training plan for individuals assigned to QA that will inspect Maintenance Operations Flight functions. Minimum training will include, MIS (G081/IMDS) online and background products for inspections, time changes, Time Compliance Technical Orders (TCTO), and aircraft configuration management. (T-1). For units with IMDS, the QA inspector will be trained on the use of MSAT (Maintenance Scheduling Application Tool) to provide the capability for a qualified QA inspector to evaluate and report PS&D compliance with functional requirements. (T-2). A senior 2R Air Force Specialty Code (AFSC) or equivalent in Maintenance Operations (MXO) will provide assistance to the inspector as required. (T-2). (REPLACE) 5.2.2.1.7.1. When the Production Superintendent (Pro-Super) or equivalent notifies the Maintenance Operations Center (MOC) that an aircraft is "Crew Ready" the MOC will review the Maintenance Information Systems (MIS) for each Crew Ready aircraft to ensure there are no open Red Xs. (T-1). If open Red X(s) are present in the MIS, the MOC will notify the Pro-super or equivalent for action. (T-1). (ADD) 5.2.2.1.7.2. The MOC will verify aircraft status using the MIS and Estimated-Time-InCommission (ETIC) before reporting it. (T-1). Note: MAJCOMs/ANG will provide Comm/MIS/Cyber out operating procedures in their supplements to this AFI. (ADD) 5.3.4. Develop and administer appropriate Maintenance Cyber Discipline training. Training shall be tailored to Department of Defense Information Technology used locally and shall emphasize authorized and unauthorized uses, prevention, detection, remediation, and provide an overview of recent negative trends and effective mitigation techniques. (T-1). (ADD) 6.2.10. Continuously evaluate the Maintenance Group's maintenance cyber discipline practices for compliance and deficient capabilities. (T-1). (ADD) 6.2.10.1. Maintain lists of Department of Defense Information Technology within the MXG, identify systems with deficient detection capabilities, actions taken to escalate deficient detection capabilities, and other locally reported Information Technology deficiencies. (T-1). (ADD) 6.2.10.2. Escalate weapons system and support equipment cyber related deficiencies to the applicable Program Manager in accordance with T.O. 00-35D-54, USAF Deficiency Reporting, Investigation, and Resolution. (T-1). (ADD) 6.2.10.2.1. Escalate a cyber requirement or issue, submit an AF Form 1067, Modification Proposal in accordance with AFI 63-101/20-101, Integrated Life Cycle Management, and/or maintenance assistance request IAW TO 00-25-107 Maintenance Assistance. (T-1). (Replace) 6.3.1. Develop and maintain a master training plan to train all QA Inspectors, and include augmentees, if applicable. (T-1). Note: See paragraph 5.2.1.13. for minimum MAJCOM training requirements for inspectors inspecting MXO functions. (ADD) 6.3.21. Manage cyber incident responder/facilitator list. (T-1). Responders/facilitators respond to Department of Defense Information Technology incidents that lack the capability to perform a mission function. (T-1). Consolidate and report incidents to the Wing Avionics Manager (WAM) or designated official. (T-1). Example: Automated Computer Program Identification Number System containing software for a Technical Order task that does not have a hardware Technical Order approving its installation or use.

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download