SlideShare a Scribd company logo

CJIS Compliance - System, Communications Protection & Information Integrity

DoubleHorn
DoubleHorn

The previous blog on physical protection helped us in understanding the various security measures that need to be taken to ensure protection of Criminal Justice Information (CJI) in a physically secure location. In this blog, we will discuss one of the most important policy areas of CJIS which is System and Communications Protection and Information Integrity.

Technology
1 of 5
Download to read offline
CJIS Compliance - System, Communications Protection & Information Integrity The previous blog on physical protection helped us in understanding the various security measures that need to be taken to ensure protection of Criminal Justice Information (CJI) in a physically secure location. In this blog, we will discuss one of the most important policy areas of CJIS which is System and Communications Protection and Information Integrity.
Information Flow Enforcement The network infrastructure should be in control of the flow of information between interconnected systems. The system shall control the movement of data from one place to another in a secure manner. Specific examples of flow control can be found in devices that engage in protection of boundaries such as gateways, proxies, firewalls, routers, tunnels and guards. A few such examples that are better expressed as flow control rather than access control are:  Block outside traffic that purports to be from within the agency.  Prevent Criminal Justice Information from being transmitted over a public network in an unencrypted form.  Do not send any web requests to a public network that don’t originate from the internal web proxy. Boundary Protection The agency should:  Control access to networks that are processing Criminal Justice Information  Ensure that all the connections to external systems, the Internet and IT systems occur through interfaces that are controlled by the agency.  Ensure that in the event of operational failure of boundary protection devices; there shouldn’t be any unauthorized leak of information outside the IT system boundary.  Employ techniques and tools to detect attacks, monitor events and identify unauthorized users.  Agencies also need to allocate publicly accessible information system components to separate sub networks with isolated network interfaces. This helps the agency in being safe even if these public networks are compromised; the main secure network is immune. Encryption Encrypting the data is of prime importance and there are stringent conditions that need to be followed. The encryption needs to be a minimum 128 bit and when Criminal Justice Information is being transmitted outside the physically secure location, appropriate encryption mechanisms need to be put in place. Even while CJI is at rest, encryption mechanisms need to be put in place to ensure maximum security. The cryptographic module used to encrypt data shall be certified to meet the stringent FIPS-140-2 standards Intrusion Detection Tools and Techniques The agency should implement host-based and/or network-based intrusion detection tools. The State Identification Bureau (SIB)/CJIS Systems Agency (CSA) additionally should:  Check the outbound and inbound communications for unauthorized and unusual activities.
 Employ automated tools to offer support to monitoring system that detect system-level attacks.  The agencies shall also send individual intrusion detection logs to a centralized logging facility where the analysis of these logs is done to study the pattern of attack and how can we prevent further intrusions. Voice over Internet Protocol VoIP is an extremely popular tool that several organizations use. Although it offers several operational and cost advantages over the legacy telephone systems, VoIP networks have a myriad of security challenges that need to be addressed. Therefore, in line with the communication protection, agencies that are employing VoIP in their networks should adhere to the following rules.  Establish implementation guidance and usage restrictions for VoIP technologies  Change the default password on VoIP switches and IP phones  Utilize Virtual Local Area (VLAN) network to segment data traffic from VoIP traffic Cloud Computing The organizations transitioning to cloud environment are generally confronted with the challenges and the opportunities that the technology provides. Although the cost savings outweigh the rest, loss of control over data is a serious point to ponder over when it comes to CJIS Compliance security. In the light of these, it is suggested that the organizations take appropriate decisions after reviewing the cloud computing white paper and also the cloud assessment that is found on NIST special publications and on FBI.gov. The capabilities of the cloud service providers and their policies would also help the organizations to decide if they can offer services that are compliant with the requirements laid down by CJIS Compliance Security Policy. It is also to be noted that the metadata derived from CJI shouldn’t be put to use by cloud service providers for any purpose whatsoever. Furthermore, the service provider is also prohibited from scanning any data files or email and use it for data mining, building analytics, advertising or for improving the quality of services they provide. Facsimile Transmission of Criminal Justice Information When transmitting CJI through facsimile, encryption requirements needn’t be followed. Partitioning and Virtualization In the view of increasing scarcity of resources, organizations are resorting to centralization of system administration, services and applications. Hence, it is important to secure these virtualized machines and partitions as well
Partitioning There shall be a clear separation between IT system management functionality and user functionality and the service, application or information system should create such a separation either logically or physically. Separation may be achieved by any one of the following methods.  Different central processing units (CPUs)  Different computers  Different network addresses  Separate instances of the operating system  Any other methods that are approved by FBI CJIS ISO Virtualization It may be noted that virtualized environments are authorized for noncriminal justice as well as criminal justice activities. Over and above the security controls described above, there are further more controls that need to be implemented in a virtualized environment.  Maintain the audit logs for all the hosts and virtual machines and these logs need to be stored outside the virtual environment of the host.  The organization needs to isolate the virtual machine from the host which means that the users of virtual machines can’t access the host firmware, files etc.  Critical device drivers should be contained within a separate guest.  Internet facing virtual machines such as portal servers and web servers should be physically separate from those virtual machines which are involved in CJI processes internally. System and Information Integrity Policy and Procedures Patch Management As and when a new security patch is released, it is of prime importance that the patches are applied to ensure information security. Patch requirements that are found during incident response activities, security assessments and continuous monitoring also need to be addressed. Local policies should include items such as  Rollback capabilities need to be given while installing updates, or patches etc.  Thorough testing of appropriate patches well before installation.  Centralized management of patches  Automatic updates need to be activated without the intervention of a user.
Malicious Code Protection The agency needs to implement malicious code protection, which includes automatic updates for all the system that have access to Internet. Even the systems with no Internet access need to be updated regularly to reflect the latest status. In addition, the agency should employ virus detection and protection programs that identify and eradicate malicious codes such as worms, viruses and Trojan horses. Spam and Spyware Protection The agency should:  Utilize spyware protection at servers, on all mobile computing devices, and workstations on the network  Utilize the spam protection programs at all important points of entry of information such as electronic mail servers, firewalls and remote-access servers. Security Alerts and Advisories The agency should:  Receive security advisories/alerts about the information system regularly  Issue advisories/alerts to the appropriate people  Document all the types of actions that need to be taken in response to the security alerts  Take suitable action  Install automated mechanisms that enable availability of advisory and security alert information throughout the agency as appropriate. Information Input Restrictions The agency shall ensure that the information input to any connection to FBI CJIS Compliance services is restricted only to authorized individuals. Restrictions on these personnel with authorization to input information to the IT system may be extended beyond the general access controls employed by the system. DoubleHorn is one of the leading Cloud Solutions Providers founded in January 2005 and based in Austin, Texas. We are capable of offering Cloud Solutions that meet CJIS requirements. Contact us for a complimentary initial assessment at solutions@doublehorn.com or (855) 618- 6423.

Recommended

Governança de segurança da informação - Overview
Governança de segurança da informação - OverviewGovernança de segurança da informação - Overview
Governança de segurança da informação - OverviewData Security
 
Governança de TI e Segurança da Informação
Governança de TI e Segurança da InformaçãoGovernança de TI e Segurança da Informação
Governança de TI e Segurança da InformaçãoTI Infnet
 
An Overview of the Major Compliance Requirements
An Overview of the Major Compliance RequirementsAn Overview of the Major Compliance Requirements
An Overview of the Major Compliance RequirementsDoubleHorn
 
Understanding CJIS Compliance – Information Exchange Agreements
Understanding CJIS Compliance – Information Exchange AgreementsUnderstanding CJIS Compliance – Information Exchange Agreements
Understanding CJIS Compliance – Information Exchange AgreementsDoubleHorn
 
What is CJIS Compliance?
What is CJIS Compliance?What is CJIS Compliance?
What is CJIS Compliance?DoubleHorn
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 

Recommended

Governança de segurança da informação - Overview
Governança de segurança da informação - OverviewGovernança de segurança da informação - Overview
Governança de segurança da informação - OverviewData Security
 
Governança de TI e Segurança da Informação
Governança de TI e Segurança da InformaçãoGovernança de TI e Segurança da Informação
Governança de TI e Segurança da InformaçãoTI Infnet
 
An Overview of the Major Compliance Requirements
An Overview of the Major Compliance RequirementsAn Overview of the Major Compliance Requirements
An Overview of the Major Compliance RequirementsDoubleHorn
 
Understanding CJIS Compliance – Information Exchange Agreements
Understanding CJIS Compliance – Information Exchange AgreementsUnderstanding CJIS Compliance – Information Exchange Agreements
Understanding CJIS Compliance – Information Exchange AgreementsDoubleHorn
 
What is CJIS Compliance?
What is CJIS Compliance?What is CJIS Compliance?
What is CJIS Compliance?DoubleHorn
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 

More Related Content

Recently uploaded

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 

Recently uploaded (20)

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 

Featured

How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Applitools
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at WorkGetSmarter
 

Featured (20)

How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
 
ChatGPT webinar slides
ChatGPT webinar slidesChatGPT webinar slides
ChatGPT webinar slides
 

CJIS Compliance - System, Communications Protection & Information Integrity

  • 1. CJIS Compliance - System, Communications Protection & Information Integrity The previous blog on physical protection helped us in understanding the various security measures that need to be taken to ensure protection of Criminal Justice Information (CJI) in a physically secure location. In this blog, we will discuss one of the most important policy areas of CJIS which is System and Communications Protection and Information Integrity.
  • 2. Information Flow Enforcement The network infrastructure should be in control of the flow of information between interconnected systems. The system shall control the movement of data from one place to another in a secure manner. Specific examples of flow control can be found in devices that engage in protection of boundaries such as gateways, proxies, firewalls, routers, tunnels and guards. A few such examples that are better expressed as flow control rather than access control are:  Block outside traffic that purports to be from within the agency.  Prevent Criminal Justice Information from being transmitted over a public network in an unencrypted form.  Do not send any web requests to a public network that don’t originate from the internal web proxy. Boundary Protection The agency should:  Control access to networks that are processing Criminal Justice Information  Ensure that all the connections to external systems, the Internet and IT systems occur through interfaces that are controlled by the agency.  Ensure that in the event of operational failure of boundary protection devices; there shouldn’t be any unauthorized leak of information outside the IT system boundary.  Employ techniques and tools to detect attacks, monitor events and identify unauthorized users.  Agencies also need to allocate publicly accessible information system components to separate sub networks with isolated network interfaces. This helps the agency in being safe even if these public networks are compromised; the main secure network is immune. Encryption Encrypting the data is of prime importance and there are stringent conditions that need to be followed. The encryption needs to be a minimum 128 bit and when Criminal Justice Information is being transmitted outside the physically secure location, appropriate encryption mechanisms need to be put in place. Even while CJI is at rest, encryption mechanisms need to be put in place to ensure maximum security. The cryptographic module used to encrypt data shall be certified to meet the stringent FIPS-140-2 standards Intrusion Detection Tools and Techniques The agency should implement host-based and/or network-based intrusion detection tools. The State Identification Bureau (SIB)/CJIS Systems Agency (CSA) additionally should:  Check the outbound and inbound communications for unauthorized and unusual activities.
  • 3.  Employ automated tools to offer support to monitoring system that detect system-level attacks.  The agencies shall also send individual intrusion detection logs to a centralized logging facility where the analysis of these logs is done to study the pattern of attack and how can we prevent further intrusions. Voice over Internet Protocol VoIP is an extremely popular tool that several organizations use. Although it offers several operational and cost advantages over the legacy telephone systems, VoIP networks have a myriad of security challenges that need to be addressed. Therefore, in line with the communication protection, agencies that are employing VoIP in their networks should adhere to the following rules.  Establish implementation guidance and usage restrictions for VoIP technologies  Change the default password on VoIP switches and IP phones  Utilize Virtual Local Area (VLAN) network to segment data traffic from VoIP traffic Cloud Computing The organizations transitioning to cloud environment are generally confronted with the challenges and the opportunities that the technology provides. Although the cost savings outweigh the rest, loss of control over data is a serious point to ponder over when it comes to CJIS Compliance security. In the light of these, it is suggested that the organizations take appropriate decisions after reviewing the cloud computing white paper and also the cloud assessment that is found on NIST special publications and on FBI.gov. The capabilities of the cloud service providers and their policies would also help the organizations to decide if they can offer services that are compliant with the requirements laid down by CJIS Compliance Security Policy. It is also to be noted that the metadata derived from CJI shouldn’t be put to use by cloud service providers for any purpose whatsoever. Furthermore, the service provider is also prohibited from scanning any data files or email and use it for data mining, building analytics, advertising or for improving the quality of services they provide. Facsimile Transmission of Criminal Justice Information When transmitting CJI through facsimile, encryption requirements needn’t be followed. Partitioning and Virtualization In the view of increasing scarcity of resources, organizations are resorting to centralization of system administration, services and applications. Hence, it is important to secure these virtualized machines and partitions as well
  • 4. Partitioning There shall be a clear separation between IT system management functionality and user functionality and the service, application or information system should create such a separation either logically or physically. Separation may be achieved by any one of the following methods.  Different central processing units (CPUs)  Different computers  Different network addresses  Separate instances of the operating system  Any other methods that are approved by FBI CJIS ISO Virtualization It may be noted that virtualized environments are authorized for noncriminal justice as well as criminal justice activities. Over and above the security controls described above, there are further more controls that need to be implemented in a virtualized environment.  Maintain the audit logs for all the hosts and virtual machines and these logs need to be stored outside the virtual environment of the host.  The organization needs to isolate the virtual machine from the host which means that the users of virtual machines can’t access the host firmware, files etc.  Critical device drivers should be contained within a separate guest.  Internet facing virtual machines such as portal servers and web servers should be physically separate from those virtual machines which are involved in CJI processes internally. System and Information Integrity Policy and Procedures Patch Management As and when a new security patch is released, it is of prime importance that the patches are applied to ensure information security. Patch requirements that are found during incident response activities, security assessments and continuous monitoring also need to be addressed. Local policies should include items such as  Rollback capabilities need to be given while installing updates, or patches etc.  Thorough testing of appropriate patches well before installation.  Centralized management of patches  Automatic updates need to be activated without the intervention of a user.
  • 5. Malicious Code Protection The agency needs to implement malicious code protection, which includes automatic updates for all the system that have access to Internet. Even the systems with no Internet access need to be updated regularly to reflect the latest status. In addition, the agency should employ virus detection and protection programs that identify and eradicate malicious codes such as worms, viruses and Trojan horses. Spam and Spyware Protection The agency should:  Utilize spyware protection at servers, on all mobile computing devices, and workstations on the network  Utilize the spam protection programs at all important points of entry of information such as electronic mail servers, firewalls and remote-access servers. Security Alerts and Advisories The agency should:  Receive security advisories/alerts about the information system regularly  Issue advisories/alerts to the appropriate people  Document all the types of actions that need to be taken in response to the security alerts  Take suitable action  Install automated mechanisms that enable availability of advisory and security alert information throughout the agency as appropriate. Information Input Restrictions The agency shall ensure that the information input to any connection to FBI CJIS Compliance services is restricted only to authorized individuals. Restrictions on these personnel with authorization to input information to the IT system may be extended beyond the general access controls employed by the system. DoubleHorn is one of the leading Cloud Solutions Providers founded in January 2005 and based in Austin, Texas. We are capable of offering Cloud Solutions that meet CJIS requirements. Contact us for a complimentary initial assessment at solutions@doublehorn.com or (855) 618- 6423.