SlideShare a Scribd company logo

Understanding CJIS Compliance – Information Exchange Agreements

Download as DOCX, PDF
DoubleHorn
DoubleHorn

In the previous blog, we saw an overview of what CJIS is and what are different policy areas and in this blog we will elaborate on the first policy area - Information Exchange Agreements. Under the first policy area Information Exchange Agreements, it is mentioned that the information shared through communication mediums should be safely protected using appropriate security safeguards. Information exchanged can take many forms such as instant messages, electronic mail, hard copy, facsimile, web services and also information systems sending, receiving and storing CJI. It is to be noted that the agencies, before exchanging criminal justice information, should put formal agreements in place that specify the security controls. Information Exchange Agreements helps in understanding the roles, responsibilities and data ownership between agencies and other external parties.

Technology
1 of 3
1 Understanding CJIS Compliance – Information ExchangeAgreements In the previous blog, we saw an overview of what CJIS is and what are different policy areas and in this blog we will elaborate on the first policy area - Information Exchange Agreements. Under the first policy area Information Exchange Agreements, it is mentioned that the information shared through communication mediums should be safely protected using appropriate security safeguards. Information exchanged can take many forms such as instant messages, electronic mail, hard copy, facsimile, web services and also information systems sending, receiving and storing CJI. It is to be noted that the agencies, before exchanging criminal justice information, should put formal agreements in place that specify the security controls. Information Exchange Agreements helps in understanding the roles, responsibilities and data ownership between agencies and other external parties. Information Exchange There are multiple things that one needs to know to have a clear understanding of the information exchange agreements. Firstly we need to understand Information exchange at different levels and they are as listed below
2 Information Handling Properhandling of criminal justice information is of primary importance and the agencies should establish procedures for handling and storage of information to protect it from unauthorized disclosure, misuse or alteration. These procedures should be followed in handling, processing, communication and storing of CJI. Furthermore, the policies for handling and protecting information also apply to using CJI that is shared with or received from FBI CJIS for non-criminal justice purposes also. State and FederalAgency User Agreements For the state and federal agency user agreements, each Special Intelligence Bureau (SIB) chief or a CJIS Systems Agency (CSA) head should execute a signed written user agreement with the FBI CJIS division by stating their willingness to conform to the Information Exchange policy even before accessing and participating in the CJIS records information programs. All the agreements with the FBI CJIS division would be coordinated with the CSA head and the interface agency should allow FBI to periodically test the ability to penetrate the FBI’s network through external network connection. Criminal Justice Agency User Agreements Any criminal justice agency receiving access to CJI shall enter into an agreement in a written form from a signatory authority of the CSA that is providing the access. The agreement would need to have clear specifications of all the FBI CJIS services and systems that the agency would have access to. These agreements should include audit, dissemination, quality assurance (QA), security and validation among others. Interagencyand ManagementControlAgreements National Criminal Justice Association (NCJA) that is designated to perform criminal justice functions for CJA can also have access to Criminal Justice Information. There is a need of an inter-agency agreement, statute, executive order or regulation to authorize such an organization to have access to information. CJA and NCJA would need to execute a management control agreement (MCA) that clearly stipulates that the management controlof the criminal justice function would remain with CJA only. Private ContractorUser Agreements and CJIS Security Addendum CJIS security addendum is a uniform addendum to an agreement made between private contractorand government agency. Private contractors designated to perform criminal justice functions for CJA or on behalf of NCJA (government) shall have access to Criminal Justice Information and the agreement needs to be executed defining the agency’s purposeand scopeof providing services for the administration of criminal justice.
3 Agency User Agreements NCJAs (public and private) that are designated to request civil finger-print based background checks for noncriminal justice functions are also eligible to access Criminal Justice Information. However, they would receive access only after an approval is sought from the US attorney general pursuant to federal law or a state statute. An example of NCJA (public) is a county schoolboard while a NCJA (private) is a local bank. NCJA too have to execute a written agreement with the appropriate authority of the CSA and should allow FBI to periodically test the ability to penetrate the FBI’s network through external network connection. Channelers as well as non-channelers that are designated to perform ancillary functions on behalf of NCJAs are eligible to access CJI. Monitoring, Review and Delivery of Services As specified in the MCAs, inter-agency agreements and contractual agreements with private contractors, there should be a continuous monitoring and review of the services, records and reports provided by the service providers. Authorized agency, FBI or CJA will maintain overall visibility and controlinto all security aspects and would also identify vulnerabilities and other flaws. Also, any changes made by a service provider would be managed by CJA or FBI. This broadly discusses the various provisions in the Policy Area -1 and in the next blog we will discuss the Policy Area-2 – Security Awareness Training. DoubleHorn is a leading Cloud Solutions Provider founded in January. We, along with our strategic partners are able to design and offer CJIS Compliance capable solutions. We were awarded the Cloud Services Contract for the State of Texas (DIR-TSO-2518) and Oklahoma (ITSW1022D) covering Cloud Services Brokerage, Cloud Assessment and Cloud Infrastructure-as-a-Service (IaaS). Contact us for a complimentary initial assessment.

Recommended

Legislation Exercise
Legislation ExerciseLegislation Exercise
Legislation ExerciseHadil Hammad
 
Takeaways from 2019's Biggest Information Security Incidents
Takeaways from 2019's Biggest Information Security IncidentsTakeaways from 2019's Biggest Information Security Incidents
Takeaways from 2019's Biggest Information Security IncidentsCBIZ, Inc.
 
Pay Day Loans Slideshare Version
Pay Day Loans Slideshare VersionPay Day Loans Slideshare Version
Pay Day Loans Slideshare VersionCommunity Legal Education Ontario (CLEO)
 
Ebay risks
Ebay risksEbay risks
Ebay risksNaveed Shouket
 
Personal Data Privacy and Information Security
Personal Data Privacy and Information SecurityPersonal Data Privacy and Information Security
Personal Data Privacy and Information SecurityCharles Mok
 
Cyber Facts and Prevention Presentation Gianino
Cyber Facts and Prevention Presentation GianinoCyber Facts and Prevention Presentation Gianino
Cyber Facts and Prevention Presentation Gianino-Gianino Gino Prieto -Dynamic Connector -Insurance Strategist
 
Is Security Team 2 Glba
Is Security Team 2 GlbaIs Security Team 2 Glba
Is Security Team 2 Glbaguestfd062
 
"You Have Been Breached" Infographic
"You Have Been Breached" Infographic"You Have Been Breached" Infographic
"You Have Been Breached" InfographicDavid McHale
 

Recommended

Legislation Exercise
Legislation ExerciseLegislation Exercise
Legislation ExerciseHadil Hammad
 
Takeaways from 2019's Biggest Information Security Incidents
Takeaways from 2019's Biggest Information Security IncidentsTakeaways from 2019's Biggest Information Security Incidents
Takeaways from 2019's Biggest Information Security IncidentsCBIZ, Inc.
 
Pay Day Loans Slideshare Version
Pay Day Loans Slideshare VersionPay Day Loans Slideshare Version
Pay Day Loans Slideshare VersionCommunity Legal Education Ontario (CLEO)
 
Ebay risks
Ebay risksEbay risks
Ebay risksNaveed Shouket
 
Personal Data Privacy and Information Security
Personal Data Privacy and Information SecurityPersonal Data Privacy and Information Security
Personal Data Privacy and Information SecurityCharles Mok
 
Cyber Facts and Prevention Presentation Gianino
Cyber Facts and Prevention Presentation GianinoCyber Facts and Prevention Presentation Gianino
Cyber Facts and Prevention Presentation Gianino-Gianino Gino Prieto -Dynamic Connector -Insurance Strategist
 
Is Security Team 2 Glba
Is Security Team 2 GlbaIs Security Team 2 Glba
Is Security Team 2 Glbaguestfd062
 
"You Have Been Breached" Infographic
"You Have Been Breached" Infographic"You Have Been Breached" Infographic
"You Have Been Breached" InfographicDavid McHale
 
Legal issues of domain names & trademarks
Legal issues of domain names & trademarksLegal issues of domain names & trademarks
Legal issues of domain names & trademarksMatt Siltala
 
Privacy, Policy, and Encryption
Privacy, Policy, and EncryptionPrivacy, Policy, and Encryption
Privacy, Policy, and Encryptionaccessnowinc
 
IRBsearch | GLBA data
IRBsearch | GLBA dataIRBsearch | GLBA data
IRBsearch | GLBA dataIRBsearch, LLC
 
1.03 ethics and_security_review_ppt (1)
1.03 ethics and_security_review_ppt (1)1.03 ethics and_security_review_ppt (1)
1.03 ethics and_security_review_ppt (1)wright1908
 
Principles of mobile privacy
Principles of mobile privacyPrinciples of mobile privacy
Principles of mobile privacyEuphodia Maluleke
 
CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White PaperDmcenter
 
Tech Connect Live 30th May 2018 ,GDPR Summit Hugh jones
Tech Connect Live 30th May 2018 ,GDPR Summit Hugh jonesTech Connect Live 30th May 2018 ,GDPR Summit Hugh jones
Tech Connect Live 30th May 2018 ,GDPR Summit Hugh jonesEvents2018
 
Navigating Privacy Laws When Developing And Deploying Location Tracking Appli...
Navigating Privacy Laws When Developing And Deploying Location Tracking Appli...Navigating Privacy Laws When Developing And Deploying Location Tracking Appli...
Navigating Privacy Laws When Developing And Deploying Location Tracking Appli...Ben Allen
 
Your Top 10 TCPA Questions Answered
Your Top 10 TCPA Questions AnsweredYour Top 10 TCPA Questions Answered
Your Top 10 TCPA Questions AnsweredExperian
 
Privacy - USC 2005
Privacy - USC 2005Privacy - USC 2005
Privacy - USC 2005Internet Law Center
 
Govt authentication brief ca v
Govt authentication brief ca vGovt authentication brief ca v
Govt authentication brief ca vMike Kuhn
 
How can you improve cybersecurity at your law firm?
How can you improve cybersecurity at your law firm?How can you improve cybersecurity at your law firm?
How can you improve cybersecurity at your law firm?Clio - Cloud-Based Legal Technology
 
Encuentro Datos Abiertos e IA - Ricardo Baeza-Yates (Mayo 2021)
Encuentro Datos Abiertos e IA - Ricardo Baeza-Yates (Mayo 2021)Encuentro Datos Abiertos e IA - Ricardo Baeza-Yates (Mayo 2021)
Encuentro Datos Abiertos e IA - Ricardo Baeza-Yates (Mayo 2021)Alejandro Barros
 
Key Insights from the 2019 Legal Trends Report
Key Insights from the 2019 Legal Trends ReportKey Insights from the 2019 Legal Trends Report
Key Insights from the 2019 Legal Trends ReportClio - Cloud-Based Legal Technology
 
Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...
Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...
Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...Accellis Technology Group
 
California Privacy Law: Resources & Protections
California Privacy Law: Resources & ProtectionsCalifornia Privacy Law: Resources & Protections
California Privacy Law: Resources & Protectionsipspat
 
Ethics for lawyers in the cloud
Ethics for lawyers in the cloudEthics for lawyers in the cloud
Ethics for lawyers in the cloudLaw Practice Strategy
 
Ten Laws Internet Businesses Should Consider Part II
Ten Laws Internet Businesses Should Consider Part IITen Laws Internet Businesses Should Consider Part II
Ten Laws Internet Businesses Should Consider Part IIRyan K. Hew
 
Five trends in digital healthcare in 2010
Five trends in digital healthcare in 2010Five trends in digital healthcare in 2010
Five trends in digital healthcare in 2010Juan Pittau
 
Future trends in global healthcare
Future trends in global healthcareFuture trends in global healthcare
Future trends in global healthcareCongreso Internacional Cirugía Bariátrica y Metabólica
 
UCSF Benioff Children's Hospital Oakland Facilities Master Plan Community Mee...
UCSF Benioff Children's Hospital Oakland Facilities Master Plan Community Mee...UCSF Benioff Children's Hospital Oakland Facilities Master Plan Community Mee...
UCSF Benioff Children's Hospital Oakland Facilities Master Plan Community Mee...TAYLOR_Arch
 
What in the world is a digital hospital? Global trends in digital healthcare ...
What in the world is a digital hospital? Global trends in digital healthcare ...What in the world is a digital hospital? Global trends in digital healthcare ...
What in the world is a digital hospital? Global trends in digital healthcare ...MaRS Discovery District
 

More Related Content

What's hot

Legal issues of domain names & trademarks
Legal issues of domain names & trademarksLegal issues of domain names & trademarks
Legal issues of domain names & trademarksMatt Siltala
 
Privacy, Policy, and Encryption
Privacy, Policy, and EncryptionPrivacy, Policy, and Encryption
Privacy, Policy, and Encryptionaccessnowinc
 
1.03 ethics and_security_review_ppt (1)
1.03 ethics and_security_review_ppt (1)1.03 ethics and_security_review_ppt (1)
1.03 ethics and_security_review_ppt (1)wright1908
 
Principles of mobile privacy
Principles of mobile privacyPrinciples of mobile privacy
Principles of mobile privacyEuphodia Maluleke
 
CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White PaperDmcenter
 
Tech Connect Live 30th May 2018 ,GDPR Summit Hugh jones
Tech Connect Live 30th May 2018 ,GDPR Summit Hugh jonesTech Connect Live 30th May 2018 ,GDPR Summit Hugh jones
Tech Connect Live 30th May 2018 ,GDPR Summit Hugh jonesEvents2018
 
Navigating Privacy Laws When Developing And Deploying Location Tracking Appli...
Navigating Privacy Laws When Developing And Deploying Location Tracking Appli...Navigating Privacy Laws When Developing And Deploying Location Tracking Appli...
Navigating Privacy Laws When Developing And Deploying Location Tracking Appli...Ben Allen
 
Your Top 10 TCPA Questions Answered
Your Top 10 TCPA Questions AnsweredYour Top 10 TCPA Questions Answered
Your Top 10 TCPA Questions AnsweredExperian
 
Govt authentication brief ca v
Govt authentication brief ca vGovt authentication brief ca v
Govt authentication brief ca vMike Kuhn
 
Encuentro Datos Abiertos e IA - Ricardo Baeza-Yates (Mayo 2021)
Encuentro Datos Abiertos e IA - Ricardo Baeza-Yates (Mayo 2021)Encuentro Datos Abiertos e IA - Ricardo Baeza-Yates (Mayo 2021)
Encuentro Datos Abiertos e IA - Ricardo Baeza-Yates (Mayo 2021)Alejandro Barros
 
Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...
Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...
Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...Accellis Technology Group
 
California Privacy Law: Resources & Protections
California Privacy Law: Resources & ProtectionsCalifornia Privacy Law: Resources & Protections
California Privacy Law: Resources & Protectionsipspat
 
Ten Laws Internet Businesses Should Consider Part II
Ten Laws Internet Businesses Should Consider Part IITen Laws Internet Businesses Should Consider Part II
Ten Laws Internet Businesses Should Consider Part IIRyan K. Hew
 

What's hot (18)

Legal issues of domain names & trademarks
Legal issues of domain names & trademarksLegal issues of domain names & trademarks
Legal issues of domain names & trademarks
 
Privacy, Policy, and Encryption
Privacy, Policy, and EncryptionPrivacy, Policy, and Encryption
Privacy, Policy, and Encryption
 
IRBsearch | GLBA data
IRBsearch | GLBA dataIRBsearch | GLBA data
IRBsearch | GLBA data
 
1.03 ethics and_security_review_ppt (1)
1.03 ethics and_security_review_ppt (1)1.03 ethics and_security_review_ppt (1)
1.03 ethics and_security_review_ppt (1)
 
Principles of mobile privacy
Principles of mobile privacyPrinciples of mobile privacy
Principles of mobile privacy
 
CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White Paper
 
Tech Connect Live 30th May 2018 ,GDPR Summit Hugh jones
Tech Connect Live 30th May 2018 ,GDPR Summit Hugh jonesTech Connect Live 30th May 2018 ,GDPR Summit Hugh jones
Tech Connect Live 30th May 2018 ,GDPR Summit Hugh jones
 
Navigating Privacy Laws When Developing And Deploying Location Tracking Appli...
Navigating Privacy Laws When Developing And Deploying Location Tracking Appli...Navigating Privacy Laws When Developing And Deploying Location Tracking Appli...
Navigating Privacy Laws When Developing And Deploying Location Tracking Appli...
 
Your Top 10 TCPA Questions Answered
Your Top 10 TCPA Questions AnsweredYour Top 10 TCPA Questions Answered
Your Top 10 TCPA Questions Answered
 
Privacy - USC 2005
Privacy - USC 2005Privacy - USC 2005
Privacy - USC 2005
 
Govt authentication brief ca v
Govt authentication brief ca vGovt authentication brief ca v
Govt authentication brief ca v
 
How can you improve cybersecurity at your law firm?
How can you improve cybersecurity at your law firm?How can you improve cybersecurity at your law firm?
How can you improve cybersecurity at your law firm?
 
Encuentro Datos Abiertos e IA - Ricardo Baeza-Yates (Mayo 2021)
Encuentro Datos Abiertos e IA - Ricardo Baeza-Yates (Mayo 2021)Encuentro Datos Abiertos e IA - Ricardo Baeza-Yates (Mayo 2021)
Encuentro Datos Abiertos e IA - Ricardo Baeza-Yates (Mayo 2021)
 
Key Insights from the 2019 Legal Trends Report
Key Insights from the 2019 Legal Trends ReportKey Insights from the 2019 Legal Trends Report
Key Insights from the 2019 Legal Trends Report
 
Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...
Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...
Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...
 
California Privacy Law: Resources & Protections
California Privacy Law: Resources & ProtectionsCalifornia Privacy Law: Resources & Protections
California Privacy Law: Resources & Protections
 
Ethics for lawyers in the cloud
Ethics for lawyers in the cloudEthics for lawyers in the cloud
Ethics for lawyers in the cloud
 
Ten Laws Internet Businesses Should Consider Part II
Ten Laws Internet Businesses Should Consider Part IITen Laws Internet Businesses Should Consider Part II
Ten Laws Internet Businesses Should Consider Part II
 

Viewers also liked

Five trends in digital healthcare in 2010
Five trends in digital healthcare in 2010Five trends in digital healthcare in 2010
Five trends in digital healthcare in 2010Juan Pittau
 
UCSF Benioff Children's Hospital Oakland Facilities Master Plan Community Mee...
UCSF Benioff Children's Hospital Oakland Facilities Master Plan Community Mee...UCSF Benioff Children's Hospital Oakland Facilities Master Plan Community Mee...
UCSF Benioff Children's Hospital Oakland Facilities Master Plan Community Mee...TAYLOR_Arch
 
What in the world is a digital hospital? Global trends in digital healthcare ...
What in the world is a digital hospital? Global trends in digital healthcare ...What in the world is a digital hospital? Global trends in digital healthcare ...
What in the world is a digital hospital? Global trends in digital healthcare ...MaRS Discovery District
 
Arnaub chatterjee the innovation data and healthcare ecosystem top-coder ro...
Arnaub chatterjee the innovation data and healthcare ecosystem top-coder ro...Arnaub chatterjee the innovation data and healthcare ecosystem top-coder ro...
Arnaub chatterjee the innovation data and healthcare ecosystem top-coder ro...www_TopCoder_com
 
Health IT Summit Austin 2013 - Keynote Presentation "The Innovation, Data & H...
Health IT Summit Austin 2013 - Keynote Presentation "The Innovation, Data & H...Health IT Summit Austin 2013 - Keynote Presentation "The Innovation, Data & H...
Health IT Summit Austin 2013 - Keynote Presentation "The Innovation, Data & H...Health IT Conference – iHT2
 
Community Meeting – Construction Update Presentation August 17, 2016
Community Meeting – Construction Update Presentation August 17, 2016Community Meeting – Construction Update Presentation August 17, 2016
Community Meeting – Construction Update Presentation August 17, 2016DerekC1990
 
Community Presentation - February 15, 2017
Community Presentation - February 15, 2017Community Presentation - February 15, 2017
Community Presentation - February 15, 2017DerekC1990
 
Community Presentation - December 14, 2016
Community Presentation - December 14, 2016Community Presentation - December 14, 2016
Community Presentation - December 14, 2016DerekC1990
 
Hospital aiims presentation
Hospital aiims presentationHospital aiims presentation
Hospital aiims presentationVishvendu pandey
 
Connecting the Healthcare Ecosystem - An Architecture for Improved Health
Connecting the Healthcare Ecosystem - An Architecture for Improved HealthConnecting the Healthcare Ecosystem - An Architecture for Improved Health
Connecting the Healthcare Ecosystem - An Architecture for Improved HealthProlifics
 
2016 AWS Healthcare Day | Chicago, IL – June 28th, 2016
2016 AWS Healthcare Day | Chicago, IL – June 28th, 20162016 AWS Healthcare Day | Chicago, IL – June 28th, 2016
2016 AWS Healthcare Day | Chicago, IL – June 28th, 2016Amazon Web Services
 
Virtual Business Incubator Ecosystem - Business Model Canvass (SAAS / PAAS)
Virtual Business Incubator Ecosystem - Business Model Canvass (SAAS / PAAS)Virtual Business Incubator Ecosystem - Business Model Canvass (SAAS / PAAS)
Virtual Business Incubator Ecosystem - Business Model Canvass (SAAS / PAAS)Patch of Land
 
Security & Privacy: Using AWS to Meet Requirements for HIPAA, CJIS, and FERPA
Security & Privacy: Using AWS to Meet Requirements for HIPAA, CJIS, and FERPASecurity & Privacy: Using AWS to Meet Requirements for HIPAA, CJIS, and FERPA
Security & Privacy: Using AWS to Meet Requirements for HIPAA, CJIS, and FERPAAmazon Web Services
 
2016 AWS Healthcare Days | Nashville, TN – May 3,2016
2016 AWS Healthcare Days | Nashville, TN – May 3,20162016 AWS Healthcare Days | Nashville, TN – May 3,2016
2016 AWS Healthcare Days | Nashville, TN – May 3,2016Amazon Web Services
 

Viewers also liked (20)

Five trends in digital healthcare in 2010
Five trends in digital healthcare in 2010Five trends in digital healthcare in 2010
Five trends in digital healthcare in 2010
 
Future trends in global healthcare
Future trends in global healthcareFuture trends in global healthcare
Future trends in global healthcare
 
UCSF Benioff Children's Hospital Oakland Facilities Master Plan Community Mee...
UCSF Benioff Children's Hospital Oakland Facilities Master Plan Community Mee...UCSF Benioff Children's Hospital Oakland Facilities Master Plan Community Mee...
UCSF Benioff Children's Hospital Oakland Facilities Master Plan Community Mee...
 
What in the world is a digital hospital? Global trends in digital healthcare ...
What in the world is a digital hospital? Global trends in digital healthcare ...What in the world is a digital hospital? Global trends in digital healthcare ...
What in the world is a digital hospital? Global trends in digital healthcare ...
 
Arnaub chatterjee the innovation data and healthcare ecosystem top-coder ro...
Arnaub chatterjee the innovation data and healthcare ecosystem top-coder ro...Arnaub chatterjee the innovation data and healthcare ecosystem top-coder ro...
Arnaub chatterjee the innovation data and healthcare ecosystem top-coder ro...
 
IBM_Insight_2015
IBM_Insight_2015IBM_Insight_2015
IBM_Insight_2015
 
Business Model Canvas - New Enterprise Planning
Business Model Canvas - New Enterprise PlanningBusiness Model Canvas - New Enterprise Planning
Business Model Canvas - New Enterprise Planning
 
Health IT Summit Austin 2013 - Keynote Presentation "The Innovation, Data & H...
Health IT Summit Austin 2013 - Keynote Presentation "The Innovation, Data & H...Health IT Summit Austin 2013 - Keynote Presentation "The Innovation, Data & H...
Health IT Summit Austin 2013 - Keynote Presentation "The Innovation, Data & H...
 
Community Meeting – Construction Update Presentation August 17, 2016
Community Meeting – Construction Update Presentation August 17, 2016Community Meeting – Construction Update Presentation August 17, 2016
Community Meeting – Construction Update Presentation August 17, 2016
 
Community Presentation - February 15, 2017
Community Presentation - February 15, 2017Community Presentation - February 15, 2017
Community Presentation - February 15, 2017
 
Community Presentation - December 14, 2016
Community Presentation - December 14, 2016Community Presentation - December 14, 2016
Community Presentation - December 14, 2016
 
Digital hospital
Digital hospitalDigital hospital
Digital hospital
 
Digital hospital (lab, imaging, and emr)
Digital hospital (lab, imaging, and emr)Digital hospital (lab, imaging, and emr)
Digital hospital (lab, imaging, and emr)
 
Hospital aiims presentation
Hospital aiims presentationHospital aiims presentation
Hospital aiims presentation
 
Connecting the Healthcare Ecosystem - An Architecture for Improved Health
Connecting the Healthcare Ecosystem - An Architecture for Improved HealthConnecting the Healthcare Ecosystem - An Architecture for Improved Health
Connecting the Healthcare Ecosystem - An Architecture for Improved Health
 
2016 AWS Healthcare Day | Chicago, IL – June 28th, 2016
2016 AWS Healthcare Day | Chicago, IL – June 28th, 20162016 AWS Healthcare Day | Chicago, IL – June 28th, 2016
2016 AWS Healthcare Day | Chicago, IL – June 28th, 2016
 
Virtual Business Incubator Ecosystem - Business Model Canvass (SAAS / PAAS)
Virtual Business Incubator Ecosystem - Business Model Canvass (SAAS / PAAS)Virtual Business Incubator Ecosystem - Business Model Canvass (SAAS / PAAS)
Virtual Business Incubator Ecosystem - Business Model Canvass (SAAS / PAAS)
 
All India Institute of Medical Sciences AIIMS - New Delhi
All India Institute of Medical Sciences AIIMS - New DelhiAll India Institute of Medical Sciences AIIMS - New Delhi
All India Institute of Medical Sciences AIIMS - New Delhi
 
Security & Privacy: Using AWS to Meet Requirements for HIPAA, CJIS, and FERPA
Security & Privacy: Using AWS to Meet Requirements for HIPAA, CJIS, and FERPASecurity & Privacy: Using AWS to Meet Requirements for HIPAA, CJIS, and FERPA
Security & Privacy: Using AWS to Meet Requirements for HIPAA, CJIS, and FERPA
 
2016 AWS Healthcare Days | Nashville, TN – May 3,2016
2016 AWS Healthcare Days | Nashville, TN – May 3,20162016 AWS Healthcare Days | Nashville, TN – May 3,2016
2016 AWS Healthcare Days | Nashville, TN – May 3,2016
 

Similar to Understanding CJIS Compliance – Information Exchange Agreements

Bipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdf
Bipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdfBipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdf
Bipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdfInternet Law Center
 
Session B: Handout 1
Session B: Handout 1Session B: Handout 1
Session B: Handout 1feitwincities
 
Chapter8 ecommerce
Chapter8 ecommerceChapter8 ecommerce
Chapter8 ecommerceErikka Beup
 
What is CJIS Compliance?
What is CJIS Compliance?What is CJIS Compliance?
What is CJIS Compliance?DoubleHorn
 
New FAR Clause Establishes Minimum Data Security Requirements for Federal Con...
New FAR Clause Establishes Minimum Data Security Requirements for Federal Con...New FAR Clause Establishes Minimum Data Security Requirements for Federal Con...
New FAR Clause Establishes Minimum Data Security Requirements for Federal Con...Patton Boggs LLP
 
The New Paradigm In Vendor Management Under CFPB - Law360
The New Paradigm In Vendor Management Under CFPB - Law360The New Paradigm In Vendor Management Under CFPB - Law360
The New Paradigm In Vendor Management Under CFPB - Law360John Barnes
 
By Scott Goldstein: Exploring New Territory
By Scott Goldstein: Exploring New TerritoryBy Scott Goldstein: Exploring New Territory
By Scott Goldstein: Exploring New TerritoryNDeXTech
 
Startups - data protection
Startups - data protectionStartups - data protection
Startups - data protectionMathew Chacko
 
California-Privacy-Right-Act.pdf
California-Privacy-Right-Act.pdfCalifornia-Privacy-Right-Act.pdf
California-Privacy-Right-Act.pdfDaviesParker
 
What are the new laws under Canada Digital Privacy Act.pdf
What are the new laws under Canada Digital Privacy Act.pdfWhat are the new laws under Canada Digital Privacy Act.pdf
What are the new laws under Canada Digital Privacy Act.pdfRiley Claire
 
Legal Obligations of Technology Service Providers as Intermediaries
Legal Obligations of Technology Service Providers as IntermediariesLegal Obligations of Technology Service Providers as Intermediaries
Legal Obligations of Technology Service Providers as IntermediariesEquiCorp Associates
 
Forecast cybersecurity regulation v3
Forecast cybersecurity regulation v3Forecast cybersecurity regulation v3
Forecast cybersecurity regulation v3Joe Orlando
 
Security Compliance Models- Checklist v. Framework
Security Compliance Models- Checklist v. FrameworkSecurity Compliance Models- Checklist v. Framework
Security Compliance Models- Checklist v. FrameworkDivya Kothari
 
Law and Ethics in Information Security.pptx
Law and Ethics in Information Security.pptxLaw and Ethics in Information Security.pptx
Law and Ethics in Information Security.pptxEdFeranil
 
TBG Security Mgl93 H 201 CMR17.00 Compliance Service
TBG Security Mgl93 H 201 CMR17.00 Compliance ServiceTBG Security Mgl93 H 201 CMR17.00 Compliance Service
TBG Security Mgl93 H 201 CMR17.00 Compliance Servicegorsline
 
DIGITAL-PERSONAL-DATA-PROTECTION-ACT-2023-WHITEPAPER.pdf
DIGITAL-PERSONAL-DATA-PROTECTION-ACT-2023-WHITEPAPER.pdfDIGITAL-PERSONAL-DATA-PROTECTION-ACT-2023-WHITEPAPER.pdf
DIGITAL-PERSONAL-DATA-PROTECTION-ACT-2023-WHITEPAPER.pdfDaviesParker
 
Information Security: The Trinidad & Tobago Legal Context
Information Security: The Trinidad & Tobago Legal ContextInformation Security: The Trinidad & Tobago Legal Context
Information Security: The Trinidad & Tobago Legal ContextJason Nathu
 
India's Data Protection Law 2018- Future Road Ahead
India's Data Protection Law 2018- Future Road AheadIndia's Data Protection Law 2018- Future Road Ahead
India's Data Protection Law 2018- Future Road AheadEquiCorp Associates
 
Brian Balow HIPAA Final Rule
Brian Balow HIPAA Final RuleBrian Balow HIPAA Final Rule
Brian Balow HIPAA Final Rulemihinpr
 

Similar to Understanding CJIS Compliance – Information Exchange Agreements (20)

Bipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdf
Bipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdfBipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdf
Bipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdf
 
Session B: Handout 1
Session B: Handout 1Session B: Handout 1
Session B: Handout 1
 
Business law case_study
Business law case_studyBusiness law case_study
Business law case_study
 
Chapter8 ecommerce
Chapter8 ecommerceChapter8 ecommerce
Chapter8 ecommerce
 
What is CJIS Compliance?
What is CJIS Compliance?What is CJIS Compliance?
What is CJIS Compliance?
 
New FAR Clause Establishes Minimum Data Security Requirements for Federal Con...
New FAR Clause Establishes Minimum Data Security Requirements for Federal Con...New FAR Clause Establishes Minimum Data Security Requirements for Federal Con...
New FAR Clause Establishes Minimum Data Security Requirements for Federal Con...
 
The New Paradigm In Vendor Management Under CFPB - Law360
The New Paradigm In Vendor Management Under CFPB - Law360The New Paradigm In Vendor Management Under CFPB - Law360
The New Paradigm In Vendor Management Under CFPB - Law360
 
By Scott Goldstein: Exploring New Territory
By Scott Goldstein: Exploring New TerritoryBy Scott Goldstein: Exploring New Territory
By Scott Goldstein: Exploring New Territory
 
Startups - data protection
Startups - data protectionStartups - data protection
Startups - data protection
 
California-Privacy-Right-Act.pdf
California-Privacy-Right-Act.pdfCalifornia-Privacy-Right-Act.pdf
California-Privacy-Right-Act.pdf
 
What are the new laws under Canada Digital Privacy Act.pdf
What are the new laws under Canada Digital Privacy Act.pdfWhat are the new laws under Canada Digital Privacy Act.pdf
What are the new laws under Canada Digital Privacy Act.pdf
 
Legal Obligations of Technology Service Providers as Intermediaries
Legal Obligations of Technology Service Providers as IntermediariesLegal Obligations of Technology Service Providers as Intermediaries
Legal Obligations of Technology Service Providers as Intermediaries
 
Forecast cybersecurity regulation v3
Forecast cybersecurity regulation v3Forecast cybersecurity regulation v3
Forecast cybersecurity regulation v3
 
Security Compliance Models- Checklist v. Framework
Security Compliance Models- Checklist v. FrameworkSecurity Compliance Models- Checklist v. Framework
Security Compliance Models- Checklist v. Framework
 
Law and Ethics in Information Security.pptx
Law and Ethics in Information Security.pptxLaw and Ethics in Information Security.pptx
Law and Ethics in Information Security.pptx
 
TBG Security Mgl93 H 201 CMR17.00 Compliance Service
TBG Security Mgl93 H 201 CMR17.00 Compliance ServiceTBG Security Mgl93 H 201 CMR17.00 Compliance Service
TBG Security Mgl93 H 201 CMR17.00 Compliance Service
 
DIGITAL-PERSONAL-DATA-PROTECTION-ACT-2023-WHITEPAPER.pdf
DIGITAL-PERSONAL-DATA-PROTECTION-ACT-2023-WHITEPAPER.pdfDIGITAL-PERSONAL-DATA-PROTECTION-ACT-2023-WHITEPAPER.pdf
DIGITAL-PERSONAL-DATA-PROTECTION-ACT-2023-WHITEPAPER.pdf
 
Information Security: The Trinidad & Tobago Legal Context
Information Security: The Trinidad & Tobago Legal ContextInformation Security: The Trinidad & Tobago Legal Context
Information Security: The Trinidad & Tobago Legal Context
 
India's Data Protection Law 2018- Future Road Ahead
India's Data Protection Law 2018- Future Road AheadIndia's Data Protection Law 2018- Future Road Ahead
India's Data Protection Law 2018- Future Road Ahead
 
Brian Balow HIPAA Final Rule
Brian Balow HIPAA Final RuleBrian Balow HIPAA Final Rule
Brian Balow HIPAA Final Rule
 

Recently uploaded

UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2DianaGray10
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyJohn Staveley
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxAbida Shariff
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform EngineeringJemma Hussein Allen
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesThousandEyes
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...Sri Ambati
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1DianaGray10
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Thierry Lestable
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...Elena Simperl
 
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀DianaGray10
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Product School
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backElena Simperl
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Product School
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance
 

Recently uploaded (20)

UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John Staveley
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 

Understanding CJIS Compliance – Information Exchange Agreements

  • 1. 1 Understanding CJIS Compliance – Information ExchangeAgreements In the previous blog, we saw an overview of what CJIS is and what are different policy areas and in this blog we will elaborate on the first policy area - Information Exchange Agreements. Under the first policy area Information Exchange Agreements, it is mentioned that the information shared through communication mediums should be safely protected using appropriate security safeguards. Information exchanged can take many forms such as instant messages, electronic mail, hard copy, facsimile, web services and also information systems sending, receiving and storing CJI. It is to be noted that the agencies, before exchanging criminal justice information, should put formal agreements in place that specify the security controls. Information Exchange Agreements helps in understanding the roles, responsibilities and data ownership between agencies and other external parties. Information Exchange There are multiple things that one needs to know to have a clear understanding of the information exchange agreements. Firstly we need to understand Information exchange at different levels and they are as listed below
  • 2. 2 Information Handling Properhandling of criminal justice information is of primary importance and the agencies should establish procedures for handling and storage of information to protect it from unauthorized disclosure, misuse or alteration. These procedures should be followed in handling, processing, communication and storing of CJI. Furthermore, the policies for handling and protecting information also apply to using CJI that is shared with or received from FBI CJIS for non-criminal justice purposes also. State and FederalAgency User Agreements For the state and federal agency user agreements, each Special Intelligence Bureau (SIB) chief or a CJIS Systems Agency (CSA) head should execute a signed written user agreement with the FBI CJIS division by stating their willingness to conform to the Information Exchange policy even before accessing and participating in the CJIS records information programs. All the agreements with the FBI CJIS division would be coordinated with the CSA head and the interface agency should allow FBI to periodically test the ability to penetrate the FBI’s network through external network connection. Criminal Justice Agency User Agreements Any criminal justice agency receiving access to CJI shall enter into an agreement in a written form from a signatory authority of the CSA that is providing the access. The agreement would need to have clear specifications of all the FBI CJIS services and systems that the agency would have access to. These agreements should include audit, dissemination, quality assurance (QA), security and validation among others. Interagencyand ManagementControlAgreements National Criminal Justice Association (NCJA) that is designated to perform criminal justice functions for CJA can also have access to Criminal Justice Information. There is a need of an inter-agency agreement, statute, executive order or regulation to authorize such an organization to have access to information. CJA and NCJA would need to execute a management control agreement (MCA) that clearly stipulates that the management controlof the criminal justice function would remain with CJA only. Private ContractorUser Agreements and CJIS Security Addendum CJIS security addendum is a uniform addendum to an agreement made between private contractorand government agency. Private contractors designated to perform criminal justice functions for CJA or on behalf of NCJA (government) shall have access to Criminal Justice Information and the agreement needs to be executed defining the agency’s purposeand scopeof providing services for the administration of criminal justice.
  • 3. 3 Agency User Agreements NCJAs (public and private) that are designated to request civil finger-print based background checks for noncriminal justice functions are also eligible to access Criminal Justice Information. However, they would receive access only after an approval is sought from the US attorney general pursuant to federal law or a state statute. An example of NCJA (public) is a county schoolboard while a NCJA (private) is a local bank. NCJA too have to execute a written agreement with the appropriate authority of the CSA and should allow FBI to periodically test the ability to penetrate the FBI’s network through external network connection. Channelers as well as non-channelers that are designated to perform ancillary functions on behalf of NCJAs are eligible to access CJI. Monitoring, Review and Delivery of Services As specified in the MCAs, inter-agency agreements and contractual agreements with private contractors, there should be a continuous monitoring and review of the services, records and reports provided by the service providers. Authorized agency, FBI or CJA will maintain overall visibility and controlinto all security aspects and would also identify vulnerabilities and other flaws. Also, any changes made by a service provider would be managed by CJA or FBI. This broadly discusses the various provisions in the Policy Area -1 and in the next blog we will discuss the Policy Area-2 – Security Awareness Training. DoubleHorn is a leading Cloud Solutions Provider founded in January. We, along with our strategic partners are able to design and offer CJIS Compliance capable solutions. We were awarded the Cloud Services Contract for the State of Texas (DIR-TSO-2518) and Oklahoma (ITSW1022D) covering Cloud Services Brokerage, Cloud Assessment and Cloud Infrastructure-as-a-Service (IaaS). Contact us for a complimentary initial assessment.