CJIS Information Security Awareness Training for · PDF file• This Information Security Awareness Training is designed to equip ... • Disconnect the Ethernet cable from the computer, - [PDF Document] (2023)

  • CJIS Information Security Awareness

    Training for Texas

  • Objectives This Information Security Awareness Training is designed to equip

    those accessing the agencys data with basic tools to protectcomputers and networks interconnecting with Criminal JusticeInformation Services (CJIS).

    To ensure compliance with federal and state policies, securityawareness training is required within six months of employment andevery two years thereafter for all employees who may access CJISdata. This requirement applies to vendors also who work withnetworking equipment and/or software which stores, processes, ortransmits CJIS data.

    Special note for CJIS Security Policy section 5.2 requirements - Level I, II, III training objectives will be presented here only. Level IV IT training objectives are available through the CJISonline

    training module. https://www.cjisonline.com

  • Overview In the following Security Awareness Training Document, the following ideas will be discussed.

    Terms and Definitions Information Systems Information Technology Security

    Goals Viruses and Reports, Spam Robust Passwords Password Security

    Physical Security Personnel Security Sensitive Data

    Storing Securing Vulnerabilities and Threats Social Engineering Reporting Security Violations Dissemination Standards of Discipline Disposal

    Summary Contacts

  • List of Terms Access Authorized

    Personnel CCH CJI CJIS CHRI Ill


  • Terms and Definitions Access the opportunity to make use of an

    automated information system resource. Includes the ability to have contact with a computer from which a transaction may be initiated. Access includes physical and logical access to data, and the systems that process, store and transmit data.

    Authorized Personnel Personnel who have passed a state and national finger print based background record check and have been granted access.

  • Terms and Definitions CCH - The Computerized Criminal History System is the Texas central repository for arrest, conviction, and disposition data on individuals arrested for felony and gross misdemeanor offenses. Criminal justice agencies access this data for a variety of reasons, regarding decisions on investigations, arrests, criminal charges, plea bargains, convictions, probation, and placement in correctional facilities.

    This data is frequently used during mandated background checks on individuals seeking employment or licensing for various employed and volunteer positions.

  • Terms and Definitions CJI Criminal Justice Information refers to data provided

    by FBI CJIS necessary for law enforcement and civil agencies to perform their mission. Examples of CJI data sets housed by the FBI include:

    1. Biometric Data used to identify individuals; mayinclude: palm prints, DNA, iris, facial recognition dataas well as fingerprints.

    2. Identity History Data text data that corresponds withan individuals biometric data, providing a history ofcriminal and/or civil events for the identified individual.

  • Terms and Definitions CJI (continued)

    3. Person Data information about individualsassociated with a unique case, and notnecessarily connected to Identity History Data.

    4. Property Data information about vehicles andproperty associated with crime.

    5. Case/Incident History information about thehistory of criminal incidents.

  • Terms and Definitions CJIS - Criminal Justice Information Services is home to a range of state-of-the-art technologies and statistical services that serve the FBI and the entire criminal justice community. CJIS systems include, but are not limited to:

    National Crime Information Center (NCIC) Uniform Crime Reporting (UCR) Automated Fingerprint Systems (AFIS) Multimodal Biometric Identification System (MBIS) National Instant Criminal Background Check System (NICS) Interstate Identification Index (III) Law Enforcement Enterprise Portal (LEEP) National Data Exchange (N-DEx) National Incident-Based Reporting System (NIBRS)

  • Terms and Definitions CHRI - Criminal History Record Information is a subset of

    CJI consisting of notations written and electronic evidence of an arrest, detention, complaint, indictment, information or other formal criminal charge relating to an identifiable person. CHRI includes identifying information pertaining to the individual as well as the disposition arising from sentencing, correctional supervision, and release of any charges.

    DPS Crime Records Service (CRS) is responsible for compiling, maintaining and disseminating complete and accurate criminal history records, criminal incident reports, arrest reports and statistics.

  • Terms and Definitions III ("Triple-I") - Interstate Identification Index. III holds the

    FBI's compilation of an individual's criminal identification, arrest, conviction, and incarceration information. III provides the FBI's RAP sheet (Record of Arrest and Prosecution) and contains information reported by local, state and federal law enforcement agencies across the country.

  • Terms and Definitions LASO Local Agency Security Officer is appointed to guarantee five

    areas of information for audit purposes:

    1. Identify who is using the approved hardware, software andfirmware and ensure no unauthorized individuals or processeshave access to the same

    2. Identify and document how the equipment is connected to thestate system

    3. Ensure personnel security screening procedures are beingfollowed

    4. Ensure the approved and appropriate security measures are inplace and working

    5. Support Policy compliance and keep state and federal ISOinformed of security incidents

  • Terms and Definitions NCIC - National Crime Information Center is a

    computerized index of documented criminal justice information concerning crimes and criminals of nationwide interest which includes a locator file for missing and unidentified persons.

    NCIC stores information regarding open arrest warrants, stolen property, missing persons, etc., and is available to federal, state, and local criminal justice agencies 24 hours a day, 365 days a year.

  • Terms and Definitions NLETS- International Justice and Public Safety Network

    (aka National Law Enforcement Telecommunications System) is a computer-based message switching system that links together and supports every state, local, and federal law enforcement, justice, and public safety agency for the purposes of sharing and exchanging critical information.

    This interface can provide information from each states criminal records, driver records, vehicle registration records, INTERPOL, Immigrations and Customs Enforcement (ICE), License Plate Reader (LPR) records, national Amber Alerts, Hazardous Waste mobile tracking, National Weather Service, and more. NLETS is available 24 hours a day, 7 days a week, 365 days a year.

  • Terms and Definitions

    Phishing the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

    Phishing is typically carried out by e-mail or instant messaging, and often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate website. Phishing is an example of social engineering techniques used to fool users, and exploits poor web security technologies.

  • Terms and Definitions PII Personally Identifiable Information is information

    which can be used to distinguish or trace an individuals identity, such as name, social security number, or biometric records, alone or when combined with other personal or identifying information which is linkable to a specific individual, such as date and place of birth, or mothers maiden name.

    PII includes, but is not limited to: education, financial transactions, medical, criminal or employment history. Information derived from CHRI usually contains PII.

  • TAC - Terminal Agency Coordinator is the individual serving as the point-of-contact at the local agency with DPS for matters relating to CJIS information access. The TAC administers CJIS systems programs within the local agency and oversees the agencys compliance with CJIS system policies.

    Terms and Definitions

  • Terms and Definitions TCIC - Texas Crime Information Center contains criminal

    justice information regarding wanted persons, missing persons, unidentified persons, sex offenders, persons subject to protective orders, stolen vehicles and boats, handgun licenses, abandoned/recovered vehicles and boats, H.E.A.T. vehicles, identity theft, child safety checklist, threat against peace and detention officers, etc.

    Law enforcement and criminal justice agencies may access TCIC 24 hours a day, 7 days per week to maintain or obtain status concerning property and person records stored in the repository.

  • Terms and Definitions TLETS Texas Law Enforcement Telecommunications System is a critical statewide network combined with multiple distributed applications that provides message brokering services, a client application, and operational software. TLETS is the primary access for local criminal justice agencies in Texas to criminal justice information provided by TCIC, NCIC, DMV, Driver License, other states via NLETS, CCH, III, etc.

    TLETS acts as a secure information exchange system between law enforcement and criminal justice agencies within Texas and between agencies nationwide. DPS strives to provide TLETS services 24 hours


What is CJIS security awareness training? ›

This training is for all personnel whose duties require them to have unescorted access to a physically secure location that processes or stores Criminal Justice Information (CJI). The information below is specifically for personnel that should not access or handle Criminal Justice Information (CJI).

How often should CJIS security awareness training be conducted? ›

Anyone with access to criminal justice information must undergo security awareness training within six months of receiving the information. The training must be repeated every two years to meet CJIS compliance standards.

What is Cjis online certification? ›

About CJIS Online

CJIS Online offers classes online only. This school offers training in 6 qualifications, with the most reviewed qualifications being Associate Degree in Pre-Dental Medicine, CJIS Level 3 Security Awareness and CJIS training.

What are CJIS requirements? ›

13 Compliance Requirements for Criminal Justice Information Services (CJIS)
  • Information Exchange Agreements. ...
  • Security Awareness Training. ...
  • Incident Response. ...
  • Auditing and Accountability. ...
  • Access Control. ...
  • Identification and Authentication. ...
  • Configuration Management. ...
  • 8 & 9.
Sep 30, 2022

What is Level 3 CJIS? ›

• Level 1: Personnel with unescorted access to secure areas. • Level 2: Personnel that have physical contact with CJI. • Level 3: Personnel that enter, query or modify CJI. • Level 4: Personnel with Information Technology roles.

What is the CJIS security policy? ›

The CJIS Security Policy integrates presidential and FBI directives, federal laws, and the criminal justice community's Advisory Policy Board decisions, along with guidance from the National Institute of Standards and Technology (NIST). The Policy is periodically updated to reflect evolving security requirements.

Who is responsible for compliance with the FBI CJIS security policy? ›

The CJIS Audit Unit (CAU) conducts government audits every three years to ensure CJIS compliance is maintained by government agencies--including all local, state, tribal, and federal agencies.

Who can access CJIS data? ›

Linking nearly 18,000 law enforcement agencies across the country to a massive database of crime reports, fingerprints, and other agency data, the CJIS allows law enforcement, national security, and intelligence community partners to access the information they need to protect the United States, while preserving civil ...

How often must the Laso complete basic security awareness training? ›

CJIS Security Awareness training shall be required within 6 months of initial assignment, and biennially thereafter, for all personnel who have access to CJI.

What are the two types of access when dealing with criminal justice information CJI? ›

Access includes those individuals who have unescorted access to the CJI, maintain systems used to process or store unencrypted CJI or have unescorted access in a physically secure location as defined in CSP [5.9. 1].

What is considered misuse of a CJIS network? ›

Unauthorized requests, receipt, release, interception, dissemination or discussion of FBI CJIS Data/CHRI could result in criminal prosecution and/or termination of employment.

Which of the following is considered misuse of the criminal justice information CJI system? ›

Any access of the systems and/or dissemination of information obtained for personal unauthorized and/or non criminal justice purpose are considered a misuse of the system.

How often must the enhanced security training for also be completed? ›

At a minimum, all personnel with access to CJI must complete Security Awareness Training within six months of initial assignment and retraining every two years after that.

Who sets the minimum password requirements for all users as well as the password requirements for agencies that maintain systems that access criminal justice information? ›

The CJIS Security Policy sets the minimum requirements for all entities accessing this data, as well as guidelines to protect its transmission, storage, and generation. To address the technology implementation of the CJIS Security Policy start with Section 5: Policy and Implementation.

How often should CJIS passwords be changed? ›

The new CJIS Security Policy section “5.6. 2.1. 1.2 Advanced Password Standards” extends the password expiration period from 90 days to a full 356 days. Research has shown that when users are asked to keep changing their passwords, they tend to create weaker passwords overall.

What is Level 4 security awareness? ›

Security Awareness Training Level 4 is designed for all information technology personnel including system administrators, security administrators, network administrator, etc. At The Rusty Pixel we take online security seriously.

What is considered CJI? ›

Criminal Justice Information (CJI), Defined

CJI refers to all of the FBI's CJIS-provided data necessary for law enforcement agencies to perform their mission and enforce the laws. CJI includes biometric, identity history, person, organization, property and case/incident history data.

Where is FBI CJI data derived from? ›

FBI CJIS data is any data derived from the national CJIS Division systems. Many state CJIS systems (they include state hot file and criminal history data) contain FBI CJIS data and must be afforded the same security as national systems.

Who is responsible for compliance with the FBI CJIS security policy? ›

The CJIS Audit Unit (CAU) conducts government audits every three years to ensure CJIS compliance is maintained by government agencies--including all local, state, tribal, and federal agencies.

What is the purpose of an Ori? ›

What is an ORI? which validates legal authorization to access Criminal Justice Information (CJI) and identifies the agency in all transactions.

What is considered CJI? ›

Criminal Justice Information (CJI), Defined

CJI refers to all of the FBI's CJIS-provided data necessary for law enforcement agencies to perform their mission and enforce the laws. CJI includes biometric, identity history, person, organization, property and case/incident history data.

What is considered misuse of a CJIS network? ›

Unauthorized requests, receipt, release, interception, dissemination or discussion of FBI CJIS Data/CHRI could result in criminal prosecution and/or termination of employment.

Top Articles
Latest Posts
Article information

Author: Gov. Deandrea McKenzie

Last Updated: 12/08/2022

Views: 6381

Rating: 4.6 / 5 (66 voted)

Reviews: 89% of readers found this page helpful

Author information

Name: Gov. Deandrea McKenzie

Birthday: 2001-01-17

Address: Suite 769 2454 Marsha Coves, Debbieton, MS 95002

Phone: +813077629322

Job: Real-Estate Executive

Hobby: Archery, Metal detecting, Kitesurfing, Genealogy, Kitesurfing, Calligraphy, Roller skating

Introduction: My name is Gov. Deandrea McKenzie, I am a spotless, clean, glamorous, sparkling, adventurous, nice, brainy person who loves writing and wants to share my knowledge and understanding with you.