https://artifacts.trustmarkinitiative.org/lib/tips/cjis-security-policy-section-5.6.2.1/5.8/CJIS Security Policy Section 5.6.2.15.8Profile of FBI Criminal Justice Information Services (CJIS) requirements as defined by the CJIS Security Policy, version 5.8, Section 5.6.2.1.2021-03-31T00:00:00.000ZfalseThis artifact is published by the Georgia Tech Research Institute (GTRI) as part of the Trustmark Initiative. This artifact and the information contained herein is provided on an "AS IS" basis, and GTRI disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, GTRI disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.https://trustmarkinitiative.org/Trustmark InitiativePRIMARYTrustmark Supporthelp@trustmarkinitiative.org555-555-5555https://trustmarkinitiative.org/https://artifacts.trustmarkinitiative.org/lib/tips/cjis-security-policy-section-5.6.2.1/5.4/SecurityInformation AssuranceCJIS Security Policyhttps://artifacts.trustmarkinitiative.org/lib/tips/cjis---password-and-pin-entry/5.4/1CJIS - Password and PIN Entry5.4Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for passwords and PINs to not be displayed when entered.https://artifacts.trustmarkinitiative.org/lib/tips/cjis---password-complexity/5.8/2CJIS - Password Complexity5.8Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.8, for agencies to follow appropriate password complexity rules.https://artifacts.trustmarkinitiative.org/lib/tips/cjis---secure-password-transmission/5.4/3CJIS - Secure Password Transmission5.4Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for passwords to not be transmitted in the clear outside of a secure location.https://artifacts.trustmarkinitiative.org/lib/tips/cjis---certificate-and-token-pin-protection---not-displayed-on-entry/5.4/4CJIS - Certificate and Token PIN Protection - Not Displayed On Entry5.4Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for PINs utilized in conjunction with a certificate or a token (e.g. key fob with rolling numbers) for the purpose of advanced authentication that PIN digits are not displayed when entered.https://artifacts.trustmarkinitiative.org/lib/tips/cjis---certificate-and-token-pin-protection---transmission/5.4/5CJIS - Certificate and Token PIN Protection - Transmission5.4Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for PINs utilized in conjunction with a certificate or a token (e.g. key fob with rolling numbers) for the purpose of advanced authentication to not be transmitted in the clear outside a secure location.https://artifacts.trustmarkinitiative.org/lib/tips/cjis---complexity-requirements-for-pins-as-standard-authenticators/5.4/6CJIS - Complexity Requirements For PINs As Standard Authenticators5.4Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for agencies that implement the use of a PIN as a standard authenticator to follow the guidance provided for passwords.https://artifacts.trustmarkinitiative.org/lib/tips/cjis---pin-complexity-requirements/5.4/7CJIS - PIN Complexity Requirements5.4Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for agencies to follow appropriate PIN complexity rules.https://artifacts.trustmarkinitiative.org/lib/tips/cjis---pin-expiration/5.4/8CJIS - PIN Expiration5.4Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for PINs utilized in conjunction with a certificate or a token (e.g. key fob with rolling numbers) for the purpose of advanced authentication to expire within a maximum of 365 days.https://artifacts.trustmarkinitiative.org/lib/tips/cjis---pin-history/5.4/9CJIS - PIN History5.4Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for PINs utilized in conjunction with a certificate or a token (e.g. key fob with rolling numbers) for the purpose of advanced authentication to not be identical to the previous three (3) PINs.https://artifacts.trustmarkinitiative.org/lib/tds/cjis---one-time-passwords/1.0/10CJIS - One-time Passwords1.0Defines conformance and assessment criteria for compliance with one-time password requirements defined by CJIS Security Policy.https://artifacts.trustmarkinitiative.org/lib/tds/passwords-and-pins-are-unique/1.0/11Passwords and PINs Are Unique1.0Defines conformance and assessment criteria for verifying that an organization prohibits users from using the same password or PIN in the same logon sequence.https://artifacts.trustmarkinitiative.org/lib/tds/defined-pin-lifetime/1.0/12Defined PIN Lifetime1.0Defines conformance and assessment criteria for verifying that an organization has established minimum PIN lifetime requirements.https://artifacts.trustmarkinitiative.org/lib/tds/defined-pin-reuse-limits/1.0/13Defined PIN Reuse Limits1.0Defines conformance and assessment criteria for verifying that an organization has established minimum PIN history and reuse requirements.= 3]]>CJIS-SP-V5.8Criminal Justice Information Services (CJIS) Security Policy Version 5.8, 06/01/2019, CJISD-ITS-DOC-08140-5.8Access to Criminal Justice InformationAccreditationAdministration of Criminal JusticeAdvanced AuthenticationAAAgency Controlled Mobile DeviceAgency CoordinatorACAgency Issued Mobile DeviceAgency LiaisonALAsymmetric EncryptionAuthorized RecipientAuthorized User/PersonnelAuthorizing OfficialAvailabilityBiographic DataBiometric DataCase / Incident HistoryCertificate Authority (CA) CertificateCertificationChannelerCJIS Advisory Policy BoardAPBCJIS Audit UnitCAUCJIS Security PolicyCJIS Systems AgencyCSACJIS Systems Agency Information Security OfficerCSA ISOCJIS Systems OfficerCSOCloud ClientCloud ComputingCloud ProviderCloud SubscriberCompact CouncilCompact OfficersCompensating ControlsComputer Security Incident Response CapabilityCSIRCConfidentialityContracting Government AgencyCGAContractorCrime Reports DataCriminal History Record InformationCHRICriminal Justice AgencyCJACriminal Justice Agency User AgreementCriminal Justice ConveyanceCriminal Justice Information (CJI)Criminal Justice Information Services DivisionFBI CJISCJISDataDegaussDepartment of JusticeDoJDigital MediaDigital SignatureDirect AccessDisseminationEnvironmentEscortFacsimileFaxFBI CJIS Information Security Officer (FBI CJIS ISO)Federal Bureau of InvestigationFBIFederal Information Security Management ActFISMAFor Official Use OnlyFOUOFull-feature Operating SystemGuest Operating SystemHit ConfirmationHost Operating SystemHybrid EncryptionHypervisorIdentity History DataIn-BandIncidentIndirect AccessInformationInformation Exchange AgreementInformation SecurityInformation Security OfficerISOInformation SystemInformation TechnologyInformationTypesIntegrated Automated Fingerprint Identification SystemIAFISIntegrityInterconnection Security AgreementISAInterface AgencyInternet ProtocolIPInterstate Identification IndexIIIJailbreak (Jailbroken)Laptop DevicesLaw Enforcement Enterprise PortalLEEPLimited-feature Operating SystemLocal Agency Security OfficerLASOLogical AccessLogical PartitioningManagement Control AgreementMCAManagement ControlsMediaMobile (WiFi) HotspotMobile DeviceMobile Device ManagementMDMNational Crime Information CenterNCICNational Instant Criminal Background Check SystemNICSNational Institute of Standards and TechnologyNISTNCJA (Government)NCJA (Private)NCJA (Public)Noncriminal Justice AgencyNCJANoncriminal Justice PurposeOffice of Management and BudgetOMBOne Time PasswordOTPOrganizationOut-of-BandOutsourcingOutsourcing StandardPartitioningPersonal FirewallPersonally Identifiable InformationPIIPhysical AccessPhysical MediaPhysical PartitioningPhysically Secure LocationPocket/Handheld Mobile DevicePortable DevicePotential ImpactProperty DataRap BackReceive-Only TerminalROTRecordsRepository Manager, or Chief AdministratorRiskRisk ManagementRoot (Rooting, Rooted)SafeguardsSanitizationSecondary DisseminationSecurity AddendumSASecurity CategorySecurity ControlsSecurity PlanSecurity RequirementsSensitive But UnclassifiedSBUServer/Client Computer Certificate (device-based)ServiceShredderSmartphoneSocial EngineeringSoftware PatchSpamState and Federal Agency User AgreementState Compact OfficerState Identification BureauSIBState Identification Bureau ChiefSIB ChiefState of ResidencySymmetric EncryptionSystemSystem Security PlanTablet DevicesTerminal Agency CoordinatorTACThreatUserUser Certificate (user-based)Virtual EscortVirtual MachineVMVirtualizationVoice over Internet ProtocolVoIPVulnerabilityWireless (WiFi) HotspotWireless Access Point