https://artifacts.trustmarkinitiative.org/lib/tips/cjis-security-policy-section-5.5.6/5.4/CJIS Security Policy Section 5.5.65.4Profile of FBI Criminal Justice Information Services (CJIS) requirements as defined by the CJIS Security Policy, version 5.4, Section 5.5.6.2017-05-10T00:00:00.000ZfalseThis artifact is published by the Georgia Tech Research Institute (GTRI) as part of the Trustmark Initiative. This artifact and the information contained herein is provided on an "AS IS" basis, and GTRI disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, GTRI disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.https://trustmarkinitiative.org/Trustmark InitiativePRIMARYTrustmark Supporthelp@trustmarkinitiative.org555-555-5555https://trustmarkinitiative.org/SecurityInformation AssuranceCJIS Security Policyhttps://artifacts.trustmarkinitiative.org/lib/tips/cjis---automated-remote-access-monitoring/5.4/1CJIS - Automated Remote Access Monitoring5.4Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for an agency to employ automated mechanisms to facilitate the monitoring and control of remote access methods.https://artifacts.trustmarkinitiative.org/lib/tips/cjis---managed-access-control-points/5.4/2CJIS - Managed Access Control Points5.4Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for an agency to control all remote accesses through managed access control points.https://artifacts.trustmarkinitiative.org/lib/tips/cjis---privileged-command-remote-access/5.4/3CJIS - Privileged Command Remote Access5.4Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for an agency to document the technical and administrative process for enabling remote access for privileged functions in the security plan for the system.https://artifacts.trustmarkinitiative.org/lib/tips/cjis---remote-access-authorization-and-monitoring/5.4/4CJIS - Remote Access Authorization and Monitoring5.4Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for an agency to authorize, monitor, and control all methods of remote access to the information system.https://artifacts.trustmarkinitiative.org/lib/tips/cjis-security-policy-section-5.5.6.1/5.4/14CJIS Security Policy Section 5.5.6.15.4Profile of FBI Criminal Justice Information Services (CJIS) requirements as defined by the CJIS Security Policy, version 5.4, Section 5.5.6.1.https://artifacts.trustmarkinitiative.org/lib/tips/cjis-security-policy-section-5.5.6.2/5.4/15CJIS Security Policy Section 5.5.6.25.4Profile of FBI Criminal Justice Information Services (CJIS) requirements as defined by the CJIS Security Policy, version 5.4, Section 5.5.6.2.https://artifacts.trustmarkinitiative.org/lib/tds/cjis-remote-administrator-authentication-via-active-teleconference/1.0/5CJIS Remote Administrator Authentication Via Active Teleconference1.0Defines conformance and assessment criteria for verifying that an organization requires that remote administrative personnel are authenticated during the session via active teleconference with the escort throughout the session.https://artifacts.trustmarkinitiative.org/lib/tds/cjis-remote-administrator-authentication-via-advanced-authentication/1.0/6CJIS Remote Administrator Authentication Via Advanced Authentication1.0Defines conformance and assessment criteria for verifying that an organization requires that remote administrative personnel are authenticated prior to remote access sessions via an Advanced Authentication (AA) solution.https://artifacts.trustmarkinitiative.org/lib/tds/remote-administrator-authentication/1.0/7Remote Administrator Authentication1.0Defines conformance and assessment criteria for verifying that an organization requires remote administrative personnel to be authenticated prior to or during remote access sessions.https://artifacts.trustmarkinitiative.org/lib/tds/remote-administrators-identified-prior-to-access/1.0/8Remote Administrators Identified Prior To Access1.0Defines conformance and assessment criteria for verifying that an organization requires that remote administrative personnel are identified prior to having remote access.https://artifacts.trustmarkinitiative.org/lib/tds/remote-privileged-sessions-protected-with-encryption/1.0/9Remote Privileged Sessions Protected With Encryption1.0Defines conformance and assessment criteria for verifying that an organization requires that connections for remote administrative personnel are protected with an encrypted path.https://artifacts.trustmarkinitiative.org/lib/tds/remote-privileged-sessions-protected-with-fips-140-2-certified-encryption/1.0/10Remote Privileged Sessions Protected With FIPS 140-2 Certified Encryption1.0Defines conformance and assessment criteria for verifying that an organization requires that connections for remote administrative personnel are protected with a FIPS 140-2 certified encrypted path.https://artifacts.trustmarkinitiative.org/lib/tds/virtual-escort-can-terminate-privileged-remote-sessions/1.0/11Virtual Escort Can Terminate Privileged Remote Sessions1.0Defines conformance and assessment criteria for verifying that an organization requires that escorts for privileged remote sessions are able to end the session at any time.https://artifacts.trustmarkinitiative.org/lib/tds/virtual-escort-of-privileged-remote-sessions/1.0/12Virtual Escort of Privileged Remote Sessions1.0Defines conformance and assessment criteria for verifying that an organization monitors privileged remote sessions.https://artifacts.trustmarkinitiative.org/lib/tds/virtual-escorts-familiar-with-system/1.0/13Virtual Escorts Familiar With System1.0Defines conformance and assessment criteria for verifying that an organization requires that escorts for privileged remote sessions are familiar with the system/area in which the work is being performed.CJIS-SP-V5.4Criminal Justice Information Services (CJIS) Security Policy Version 5.4, 10/06/2015, CJISD-ITS-DOC-08140-5.4Access to Criminal Justice InformationAccreditationAdministration of Criminal JusticeAgency Controlled Mobile DeviceAgency CoordinatorACAgency Issued Mobile DeviceAgency LiaisonALAuthorized RecipientAuthorized User/PersonnelAuthorizing OfficialAvailabilityBiographic DataBiometric DataCase / Incident HistoryCertificate Authority (CA) CertificateCertificationChannelerCJIS Advisory Policy BoardAPBCJIS Audit UnitCAUCJIS Security PolicyCJIS Systems AgencyCSACJIS Systems Agency Information Security OfficerCSA ISOCJIS Systems OfficerCSOCloud ClientCloud ComputingCloud ProviderCloud SubscriberCompact CouncilCompact OfficersCompensating ControlsComputer Security Incident Response CapabilityCSIRCConfidentialityContracting Government AgencyCGAContractorCrime Reports DataCriminal History Record InformationCHRICriminal Justice AgencyCJACriminal Justice Agency User AgreementCriminal Justice ConveyanceCriminal Justice Information (CJI)Criminal Justice Information Services DivisionFBI CJISCJISDataDegaussDepartment of JusticeDoJDigital MediaDigital SignatureDirect AccessDisseminationEnvironmentEscortFBI CJIS Information Security Officer (FBI CJIS ISO)Federal Bureau of InvestigationFBIFederal Information Security Management ActFISMAFor Official Use OnlyFOUOGuest Operating SystemHit ConfirmationHost Operating SystemHypervisorIdentity History DataIncidentIndirect AccessInformationInformation Exchange AgreementInformation SecurityInformation Security OfficerISOInformation SystemInformation TechnologyInformationTypesIntegrated Automated Fingerprint Identification SystemIAFISIntegrityInterconnection Security AgreementISAInterface AgencyInternet ProtocolIPInterstate Identification IndexIIIJailbreak (Jailbroken)Laptop DevicesLaw Enforcement Enterprise PortalLEEPLocal Agency Security OfficerLASOLogical AccessLogical PartitioningManagement Control AgreementMCAManagement ControlsMediaMobile DeviceMobile Device ManagementMDMNational Crime Information CenterNCICNational Instant Criminal Background Check SystemNICSNational Institute of Standards and TechnologyNISTNCJA (Government)NCJA (Private)NCJA (Public)Noncriminal Justice AgencyNCJANoncriminal Justice PurposeOffice of Management and BudgetOMBOrganizationOutsourcingOutsourcing StandardPartitioningPersonal FirewallPersonally Identifiable InformationPIIPhysical AccessPhysical MediaPhysical PartitioningPhysically Secure LocationPocket/Handheld Mobile DevicePortable DevicePotential ImpactProperty DataRap BackReceive-Only TerminalROTRecordsRepository Manager, or Chief AdministratorRiskRisk ManagementRoot (Rooting, Rooted)SafeguardsSanitizationSecondary DisseminationSecurity AddendumSASecurity CategorySecurity ControlsSecurity PlanSecurity RequirementsSensitive But UnclassifiedSBUServer/Client Computer Certificate (device-based)ServiceShredderSmartphoneSocial EngineeringSoftware PatchSpamState and Federal Agency User AgreementState Compact OfficerState Identification BureauSIBState Identification Bureau ChiefSIB ChiefState of ResidencySystemSystem Security PlanTablet DevicesTerminal Agency CoordinatorTACThreatUserUser Certificate (user-based)Virtual EscortVirtual MachineVMVirtualizationVoice over Internet ProtocolVoIPVulnerability