| Trust Interoperability Profile Name | Version |
|---|---|
|
Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for an agency to issue credentials to authorized personnel.
|
5.4 |
|
Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for an agency to control physical access to information system devices that display CJI.
|
5.4 |
|
Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for an agency shall monitor physical access to the information system to detect and respond to physical security incidents.
|
5.4 |
|
Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for an agency to authorize and control information system-related items entering and exiting the physically secure location.
|
5.4 |
|
Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for an agency to position information system devices in such a way as to prevent unauthorized individuals from accessing and viewing CJI.
|
5.4 |
|
Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for an agency to control physical access to information system distribution and transmission lines within the physically secure location.
|
5.4 |
|
Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for an agency to verify individual access authorizations before granting access.
|
5.4 |
|
Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for an agency to control physical access by authenticating visitors before authorizing escorted access to the physically secure location (except for those areas designated as publicly accessible).
|
5.4 |
|
Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for an agency to escort visitors at all times and monitor visitor activity.
|
5.4 |
|
Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for an organization to have physical protection policy and procedures shall be documented and implemented to ensure CJI and information system hardware, software, and media are physically protected through access control measures.
|
5.4 |
|
Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for agencies to follow appropriate PIN complexity rules.
|
5.4 |
|
Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for PINs utilized in conjunction with a certificate or a token (e.g. key fob with rolling numbers) for the purpose of advanced authentication to expire within a maximum of 365 days.
|
5.4 |
|
Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for PINs utilized in conjunction with a certificate or a token (e.g. key fob with rolling numbers) for the purpose of advanced authentication to not be identical to the previous three (3) PINs.
|
5.4 |
|
Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for agencies using public key infrastructure technology to develop and implement a certificate policy and certification practice statement for the issuance of public key certificates used in the information system.
|
5.4 |
|
Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for an organization's privacy and security policies to be consistent with applicable laws, Executive Orders, directives, policies, regulations, standards, and guidance.
|
5.4 |
|
Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for an agency to document the technical and administrative process for enabling remote access for privileged functions in the security plan for the system.
|
5.4 |
|
Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for an organization to specifically prohibit and/or restrict the use of specified functions, ports, protocols, and/or services.
|
5.4 |
|
Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for an agency's information system to protect audit information and audit tools from modification, deletion and unauthorized access.
|
5.4 |
|
Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for information shared through communication mediums to be protected with appropriate security safeguards.
|
5.4 |
|
Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for an agency to authorize, monitor, and control all methods of remote access to the information system.
|
5.4 |
|
Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for a responsible management official to designate an individual or position to review/analyze information system audit records for indications of inappropriate or unusual activity, investigate suspicious activity or suspected violations, to report findings to appropriate officials, and to take necessary actions.
|
5.4 |
|
Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for audit review/analysis to be conducted at a minimum once a week.
|
5.4 |
|
Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for an agency to validate information system accounts at least annually.
|
5.4 |
|
Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for an agency to periodically review and update the list of agency-defined auditable events.
|
5.4 |
|
Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, that evaluation of the risks to the agency are undertaken based on the criticality of the data, system, and the impact of the change.
|
5.4 |
