| Trust Interoperability Profile Name | Version |
|---|---|
|
Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for an application, service, or information system to separate user functionality (including user interface services) from information system management functionality.
|
5.4 |
|
Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for an agency's information system to provide alerts to appropriate agency officials in the event of an audit processing failure.
|
5.4 |
|
Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for an agency's information system to produce, at the application and/or operating system level, audit records containing sufficient information to establish what events occurred, the sources of the events, and the outcomes of the events.
|
5.4 |
|
Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for an agency's information system to generate audit records for defined events.
|
5.4 |
|
Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for an agency to retain audit records for at least one (1) year.
|
5.4 |
|
Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for logs of access privilege changes to be maintained for a minimum of one year or at least equal to the agency's record retention policy - whichever is greater.
|
5.4 |
|
Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for every audited event to include the date and time of the event.
|
5.4 |
|
Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for every audited event to include the outcome (success or failture) of the event.
|
5.4 |
|
Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for every audited event to include the type of event.
|
5.4 |
|
Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for every audited event to include the component of the information system (e.g., software component, hardware component) where the event occurred.
|
5.4 |
|
Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for an agency's information system to provide time stamps for use in audit record generation.
|
5.4 |
|
Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for time stamps to include the date and time values generated by the internal system clocks in the audit records.
|
5.4 |
|
Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for every audited event to include the user/subject identity.
|
5.4 |
|
Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for an agency to continue to retain audit records until it is determined they are no longer needed for administrative, legal, audit, or other operational purposes.
|
5.4 |
|
Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for agencies to implement audit and accountability controls to increase the probability of authorized users conforming to a prescribed pattern of behavior.
|
5.4 |
|
Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for an agency to employ automated mechanisms to assist and support in the reporting of security incidents where feasible.
|
5.4 |
|
Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for an agency to employ automated mechanisms to facilitate the monitoring and control of remote access methods.
|
5.4 |
|
Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for an organization to employ automated tools to support near-real-time analysis of events in support of detecting system-level attacks.
|
5.4 |
|
Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for an agency to employ automated mechanisms to make security alert and advisory information available throughout the agency as appropriate.
|
5.4 |
|
Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for a system to automatically lock the account/node for a 10 minute time period unless released by an administrator.
|
5.4 |
|
Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for an agency to implement malicious code protection that includes automatic updates for all systems with Internet access.
|
5.4 |
|
Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.8, for agencies to follow appropriate password complexity rules.
|
5.8 |
|
Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for an agency to ensure the operational failure of the boundary protection mechanisms do not result in any unauthorized release of information outside of the information system boundary (i.e. the device shall "fail closed" vs. "fail open").
|
5.4 |
|
Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for an organization to send individual intrusion detection logs to a central logging facility where correlation and analysis will be accomplished as a system wide intrusion detection effort.
|
5.4 |
|
Profile of requirements from the FBI Criminal Justice Information Services (CJIS) Policy, version 5.4, for PINs utilized in conjunction with a certificate or a token (e.g. key fob with rolling numbers) for the purpose of advanced authentication that PIN digits are not displayed when entered.
|
5.4 |
