866.656.3338 sales@diversecomputing.com

Download the Latest CJIS Security Policy Plus Other Important Resources

Get the most up to date CJIS Security Policy from CJIS ACE; includes other resources and documents for understanding CJIS compliance requirements.

Policy & Other Document Downloads    |    DCI Educational Blogs    |    Law Enforcement Acronyms Wiki

 


 

Latest CJIS Security Policy: Version 5.6Download CJIS Security Policy- the latest and greatest

Unsure what the CJIS compliance requirements are? Many new regulations were made in the updated CSP. It is our duty to know the policy inside and out as well as keep you up-to-date on any new changes.  Feel free to download the latest CJIS Security Policy and read for yourself what expectations are set and how your agency is being affected.

 

 


 

 

DOWNLOAD BUTTON_ smallCSP Version 5.6 Requirements Companion Document

Recommended changes to the CJIS Security Policy were approved by the Advisory Policy Board (APB) in the previous year and subsequently approved by the Director, FBI. The Policy contains current requirements carried over from previous versions along with newly approved requirements for agencies to implement. You are welcome to download the latest version of the “Requirements and Tiering Document”.

 

 


 

 

DOWNLOAD BUTTON_ smallCJIS-to-NIST 5.6 Security Control Mapping

Download the security control mapping of the CJIS Security Policy (Ver 5.3) requirements to the NIST Special Publication 800-53. These mappings will help shape your agency’s security policy and ensure that you have the required components for both.

 

 


 

 

DOWNLOAD BUTTON_ smallJune 2016 APB Item #15, SA Issue #4

Clarifying Encryption Requirements in the CJIS Security Policy. The complete topic paper and changes to the CJIS Security Policy approved by the APB regarding encryption of criminal justice information.

 

 


 

The CJIS Audit & Compliance Experts: CJIS ACE

Bill Tatun- our lead CJIS Audit and Compliance Expert

CJIS and NCIC requirements can be daunting and difficult to fully understand. That’s why we created CJIS ACE, a team of Audit and Compliance Experts (ACEs) who are here to guide you through the ins and outs of each CJIS requirement. When you engage with our CJIS ACE consultants, we create customized plans to help your organization get and stay compliant and be ready for any upcoming audit.

 


 

The CJIS ACE Educational Blog

Stay up to date with all things happening with the FBI CJIS Security Policy (CSP). We provide down-to-Earth explanations on CJIS requirements, how to pass an audit, and what eAgent is doing to stay compliant with the changes.

Recent Posts:

 

No recent posts

 

 

 

 


 

 

DCI Blog & News Articles

Providing the latest company news, and reporting happenings in the Criminal Justice Community.

Recent Posts:

 

 

 

 


Back to Top

 

 

Law Enforcement Acronyms and What They Mean

Your go-to Wiki page for acronyms used in law enforcement, the CJIS Security Policy, and IT.

 

A   |   B   |   C   |   D   |   E   |   F   |   G   |   H   |   I   |   J   |   K   |   L   |   M   |   N   |   O   |   P   |   Q   |   R   |   S   |   T   |   U   |   V   |   W   |   X   |   Y   |   Z

AcronymTermDefenition
AAAdvanced AuthenticationAn approach to authentication which requires the presentation of two or more authentication factors.
ACAgency Coordinator
ACLAccess Control ListA list of access control entries (ACE). Each ACE in an ACL identifies a trustee and specifies the access rights allowed, denied, or audited for that trustee.
AESAdvanced Encryption StandardA symmetric block cipher used by the U.S. government to protect classified information and is implemented in software and hardware throughout the world to encrypt sensitive data.
APAccess PointA device that allows wireless devices to connect to a wired network using Wi-Fi, or related standards.
APBFBI CJIS Advisory Policy BoardThe APB is responsible for reviewing appropriate policy, technical, and operational issues related to CJIS Division programs.
BD-ADDRBluetooth-Enabled Wireless Devices and Addresses
BYODBring Your Own DeviceThe policy of permitting employees to bring personally owned mobile devices (laptops, tablets, and smart phones) to their workplace, and to use those devices to access privileged company information and applications.
CADComputer-Assisted DispatchA method of dispatching taxicabs, couriers, field service technicians, mass transit vehicles or emergency services assisted by computer.
CAUCJIS Audit Unit
CCHComputerized Criminal HistoriesThe system that contains data on subjects arrested for misdemeanors and felonies
CFRCode of Federal RegulationsThe codification of the general and permanent rules and regulations (sometimes called administrative law) published in the Federal Register by the executive departments and agencies of the federal government of the United States. The CFR is divided into 50 titles that represent broad areas subject to federal regulation.
CHRICriminal History Record InformationInformation about the history of an individual's contacts with the state's law enforcement agencies. CHRI is created by entering data from fingerprint cards and then such information is directly submitted to an automated system electronically.
CJACriminal Justice AgencyThe set of agencies and processes established by governments to control crime and impose penalties on those who violate laws. There is no single criminal justice system in the United States but rather many similar, individual systems.
CGAContracting Government Agency
CJISCriminal Justice Information SystemA division of the United States Federal Bureau of Investigation (FBI). The CJIS was established in February 1992 and it is the largest division in the FBI.
ConOpsConcept of OperationsA document describing the characteristics of a proposed system from the viewpoint of an individual who will use that system. It is used to communicate the quantitative and qualitative system characteristics to all stakeholders.
CSACJIS Systems Agency
CSIRCComputer Security Incident Response CapabilityThe focal point for all operational security issues that occur on an organization's local and wide-area networks.
CSOCJIS Systems Officer
DAADesignated Approving AuthorityThe official with the authority to formally assume responsibility for operating a system at an acceptable level of risk.
DCIDiverse Computing, Inc.Leaders in law enforcement software, based in Tallahassee, FL. Diverse Computing, Inc.'s eAgent law enforcement software provides secure access to NCIC, Nlets, and state criminal justice information systems.
DHSDepartment of Homeland SecurityA concerted national effort to prevent terrorist attacks within the United States, reduce America's vulnerability to terrorism, and minimize the damage and recover from attacks that do occur.
DoCDepartment of CorrectionsA governmental agency responsible for overseeing the incarceration of persons convicted of crimes within a particular jurisdiction.
DoDU.S. Department of DefenseAn executive branch department of the federal government of the United States charged with coordinating and supervising all agencies and functions of the government concerned directly with national security and the United States Armed Forces.
DoJDepartment of JusticeA federal executive department of the U.S. government, responsible for the enforcement of the law and administration of justice in the United States, equivalent to the justice or interior ministries of other countries.
DoJCERTDoJ Computer Emergency Response Team
FBIFederal Bureau of InvestigationThe domestic intelligence and security service of the United States, which simultaneously serves as the nation's prime Federal law enforcement organization.
FIPSFederal Information Processing StandardsPublicly announced standards developed by the United States federal government for use in computer systems by non-military government agencies and government contractors.
FISMAFederal Information Security Management ActUnited States legislation that defines a comprehensive framework to protect government information, operations and assets against natural or man-made threats. FISMA was signed into law part of the Electronic Government Act of 2002.
FOIAFreedom of Information ActA federal freedom of information law that allows for the full or partial disclosure of previously unreleased information and documents controlled by the United States government.
FOUOFor Official Use OnlyA DoD dissemination control applied to unclassified information when disclosure to the public of that particular record, or portion thereof, would reasonably be expected to cause a foreseeable harm to an interest protected by one or more of Freedom of Information Act (FOIA) Exemptions
GSAGeneral Services AdministrationAn independent agency of the United States government, established in 1949 to help manage and support the basic functioning of federal agencies.
HTTPHypertext Transfer ProtocolAn application protocol for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web.
IAFISIntegrated Automated Fingerprint Identification SystemA national automated fingerprint identification and criminal history system maintained by the Federal Bureau of Investigation (FBI).
IDSIntrusion Detection SystemA device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station.
IIIInterstate Identification IndexA national index of criminal histories (or rap sheets) in the United States of America, maintained by the Federal Bureau of Investigation (FBI) at the National Crime Information Center.
IPInternet ProtocolThe principal communications protocol in the Internet protocol suite for relaying datagrams across network boundaries. Its routing function enables internetworking, and essentially establishes the Internet.
IPSIntrusion Prevention SystemA network security/threat prevention technology that examines network traffic flows to detect and prevent vulnerability exploits.
IPSECInternet Protocol SecurityA protocol suite for secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session.
ISAInterconnection Security AgreementA security document that specifies the technical and security requirements for establishing, operating, and maintaining the interconnection. It also supports the MOU/A between the organizations.
ISOInformation Security OfficerAn executive within an organization responsible for establishing and maintaining the enterprise vision, strategy and program to ensure information assets and technologies are adequately protected.
ITInformation TechnologyThe application of computers and telecommunications equipment to store, retrieve, transmit and manipulate data, often in the context of a business or other enterprise.
LANLocal Area NetworkA group of computers and associated devices that share a common communications line or wireless link to a server. Typically, a LAN encompasses computers and peripherals connected to a server within a small geographic area such as an office building or home.
LASOLocal Agency Security OfficerThe agency contact for CJIS Training
LEEPLaw Enforcement Enterprise PortalA gateway providing law enforcement agencies, intelligence groups, and criminal justice entities access to beneficial resources. These resources will strengthen case development for investigators, enhance information sharing between agencies, and be accessible in one centralized location.
LMRSLand Mobile Radio SystemA wireless communications system intended for use by terrestrial users in vehicles (mobiles) or on foot (portables). Examples are walkie-talkies and two way radios in vehicles.
MACMedia Access ControlThe lower sublayer of the data link layer (layer 2) of the seven-layer OSI model. The MAC sublayer provides addressing and channel access control mechanisms that make it possible for several terminals or network nodes to communicate within a multiple access network that incorporates a shared medium, e.g. an Ethernet network.
MCAManagement Control Agreement
MDMMobile Device ManagementThe administration of mobile devices, such as smartphones, tablet computers, laptops and desktop computers. MDM is usually implemented with the use of a third party product that has management features for particular vendors of mobile devices.
MDTMobile Data TerminalA computerized device used in public transit vehicles, taxicabs, courier vehicles, service trucks, commercial trucking fleets, military logistics, fishing fleets, warehouse inventory control, and emergency vehicles, such as police cars, to communicate with a central dispatch office.
MITMMan-in-the-Middle AttackAn attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.
MOUMemorandum of UnderstandingA formal agreement between two or more parties. Companies and organizations can use MOUs to establish official partnerships. MOUs are not legally binding but they carry a degree of seriousness and mutual respect, stronger than a gentlemen's agreement.
NCICNational Crime Information CenterA computerized index of criminal justice information (i.e.- criminal record history information, fugitives, stolen properties, missing persons). It is available to Federal, state, and local law enforcement and other criminal justice agencies and is operational 24 hours a day, 365 days a year.
NCJANoncriminal Justice AgencyAn agency or entity that does not perform, or functions and reasons that are associated with the administration of criminal justice
NICSNational Instant Criminal Background Check SystemA U.S. system for determining if prospective firearms or explosives buyers are eligible to buy. It was mandated by the Brady Handgun Violence Prevention Act (Brady Law) of 1993 and launched by the Federal Bureau of Investigation (FBI) in 1998.
NISTNational Institute of Standards and TechnologyA measurement standards laboratory, also known as a National Metrological Institute (NMI), which is a non-regulatory agency of the United States Department of Commerce.
NletsNational Law Enforcement Telecommunications Systemthe International Justice and Public Safety Information Sharing Network Ñ a state-of-the-art secure information sharing system for state and local law enforcement agencies.
OMBOffice of Management and BudgetThe largest office within the Executive Office of the President of the United States (EOP). The main function of OMB is to produce the President's Budget.[2] OMB also measures the quality of agency programs, policies, and procedures and to see if they comply with the president's policies.
ORIOriginating Agency IdentifierA code assigned to designate the "originating agency," developed by the National Crime Information Center (NCIC).
PBXPrivate Branch ExchangeA telephone system within an enterprise that switches calls between enterprise users on local lines while allowing all users to share a certain number of external phone lines.
PDAPersonal Digital AssistantA term for any small mobile hand-held device that provides computing and information storage and retrieval capabilities for personal or business use, often for keeping schedule calendars and address book information handy. The term handheld is a synonym.
PIIPersonally Identifiable InformationAny data that could potentially identify a specific individual. Any information that can be used to distinguish one person from another and can be used for de-anonymizing anonymous data can be considered PII.
PINPersonal Identification NumberA number allocated to an individual and used to validate electronic transactions.
PKIPublic Key InfrastructureA set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption.
POCPoint-of-ContactA person or a department serving as the coordinator or focal point of information concerning an activity or program. A POC is used in many cases where information is time-sensitive and accuracy is important.
PSTNPublic Switched Telephone NetworkThe aggregate of the world's circuit-switched telephone networks that are operated by national, regional, or local telephony operators, providing infrastructure and services for public telecommunication.
QAQuality AssuranceThe maintenance of a desired level of quality in a service or product, especially by means of attention to every stage of the process of delivery or production.
QoSQuality of ServiceTo quantitatively measure quality of service, several related aspects of the network service are often considered, such as error rates, bit rate, throughput, transmission delay, availability, jitter, etc. Quality of service is particularly important for the transport of traffic with special requirements.
RFRadio FrequencyAlternating current (AC) having characteristics such that, if the current is input to an antenna, an electromagnetic (EM) field is generated suitable for wireless broadcastingand/or communications.
SASecurity Addendum
SCOState Compact Officer
SIBState Identification Bureau
SIGSpecial Interest GroupA group of people or an organization seeking or receiving special advantages, typically through political lobbying.
SPSpecial PublicationA catalog of security controls for all U.S. federal information systems except those related to national security.
SPRCSecurity Policy Resource Center
SSIDService Set IdentifierA sequence of characters that uniquely names a wireless local area network (WLAN). An SSID is sometimes referred to as a "network name."
TACTerminal Agency Coordinator
TLSTransport Layer SecurityA protocol that ensures privacy between communicating applications and their users on the Internet. When a server and client communicate, TLS ensures that no third party may eavesdrop or tamper with any message. TLS is the successor to the Secure Sockets Layer (SSL).
VLANVirtual Local Area NetworkA logical subgroup within a local area network that is created via software rather than manually moving cables in the wiring closet.
VMVirtual MachineAn operating system OS or application environment that is installed on software which imitates dedicated hardware.
VoIPVoice Over Internet ProtocolPhone service over the Internet. If you have a reasonable quality Internet connection you can get phone service delivered through your Internet connection instead of from your local phone company.
VPNVirtual Private NetworkA method employing encryption to provide secure access to a remote computer over the Internet.
WEPWired Equivalent PrivacyA security algorithm for IEEE 802.11 wireless networks. Introduced as part of the original 802.11 standard ratified in 1997, its intention was to provide data confidentiality comparable to that of a traditional wired network.
WLANWireless Local Area NetworkA wireless computer network that links two or more devices using a wireless distribution method (often spread-spectrum or OFDM radio) within a limited area such as a home, school, computer laboratory, or office building.
WPAWi-Fi Protected AccessA security standard for users of computers equipped with Wi-Fi wireless connection. It is an improvement on and is expected to replace the original Wi-Fi security standard, Wired Equivalent Privacy (WEP).
XMLExtensible Markup LanguageA markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable.

Policy & Other Document Downloads    |    DCI Educational Blogs    |    Law Enforcement Acronyms Wiki    |    Back to Top    |    CJIS Policies Archive