Every couple of weeks I get the pleasure of putting together the CJIS ACE Newsletter for you where I try to impart insight, tips and general knowledge on various aspects of the seemingly endless CJIS policies. But…..
Did you ever wonder, “How did they come up with this policy?” or “Why do they require this?”
To help answer these questions, I pose a question to you – Do you know how CJIS policies are made?
Yes? Somewhat? Maybe? Not really?
If you answered anything but “Yes, I totally understand how CJIS policies are made,” then this and the next newsletter will help shed some light on the “Process” and illustrate how the policies I write about are made.
First thing to know is that, as contributors and users of the systems, the CJIS policies are YOUR policies and are created as a result of a “shared management concept,” known as the CJIS Advisory Process.
The CJIS Advisory Process was established by FBI Director Louis J. Freeh in 1994 and replaced the former NCIC Advisory Process (1969-1994).
The philosophy of shared management is one that the FBI along with federal, state, local and tribal data providers and users share responsibility for the management and operation of all FBI systems that benefit the criminal justice community.
Currently, the FBI administers the following programs that fall under this philosophy:
Next Generation Identification (NGI)
Law Enforcement National Data Exchange (N-DEx)
Law Enforcement Online (LEO)
National Instant Criminal Background Check System (NICS)
The criminal justice community, all of you, has the ability to provide advice and guidance on how these systems are operated and managed. How, you ask?
Enter the CJIS Advisory Board (APB).
The APB is responsible for reviewing policy, technical and operational issues related to CJIS Division programs listed above. It meets minimally twice yearly.
After review, the APB makes recommendations to the Director of the FBI for final approval.
Composition of the APB
The APB is made up of 34 representatives from criminal justice agencies and national security agencies and organizations throughout the United States. Membership consists of:
20 members: selected by the members of the four regional Working Groups (3 state-level and 2 local-level agency representatives are recommended). These members must be chief executives or at the policy-making level of their respective agencies. As a previous member of the APB, this is how I was selected to serve.
5 members: selected by the Director of the FBI, one member each, representing the prosecutorial, judicial and correctional sectors of the criminal justice community, a national security agency, and a tribal community representative.
8 members: selected by each of the following criminal justice professional associations to represent their respective associations: American Probation and Parole Association; International Association of Chiefs of Police; Major Cities Chiefs’ Association; Major County Sheriffs’ Association; National District Attorney’s Association; National Sheriffs’ Association; American Society of Crime Laboratory Directors and a representative from the courts or courts administrators selected by the Conference of Chief Justices.
1 member: the Chair of the Federal Working Group.
There you have it – the CJIS Advisory Policy Board!
But that’s not it. There’s an awful lot of work that needs to get done, so the APB gets some help from the Working Groups and the Ad Hoc Subcommittees.
Let’s briefly look into what their roles are and who participates.
The Working Groups review operational, policy, and technical issues related to CJIS Division programs and policies and make recommendations to the APB or to one of its subcommittees.
The Working Groups often send topics to an an-hoc subcommittee for subject matter expert review and recommendation prior to sending it to the full APB.
All fifty states, as well as U.S. territories and the Royal Canadian Mounted Police are organized into five Working Groups, four regional and one federal, as follows:
– North Central
Illinois, Indiana, Iowa, Kansas, Michigan, Minnesota, Missouri, Nebraska, North Dakota, Ohio, South Dakota, Wisconsin
Connecticut, Delaware, District of Columbia, Maine, Maryland, Massachusetts, New Hampshire, New Jersey, New York, Pennsylvania, Rhode Island, Vermont, Royal Canadian Mounted Police
Alabama, Arkansas, Florida, Georgia, Kentucky, Louisiana, Mississippi, North Carolina, Oklahoma, Commonwealth of Puerto Rico, South Carolina, Tennessee, U.S. Virgin Islands, Virginia, West Virginia
Alaska, Arizona, California, Colorado, Guam, Hawaii, Idaho, Montana, Nevada, New Mexico, Oregon, Texas, Utah, Washington, Wyoming
Federal agencies that participate in CJIS Division programs form a Federal Working Group. This Working Group is comprised of representatives from any federal agency that participates in any of the CJIS Division programs and includes one tribal law enforcement representative chosen by the U.S. Department of Interior.
The four regional Working Groups are composed of one state-level agency representative, one local-level agency representative from each state, and one tribal law enforcement representative from each region.
In addition, the FBI Director, at his or her discretion, may designate one additional representative to each of the five Working Groups.
The state-level representative is selected by the administrator of each state’s CJIS Systems Agency. (A CSA is a criminal justice agency that has overall responsibility for the administration and usage of the CJIS Division programs within a state, district, territory, or foreign country. This includes any federal agency that meets the definition and provides services to other federal agencies and/or whose users reside in multiple states or territories.) There will be no more than one CSA per state, district, territory, or foreign country.
Ad- Hoc Subcommittees
Ad Hoc Subcommittees can be created by the Designated Federal Officer (DFO). The DFO is an FBI employee appointed by the FBI Director serving as a management officer, in consultation with the Chairperson of the APB, with FBI approval, and in accordance with applicable law to assist the APB in their duties.
Ad-hoc subcommittees members are subject matter experts in the specific domain of their assigned ad-hoc subcommittee. Because of their expertise, they are able to delve deeply and thoroughly review controversial policies, issues and program changes.
They formulate alternatives and recommendations for the consideration of the entire APB.
The ad-hoc subcommittees generally receive requests for topic review and direction from the APB or Working Groups. If an ad-hoc subcommittee generates a new topic it is often referred back to the Working Groups for review prior to being presented to the APB.
There are currently nine ad hoc subcommittees:
– By-Laws Ad Hoc Subcommittee
– Crisis Management Ad Hoc Subcommittee
– Identification Services Ad Hoc Subcommittee
– N-DEx Ad Hoc Subcommittee
– NCIC Ad Hoc Subcommittee
– Executive Ad Hoc Subcommittee
– Compliance Evaluation Ad Hoc Subcommittee
– Security and Access Subcommittee Ad Hoc (I was both a Member and Chairman of this ad hoc subcommittee)
– UCR Ad Hoc Subcommittee
Each subcommittee is composed of criminal justice representatives in various policy-making, operational and/or technical roles. These representatives can be subject matter experts in specific criminal justice and/or support-related fields.
Now that you know who make up the APB, the Working Groups and Ad Hoc Subcommittees, next time we’ll talk about how a policy is made, from start to finish.
For those of you who may have watched Saturday morning cartoons from 1973-1985 (I did), you may remember Schoolhouse Rock’s “I’m Just a Bill.” “Bill” will be back, CJIS-style, to help illustrate how CJIS policies are established.
The CJIS Security Policy can be confusing with respect to what agreements are needed when. We know this is true because the lack of properly executed Management Control Agreements and CJIS Security Addenda are always top compliance issues found during FBI and State audits.
The CJIS ACE team can help you and your agency navigate this and any CJIS-related policy or compliance issue. To further discuss how we can help, drop me a line at: firstname.lastname@example.org or give me a call at 850-778-3207.
Until next time, be safe.
Were you forwarded this newsletter and find the content useful? Then please take a few seconds and subscribe to our newsletter.
CJIS ACE is a division at DCI that helps law enforcement agencies comply with the FBI CJIS Security Policy and NCIC requirements. CJIS ACE services are designed to help you be pro-active in strengthening your agency’s information security profile and comply with any other security policies that may be required (e.g. a State or County IT Security Policy). CJIS ACE brings real-world experience at the ready to assist your agency’s personnel in navigating the daunting and complicated path through audits and information security policy compliance.
Let us deal with your audit and compliance hassles…
You already have enough to worry about.