Hey Everyone,

Most agencies are familiar with the CJIS Security Policy (CJISSECPOL) requirement that they must maintain an up to date and complete topological diagram drawing depicting the interconnectivity of their agency network to all criminal justice information systems and services.

For a long time this was one of the main technical artifacts auditors looked for in an IT audit, but now there is another artifact you need…a System Component Inventory List (CM-8a)!

This list must:

• Include all components of your CJIS System

• Exclude any duplicates that may be assigned to another system

• Be granular enough so components can be tracked and reported upon

• Be reviewed and updated at least annually and when any system component updates, installations or removals occur

Not sure where to start? We’ve simplified what needs to be included into a two-page reference guide for your team. Just email “Inventory List Guide!” to info@cjisace.com and we’ll send it over to you right away.

While this new requirement may seem daunting, it provides a valuable roadmap for hardware lifecycles and security health. To find out more about how CJIS ACE can help you with your inventory list through our new Technical Security Services (TSS), check out last month’s newsletter, or reach out to info@cjisace.com!

Talk soon,

Rachael VanDeusen