CJIS SECURITY POLICY ARCHIVE

TAC Tricks of the Trade

Hey Everyone,

As summer is quickly approaching (too quickly for us in the South), our CJIS ACE team is in full fledged Conference Season which, lucky for us, means we get the chance to meet and speak with a lot of you in person.  

Lately, we have been meeting a lot of newly appointed TACs. This has inspired me to share some fun tricks of the trade that can help if you’re new to this position, but are also a fun refresher for the more “seasoned” TACs as well.

The Easy Way to Meet the CJIS Security Awareness Training Requirement

Meeting the requirements of any policy, let alone the CJIS Security Policy, can be frustrating, difficult and resource intensive.    

This week we are going to look into how to meet the Security Awareness Training requirements of the CJIS Security Policy in the easiest and most resource-sparing way (both in terms of personnel time and cost $$).

Let’s Agree

Can we agree that “agreements” are a pain? Not having the proper or any agreement in place still ranks in the top ten of FBI and state tech audit issues. The requirement to have them has been around for years, and they’re still a problem.

What Charlie Brown's Teacher Taught Me About Control Agreements

Is it a surprise to anyone that Charlie Brown’s teacher made Time magazine’s list of 10 Bad Teachers?
​
It makes sense that when all you hear is “Wah wah woh wha wha,” there isn’t a whole lot of learning due to a lack of understanding.

Today we’re going to look into Management Control Agreements (MCAs). My goal is to get past the “wah wah woh wha wha” of the CJIS Security Policy and achieve a useful understanding of MCAs.?

Where do all these CJIS policies come from? The inside look at who is involved….

Hello again.

Every couple of weeks I get the pleasure of putting together the CJIS ACE Newsletter for you where I try to impart insight, tips and general knowledge on various aspects of the seemingly endless CJIS policies.  

But…..

Did you ever wonder, “How did they come up with this policy?” or “Why do they require this?”

If I Were Going to be Audited, Who Needs to Be Present and What Documentation Do I Need on Audit Day?

“Funny” story…

You may remember from the last newsletter that the title of this one was supposed to be, “Audit Day: Who Needs to be Present and What Documentation Do I Need?”

Well….very recent “events” have reminded me that email subject lines can be taken out of context and can cause unintended minor panic.

The Benefits of an Incident Response Plan: More Than Just CJIS Security Policy Compliance

A security incident can be classified anywhere from a nuisance to an all out emergency. As such, it is best to be prepared ahead of time so that you and your organization’s staff know the steps to take and who is responsible for what in case of a security incident.

Which of the 20+ Policy/Documentation Requirements of the CJIS Security Policy Do You Have?

Don’t we all love a policy that requires you to have multiple other policies?

Actually, the CJIS Security Policy may require you to have 20+ policies, policy statements or procedure documentation depending upon your agency’s specific technology implementation and use.