Hey Y’all,

So now that October 1st is in the rearview mirror and you’re starting to realize there are a whole bunch of “Priority 1” controls that need to be addressed, I just want to remind you that there are other things out there. 

I know y’all are thinking, “Larry, we got three years to prepare for those Priority 2, 3, & 4s.”

My response to that is those three years are gonna sneak up on you just like the last two years did with the other controls, so let's talk about them.

One of the new controls that’s coming your way is “PL-2 System Security and Privacy Plans.” This is one of the new controls that really doesn’t have a counterpart in the “old” policy. Essentially, this control requires you to have a plan of how your agency complies with or is going to comply with the CJIS Security Policy (CJISSECPOL).

I want to be frank with y’all. If you're not an IT security guru or some kind of security junkie, you’ve probably never heard of a System Security and Privacy Plan (SSPP). Let me take it one step further, I’ve been focused on the security policy since just before the turn of the century (that statement makes me feel old) and until this topic came out, I hadn’t heard of one. I haven’t needed to know about them until now.

So that last statement might have you wondering, “How can you help me?” 

Well, I’m glad you asked, and the answer is, “That’s my job! To help folks understand the CJISSECPOL.” It really is my passion.

If you’ve been following these newsletters you’ve seen us mention CJIS Insight. That’s CJIS ACE’s interactive compliance tracking software for the CJISSECPOL and it is perfect for your SSPP. Part of an SSPP is to document how you comply with the controls. CJIS Insight has all of the controls in a single application, purpose-built for the CJISSECPOL unlike other applications that can be adapted for that purpose.

Whether you have us go through the policy with you through a CJIS ACE Assessment or you want to try it yourself, CJIS Insight can help you document how you comply with all of the CJISSECPOL controls.  

You can always learn more about what we at CJIS ACE can do for you on our website or send me an email at info@cjisace.com.

Y'all take care,

Larry Coffee