CJIS Made Easy: A CJIS Checklist for AuthAnvil
If you haven't seen it yet, we've written a new whitepaper called “CJIS Made Easy: A CJIS Checklist for AuthAnvil.” This whitepaper is all about policy areas in CJIS that AuthAnvil can help to address.
Here’s a preview of the eBook:
Policy Area 5.5 Access Control
“Access control provides the planning and implementation of mechanisms to restrict reading, writing, possessing and transmission of CJIS information...”
The information CJIS has is confidential; therefore, it must be protected and restricted from access to anyone except those whose access has been approved. Access control in this sense means ensuring that only people who need access to CJIS data for their job can access it, and that they are using their access privileges appropriately.
The critical requirements of this policy area are that:
- Agencies must create and manage user accounts which can access CJIS data. This requires the agencies to be able to limit the access of both individual users, and groups of users, to only what they need to know.
- Agencies must be able to promptly update these accounts when a user’s role changes or disable the accounts when the user is terminated.
- Systems used to access CJIS data must enforce these different levels of access, only granting access to those who are authorized.
- Systems must lock out any user after no more than five unsuccessful login attempts. The lockout must last for at least a ten minute period in these cases.
- Systems must automatically lock after no longer than thirty minutes of inactivity, after which they must re-authenticate themselves.
- Agencies must authorize, control, and monitor all forms of remote access to CJIS data.