U.S. flag

An official website of the United States government, Department of Justice.

NCJRS Virtual Library

The Virtual Library houses over 235,000 criminal justice resources, including all known OJP works.
Click here to search the NCJRS Virtual Library

Security, Control & Management: Mobile Data in a Multi-Agency/Jurisdiction Environment

NCJ Number
230121
Journal
Law Enforcement Technology Volume: 37 Issue: 2 Dated: February 2010 Pages: 72.74-76
Author(s)
Patrick Tabourin
Date Published
February 2010
Length
4 pages
Annotation
This article discusses what public safety agencies must do to meet various legal and regulatory security compliance rules regarding wireless access to data.
Abstract
The most prominent example of security compliance rules is the FBI's CJIS (Criminal Justice Information Services) Security Policy. The policy applies to any agency that requires access to the FBI's criminal justice information database, whether at the international, Federal, State, or local level. It provides the minimum level of information technology (IT) security requirements determined acceptable for the transmission, processing, and storage of criminal justice data. This article describes the security mechanisms agencies must put into place in order to be compliant with these security requirements. One security requirement is VPN software, preferably a mobile VPN that secures any communication to and from a nonsecure location. In addition, all data must be sent over the air encrypted. Further, user authentication is required to validate mobile users attempting to log onto the network. There must also be an additional two-factor security methodology for validating user identity. In addition to the aforementioned general security requirements, agencies must ensure that CJIS-related data are sent on a separate VLAN from the one sent for other agencies. Similarly, administrators without the credentials to access CJIS information should not be able to manage these areas. The article also outlines the security requirements when multiple groups share the common system and are potentially subject to other rules. The article concludes with descriptions of policy management capabilities within mobile VPN, which are the key for agencies to better control and manage their mobile data environment. These capabilities include high-level routing policies, group policy management, and user-specific rules.