Presentation is loading. Please wait.

Presentation is loading. Please wait.

SLED Certification of 3rd Party NCIC Application Software

Published byBorgar Paulsen Modified over 6 years ago

Similar presentations

Presentation on theme: "SLED Certification of 3rd Party NCIC Application Software"— Presentation transcript:

1 SLED Certification of 3rd Party NCIC Application Software
Tom Rupsis, SLED January 2004

2 Agenda Why Certification? SLED-Vendor Participation Agreement Certification Program Timeline Vendor Obligations Certification Levels Requirements for Compliance Certification Process

3 Agency expectations for SLED guidance Equal opportunity to all vendors
Why Certification? Agency expectations for SLED guidance Equal opportunity to all vendors FBI/CJIS security requirements Helpdesk support Training options Timely updates of vendor software Anything not under the direct control of a criminal justice agency is considered to be “public”. This includes any county or city network on which law enforcement PCs are located. This also includes the “cloud” – the public network maintained by the telecommunications carriers (such as Sprint or BellSouth). All NCIC data must be encrypted when exposed to any “public” network. The agency may have to encrypt from its router to the desktop if those PCs are on non-dedicated networks.

4 SLED-Vendor Participation Agreement
Between SLED and the vendor Effective immediately – all vendors Vendor must agree to certification FBI Security Addendum Fingerprint-based background checks No agreement = No SLED approval of new customers or connections SLED modem policy is more stringent than FBI CJIS. No dial-in is allowed to modems attached to PCs. Dial-in is allowed if agency uses modem pools (RAS) located outside of the perimeter firewall. Modems attached to other network devices, used for service and support, are allowed but must remain disconnected when not in use.

5 Certification Program Timeline
Phased in over next 18 months New Vendors Must certify immediately SLED will not approve any connections Existing Vendors Must certify by June 30, 2005 No new connections approved after deadline

6 Vendor Obligations Letter of Certification No marketing reference to SLED w/o letter Certification withdrawn if vendor defaults No Certification = No contract renewals No Certification = No new customers

7 Certification Levels Two levels: Inquiry-only & Full Function SLED provides list of most commonly used transaction codes Vendor must meet minimum set Vendor may extend to meet business opportunities

8 Requirements for Compliance
Must pass transaction tests Response times meet NCIC specs Helpdesk Inquiry Only : staffed 8 x 5 Full Function : staffed 24 x 7 Training options made available Notify SLED for new or deleted customers

9 Requirements for Compliance (con’t)
Re-certify minor changes within 60 days Re-certify major changes within 180 days FBI Security Addendum on file Employee background checks on file Reimbursement (if any) paid up

10 Requirements for Compliance (con’t)
Encryption Direct Workstation Software – Cisco VPN Foreign Hosts Must encrypt from server to desktop Should use Cisco VPN from server to SLED If unable to use Cisco, SLED approved alternative must be used

11 Certification Process

12 Questions? See Certification Overview Current Vendor Certification Status Vendor Participation Agreement Vendor Certification Request Form FBI Security Addendum

Download ppt "SLED Certification of 3rd Party NCIC Application Software"

Similar presentations

Historically Underutilized Business Program Texas Department of Insurance Special Deputy Receiver Program January 2008.

Historically Underutilized Business Program Texas Department of Insurance Special Deputy Receiver Program January 2008.
IPv6 Deployment CANTO Nate Davis, Chief Operating Officer 13 August 2014.

IPv6 Deployment CANTO Nate Davis, Chief Operating Officer 13 August 2014.
Jennifer Hlad, LEDS & OUCR Trainer LASO 101 – 2013 OREGON STATE POLICE LAW ENFORCEMENT DATA SYSTEMS CRIMINAL JUSTICE INFORMATION SERVICES DIVISION.

Jennifer Hlad, LEDS & OUCR Trainer LASO 101 – 2013 OREGON STATE POLICE LAW ENFORCEMENT DATA SYSTEMS CRIMINAL JUSTICE INFORMATION SERVICES DIVISION.
How To Prepare For A CJIS Audit

How To Prepare For A CJIS Audit
Meraki Mobile Device Management

Meraki Mobile Device Management
ARE YOU SURFING WITHOUT A LIFE JACKET? LOOKING AT THE PROS AND CONS OF WEB BASED SOFTWARE Karen Burkhardt, Mobilitat Software.

ARE YOU SURFING WITHOUT A LIFE JACKET? LOOKING AT THE PROS AND CONS OF WEB BASED SOFTWARE Karen Burkhardt, Mobilitat Software.
INDIVIDUAL MARKET PAYMENT AND ARREARS Assistance Network Program Development.

INDIVIDUAL MARKET PAYMENT AND ARREARS Assistance Network Program Development.
Network security policy: best practices

Network security policy: best practices
1 NTC/TCS Training Dallas 2010 TWO Set-ups Wired and Wireless.

1 NTC/TCS Training Dallas 2010 TWO Set-ups Wired and Wireless.
SNIA/SSIF KMIP Interoperability Proposal. What is the proposal? Host a KMIP interoperability program which includes: – Publishing a set of interoperability.

SNIA/SSIF KMIP Interoperability Proposal. What is the proposal? Host a KMIP interoperability program which includes: – Publishing a set of interoperability.
RI Telecommunications Education Access Fund (RITEAF) RI Department of Education June 12, 2015.

RI Telecommunications Education Access Fund (RITEAF) RI Department of Education June 12, 2015.
1 Amendment 10 People First Overview June 12, 2008.

1 Amendment 10 People First Overview June 12, 2008.
Presentation to the Oversight Board Santa Clara County Auditor-Controller 1.

Presentation to the Oversight Board Santa Clara County Auditor-Controller 1.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, 2014 -WITH THANKS TO.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
Module 9: Designing Network Access Protection. Scenarios for Implementing NAP Verifying the health of: Roaming laptops Desktop computers Visiting laptops.

Module 9: Designing Network Access Protection. Scenarios for Implementing NAP Verifying the health of: Roaming laptops Desktop computers Visiting laptops.
Planning Retreat 2009 Personnel Office Re-cap of 2008-2009 Goals for 2009-2010.

Planning Retreat 2009 Personnel Office Re-cap of Goals for
1 MTAC eVS®/PTS User Group Thursday November 10, 2011.

1 MTAC eVS®/PTS User Group Thursday November 10, 2011.
Louisiana Library Connection Network Update November 2004.

Louisiana Library Connection Network Update November 2004.
When Can You Redact Information Without Requesting an Attorney General Decision? Karen Hattaway Assistant Attorney General Open Records Division Views.

When Can You Redact Information Without Requesting an Attorney General Decision? Karen Hattaway Assistant Attorney General Open Records Division Views.
National Model Scanning Tour “Communications”. The Iowa Department of Public Safety administers a trusted statewide network of servers, PCs, E-mail service.

National Model Scanning Tour “Communications”. The Iowa Department of Public Safety administers a trusted statewide network of servers, PCs, service.

Similar presentations

Ads by Google