Section 02: Nlets Security Policy

From Nlets Wiki
Jump to: navigation, search

Nlets Security Policy

Purpose

The purpose of Nlets is to provide a network for law enforcement, criminal justice and other agencies and organizations to securely exchange information. The nature of the mission and the sensitivity of the data require that security controls be in place to minimize the risk of abuse of Nlets information infrastructure. The Nlets Board and membership have approved many policies to enhance the overall security posture of Nlets. Because the nature of the risks to information is constantly changing, the implementation of a security policy within Nlets must be a constantly changing and living process. In order to maintain these policies and procedures Nlets has developed this document to serve as both guide and directory. This directory will ensure that the information provided is the most current available.

Application to Authorized Users

The Nlets information security policy governs the Principle, Federal, International, and Associate Members that have been provided with Nlets connectivity. The policy shall also apply to all Strategic Partner Organizations, non member agencies, with Nlets connectivity.

CJIS Influence on Policies

Although the FBI's Criminal Justice Information Services (CJIS) has no formal ties with Nlets, there is much commonality between the goals of CJIS and Nlets. Through the Advisory Policy Board, CJIS has developed many policies to control access to, and use of, their information.

Nlets Members

Nlets and all of its member agencies that have a connection to the FBI's CJIS network are required to adhere to the CJIS Security Policy. For these member agencies Nlets shall adopt the CJIS Security Policy as the policy governing the Nlets connection.

Compliance with the CJIS Security Policy is audited by the FBI's Technical Audit Unit (CAU) on a triennial basis. During their audit of the Nlets member agency the FBI's CAU will also examine the physical Nlets connection and related information systems on behalf of Nlets.

Compliance with the FBI CJIS Security Policy as audited by the CAU shall be accepted by Nlets as compliance with the Nlets Information Security Policy. Nlets security staff may perform additional audits at the discretion of Nlets management and the Nlets Board of Directors.

Security Policy

A copy of the CJIS Security Policies can be found at https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center