Changes for page AH 01 Technology Use and Protection

Last modified by Spencer Dobson on 2022/12/19 18:49

From 1.2 to 2.1

From version 2.1

edited by Ryan Larkin
on 2021/04/03 14:44

Change comment: Added UCA code section to AH 01_103

To version 4.1

edited by Spencer Dobson
on 2022/12/19 18:49

Change comment: Approved per Sheriff 12/19/2022.

Raw
Rendered

Summary

Page properties (2 modified, 0 added, 0 removed)

Details

Page properties

Author

@@ -1,1 +1,1 @@
--XWiki.rlarkin
++XWiki.sdobson

Content

@@ -1,26 +1,15 @@
  **Washington County Sheriff's Office
--ADMINISTRATIVE DIVISION**
++SUPPORT DIVISION**
  Policy Manual
--Volume: AH
--Administrative Procedures
--Chapter: 01
--Technology Use and Protection
++Volume: AH Administrative Procedures
++Chapter: 01 Technology Use and Protection
--Replaces and/or Supersedes:
--None
--Published:
--06/08/2015
--Review Date:
--04/03/2021
++Replaces and/or Supersedes: AH 01 04/27/2021
++\\Review Date: 12/19/2022
--Sheriff Cory C. Pulsipher
--
--Undersheriff James Standley
--
--
  **__TABLE OF CONTENTS__**
  AH 01_101  Definitions
  AH 01_102  General
@@ -45,11 +45,11 @@
  **AH 01_101  __DEFINITIONS__**
--1. Access to Criminal Justice Information:  The physical or logical (electronic) ability, right orprivilege to view, modify or make use of Criminal Justice Information.
--1. Administration of Criminal Justice:  The detection, apprehension, detention, pretrial release,post-trial release, prosecution, adjudication, correctional supervision, or rehabilitation of accused persons or criminal offenders. It also includes criminal identification activities; the collection, storage, and dissemination of criminal history record information; and criminal justice employment.
++1. Access to Criminal Justice Information:  The physical or logical (electronic) ability, right or privilege to view, modify or make use of Criminal Justice Information.
++1. Administration of Criminal Justice:  The detection, apprehension, detention, pretrial release, post-trial release, prosecution, adjudication, correctional supervision, or rehabilitation of accused persons or criminal offenders. It also includes criminal identification activities; the collection, storage, and dissemination of criminal history record information; and criminal justice employment.
 . Agency Controlled Mobile Device:  A mobile device that is centrally managed by an agency for the purpose of securing the device for potential access to CJI. The device can be agency issued or BYOD (personally owned).
 . Authorized User/Personnel:  An individual, or group of individuals, who have been appropriately vetted through a national fingerprint-based record check and have been granted access to CJI data.
--1. BCI:  Bureau of Criminial Indification (Utah)
++1. BCI:  Bureau of Criminal Identification (Utah)
 . CJI:  Criminal justice information.
 . CJIS:  The Criminal Justice Information System administered by the FBI.
 . Computer System:  Shall mean all computers (on-site and portable), hardware, software and resources owned, leased, rented or licensed by the Washington County Sheriff's Office , which are provided for official use by agency employees. This shall include all access to, and use of, Internet Service Providers (ISP) or other service providers provided by or through the agency or agency funding.
@@ -89,6 +89,7 @@
 . Only trained and authorized personnel may disseminate CHRI to the person of record under authority of Right of Access;
 . WCSO users shall not access CJI from publicly accessed computers or publicly accessed wireless networks;
 . UCJIS use will be governed by [[Utah Code Annotated 53-10-108>>https://le.utah.gov/xcode/Title53/Chapter10/53-10-S108.html]].
++11. The BCI Director and the Commissioner of Public Safety will be notified immediately of any suspected misuse of UCJIS files or the data obtained through UCJIS as stated in UCA 53-10-108.
  **AH 01_104  __CJIS SECURITY TRAINING FOR USERS WITH ACCESS__**
@@ -140,7 +140,7 @@
 . NCIC Code Manual;
 . User Security Statement and Agreement;
 . All other policies and procedures by NCIC and BCI.
--11. The privacy and security of UCJIS and NCIC files will be emphasized in all training sessions.T
++11. The privacy and security of UCJIS and NCIC files will be emphasized in all training sessions.
 . The WCSO TAC and alternate TACs should attend the mandatory annual BCI TAC Conference. Other WCSO representatives may attend as directed. Information from the conference will be forwarded to all other WCSO staff by the TAC; in compliance with BCI policy.
  **AH 01_107  __PASSWORD ATTRIBUTES__**
@@ -149,7 +149,7 @@
 . Secure password attributes authenticate an individual’s unique ID. Passwords for systems that access CJIS shall:
 . Be a minimum length of eight (8) characters on all systems;
 . Not be a dictionary word or proper name;
--111. Not be the same as the Userid;
++111. Not be the same as the User ID;
 . Expire within a maximum of 90 calendar days;
 . Not be identical to the previous ten (10) passwords;
 . Not be transmitted in the clear outside the secure location;
@@ -192,11 +192,11 @@
 . Incident Types and Severity based upon affect to operations.
 . Non-critical incidents
 . Type 1 – Isolated incidents of computer viruses and spyware generally handled by antivirus software. Minor system slowdowns or intersystem communication errors.
--111. Potentially Critical Incidentsi
++111. Potentially Critical Incidents
 . Type 2 – Significant system slowdowns or service interruptions. Unusual system behavior that may impact the integrity or continued operation of IT Systems.
 . Type 3 – Obvious signs of system penetration, denial of service or damage to physical infrastructure.
 . Incident reporting
--111. All suspected incidents shall be reported by agency members to the IT Manager either throughthe helpdesk system or directly by phone in the event of potentially critical incidents. Reporting members are expected to provide the following information:
++111. All suspected incidents shall be reported by agency members to the IT Manager either through the helpdesk system or directly by phone in the event of potentially critical incidents. Reporting members are expected to provide the following information:
 . Name and contact information;
 . Time of the report;
 . Observed nature of the incident;
@@ -295,7 +295,7 @@
 . Universal Serial Bus (USB drives); and
 . Other diskettes and tapes.
 . Studies of disk sanitization indicate that simply deleting files from the media or formatting a hard drive is not sufficient to completely erase data so that it cannot be recovered. These studies generally recommend two methods for disk sanitation:
--111. Destruction of the media either by physical force or byelectromagnetic degaussing. Physicaldestruction should be conducted under dual control, and documented.
++111. Destruction of the media either by physical force or by electromagnetic degaussing. Physical destruction should be conducted under dual control, and documented.
 . Disk sanitization, overwriting of all previously stored data in compliance with NIST standards.
  **AH 01_115  __TRANSPORTATION OF MEDIA AND CJI__**
@@ -317,7 +317,8 @@
 . Internet sites containing information that is not appropriate or applicable to WCSO use and which shall not be intentionally accessed include, but are not limited to:
 . adult forums;
 . pornography;
--111. chat rooms; and
++111. chat rooms;
++111. Tik Tok; and
 . similar or related web sites.
 . Certain exceptions may be permitted with the prior approval of a supervisor as a function of an assignment. Downloaded information shall be limited to messages, mail and data files which shall be subject to audit and review by the WCSO without notice. No copyrighted and/or unlicensed software program files may be downloaded.
 . Employees shall report any unauthorized access to the system or suspected intrusion from outside sources (including the Internet) to a supervisor and follow the Security Incident Response Plan