Skip to Content
Last modified by Spencer Dobson on 2022/12/19 18:49
From version 3.1
edited by Ryan Larkin
on 2021/04/27 16:43
Change comment: UCJIS mandated change / Spelling
To version 4.1
edited by Spencer Dobson
on 2022/12/19 18:49
Change comment: Approved per Sheriff 12/19/2022.

Summary

Details

Page properties
Author
... ... @@ -1,1 +1,1 @@
1 -XWiki.rlarkin
1 +XWiki.sdobson
Content
... ... @@ -1,26 +1,15 @@
1 1  **Washington County Sheriff's Office
2 -ADMINISTRATIVE DIVISION**
2 +SUPPORT DIVISION**
3 3  Policy Manual
4 4  
5 5  
6 -Volume: AH
7 -Administrative Procedures
8 -Chapter: 01
9 -Technology Use and Protection
6 +Volume: AH Administrative Procedures
7 +Chapter: 01 Technology Use and Protection
10 10  
11 -Replaces and/or Supersedes:
12 -None
13 -Published:
14 -06/08/2015
15 -Review Date:
16 -04/27/2021
9 +Replaces and/or Supersedes: AH 01 04/27/2021
10 +\\Review Date: 12/19/2022
17 17  
18 18  
19 -Sheriff Cory C. Pulsipher
20 -
21 -Undersheriff James Standley
22 -
23 -
24 24  **__TABLE OF CONTENTS__**
25 25  AH 01_101 Definitions
26 26  AH 01_102 General
... ... @@ -45,8 +45,8 @@
45 45  
46 46  **AH 01_101 __DEFINITIONS__**
47 47  
48 -1. Access to Criminal Justice Information: The physical or logical (electronic) ability, right orprivilege to view, modify or make use of Criminal Justice Information.
49 -1. Administration of Criminal Justice: The detection, apprehension, detention, pretrial release,post-trial release, prosecution, adjudication, correctional supervision, or rehabilitation of accused persons or criminal offenders. It also includes criminal identification activities; the collection, storage, and dissemination of criminal history record information; and criminal justice employment.
37 +1. Access to Criminal Justice Information: The physical or logical (electronic) ability, right or privilege to view, modify or make use of Criminal Justice Information.
38 +1. Administration of Criminal Justice: The detection, apprehension, detention, pretrial release, post-trial release, prosecution, adjudication, correctional supervision, or rehabilitation of accused persons or criminal offenders. It also includes criminal identification activities; the collection, storage, and dissemination of criminal history record information; and criminal justice employment.
50 50  1. Agency Controlled Mobile Device: A mobile device that is centrally managed by an agency for the purpose of securing the device for potential access to CJI. The device can be agency issued or BYOD (personally owned).
51 51  1. Authorized User/Personnel: An individual, or group of individuals, who have been appropriately vetted through a national fingerprint-based record check and have been granted access to CJI data.
52 52  1. BCI: Bureau of Criminal Identification (Utah)
... ... @@ -141,7 +141,7 @@
141 141  111. NCIC Code Manual;
142 142  111. User Security Statement and Agreement;
143 143  111. All other policies and procedures by NCIC and BCI.
144 -11. The privacy and security of UCJIS and NCIC files will be emphasized in all training sessions.T
133 +11. The privacy and security of UCJIS and NCIC files will be emphasized in all training sessions.
145 145  11. The WCSO TAC and alternate TACs should attend the mandatory annual BCI TAC Conference. Other WCSO representatives may attend as directed. Information from the conference will be forwarded to all other WCSO staff by the TAC; in compliance with BCI policy.
146 146  
147 147  **AH 01_107 __PASSWORD ATTRIBUTES__**
... ... @@ -150,7 +150,7 @@
150 150  11. Secure password attributes authenticate an individual’s unique ID. Passwords for systems that access CJIS shall:
151 151  111. Be a minimum length of eight (8) characters on all systems;
152 152  111. Not be a dictionary word or proper name;
153 -111. Not be the same as the Userid;
142 +111. Not be the same as the User ID;
154 154  111. Expire within a maximum of 90 calendar days;
155 155  111. Not be identical to the previous ten (10) passwords;
156 156  111. Not be transmitted in the clear outside the secure location;
... ... @@ -193,11 +193,11 @@
193 193  11. Incident Types and Severity based upon affect to operations.
194 194  111. Non-critical incidents
195 195  1111. Type 1 – Isolated incidents of computer viruses and spyware generally handled by antivirus software. Minor system slowdowns or intersystem communication errors.
196 -111. Potentially Critical Incidentsi
185 +111. Potentially Critical Incidents
197 197  1111. Type 2 – Significant system slowdowns or service interruptions. Unusual system behavior that may impact the integrity or continued operation of IT Systems.
198 198  1111. Type 3 – Obvious signs of system penetration, denial of service or damage to physical infrastructure.
199 199  11. Incident reporting
200 -111. All suspected incidents shall be reported by agency members to the IT Manager either throughthe helpdesk system or directly by phone in the event of potentially critical incidents. Reporting members are expected to provide the following information:
189 +111. All suspected incidents shall be reported by agency members to the IT Manager either through the helpdesk system or directly by phone in the event of potentially critical incidents. Reporting members are expected to provide the following information:
201 201  1111. Name and contact information;
202 202  1111. Time of the report;
203 203  1111. Observed nature of the incident;
... ... @@ -296,7 +296,7 @@
296 296  111. Universal Serial Bus (USB drives); and
297 297  111. Other diskettes and tapes.
298 298  11. Studies of disk sanitization indicate that simply deleting files from the media or formatting a hard drive is not sufficient to completely erase data so that it cannot be recovered. These studies generally recommend two methods for disk sanitation:
299 -111. Destruction of the media either by physical force or byelectromagnetic degaussing. Physicaldestruction should be conducted under dual control, and documented.
288 +111. Destruction of the media either by physical force or by electromagnetic degaussing. Physical destruction should be conducted under dual control, and documented.
300 300  111. Disk sanitization, overwriting of all previously stored data in compliance with NIST standards.
301 301  
302 302  **AH 01_115 __TRANSPORTATION OF MEDIA AND CJI__**
... ... @@ -318,7 +318,8 @@
318 318  11. Internet sites containing information that is not appropriate or applicable to WCSO use and which shall not be intentionally accessed include, but are not limited to:
319 319  111. adult forums;
320 320  111. pornography;
321 -111. chat rooms; and
310 +111. chat rooms;
311 +111. Tik Tok; and
322 322  111. similar or related web sites.
323 323  11. Certain exceptions may be permitted with the prior approval of a supervisor as a function of an assignment. Downloaded information shall be limited to messages, mail and data files which shall be subject to audit and review by the WCSO without notice. No copyrighted and/or unlicensed software program files may be downloaded.
324 324  11. Employees shall report any unauthorized access to the system or suspected intrusion from outside sources (including the Internet) to a supervisor and follow the Security Incident Response Plan