Florida City PD Agency Full Policy

Table of Contents : Relationship Policy ……... …………………………………………………………………………………………………………………………………………………… . 2 Personally Identifiable Information (PII) …………………………………………………………………………………………………………………………... 2 Information Exchange ……………………………………………………………………………………………………………………………………………………….. 3 Information Handling ……………………………………………………………………………………………………………………………………………………….. 3 Incident Response ………………………………………………………………………………………………………………………………………………….………….. 4 Account Management ………………………………………………………………………………………………………………………………………………………… 5 System Access Control ……………………………………………..………………………………………………………………………………………………………… 7 Remote Access …………………………………………………………………………………………………………………………………………………………………… 7 Personally Owned Information Systems …………………………………… ………………………………………………………………………………………… 8 Authentication Strategy ……………………………………………………………………………………………………………………………………………………… 8 Authenticator Management …………………………………………………………………………………………………………………………………… …………… 9 Advanced A uthentication…. ………………………………………………………………………………………………………………………………………………… 9 Media Protection ………………………………………………………………………………………………………………………………………………………………… 10 Electronic Media Sanitization and Disposal ……………………………………………………………………………………………………………………..…… 10 Disposal of Physical Media …………………………………………………………………………………………………………………………………………………… 11 Physic al Protection ………………………………………………………………………………………………………………………………………… ………… ………… 11 Encryption ……………………………………………………………………………………………………………………………………………………………………...…… 11 Voice over Internet Protocol ……………………………… ………………………………………………………………………………………………………………… 12 Patch Management …………………………………………………………………………………………………………………………………………………………….… 12 Security Alerts and Advisories …………………………………………………………………………………………………… ………………………………………… 13 Wireless Access Restrictions ………………………………………………………………………………………………………………………………………………… 13 Bluetooth …………………………………………………………………………………………………………………………………………………………………………..… 14 Personnel Sanctions …………………………………………………………………………………………………………………………………………………………..… 14 Policy and Procedures for CJIS Compliance FLORIDA CITY POLICE DEPARTMENT 404 W Palm Dr, Florida City, FL 33034 T. 305.247. 8223 RELATIONSHIP POLICY The overriding goal of this policy is to comply with the CJIS Security Policy requirements. Due to the evolving nature of the CJIS Security Policy, it is necessary to separately communicate the requirements of the CJIS Security Policy as they are developed and enhanced. These additional requirements are intended to be an enhancement to the existing Standard Operating Procedures of Florida City Police Department . The Agency shall adhere, at a minimum, to the CJIS Security Policy. While the Agency may augment or increase the standards, it cannot detract from the minimum requirements set forth by the FBI CJIS Security Policy. PERSONALLY IDENTIFIABLE INFORMATION (PII) PII Personally Identifiable Information (PII) – is any information pertaining to an individual that can be used to distinguish or trace a person’s identity. PII is defined as any one or more o f types of information including, but not limited to: 1. Social security number 2. Username and password 3. Passport number 4. Credit card number 5. Clearances 6. Banking information 7. Biometrics 8. Data and place of birth 9. Mothers maiden name 10. Criminal, medical and financial records 11. Educational transcripts 12. Photos and video including any of the above All electronic files that contain PII will reside within the Agency’s physically secure location. All physical files that contain PII will resid e within a locked file cabinet or room when not being actively viewed or modified. PII is not to be downloaded to workstations or mobile devices (such as laptops, personal digital assistants, mobile phones, tablets or removable media) or to systems outside the protection of the Agency. PII will also not be sent through any form of insecure electronic communication as significant security risks emerge when PII is transferred from a secure location to a less secure location or is disposed of improperly. When disposing of PII the physical or electronic file should be shredded or securely deleted. All disposal of PII will be done by authorized Agency personnel. All PII will be collected only when there is a legal authority and it is necessary to conduct Agency duties. Access to PII is only conducted when the information is needed to conduct Agency official duties and should only be utilized for official purposes. Agency members will not create duplicate copies of documents that contain PII and will destroy the d ocuments when no longer needed. When PII is extracted from a document Agency members may only target the PII that is required for the task. PII that is extracted shall not be retained beyond the records retention rules for the data and the system it was ac cessed from. PII shall not be stored or transmitted via personally owned devices. PII may not be taken home by any Agency member. INFORMATION EXCHANGE Criminal Justice Information is the term used to refer to all of the FBI CJIS provided data necessary for law enforcement and civil agencies to perform their missions including, but not limited to biometric, identity history, biographic, property, and case/incident history data. The following categories of CJI describe the variou s data sets housed by the FBI CJIS architecture: 1. Biometric Data —data derived from one or more intrinsic physical or behavioral traits of humans typically for the purpose of uniquely identifying individuals from within a population. It is used to identify individuals, to include: fingerprints, palm prints, iris scans, and facial recognition data. 2. Identity History Data —textual data that corresponds with an individual’s biometric data, providing a history