53 - COMMUNICATION SECURITY MANUAL

I. COMMUNICATION SECURITY General Order #53 MANUAL Effective: 7/11/2023 CFA APPROVED: CHIEF CARLOS NORIEGA POLICY Below is the Security Policy for the Communication Unit. Please note that it remains in the format approved by FDLE for Audit Purposes. TABLE OF CONTENTS Introduction 3 Purpose 3 Scope 4 Section 1- Personally Identifiable Information (PII) 5 Section 2- Personnel Screening And Sanctioning Process 5 Section 3- Information Exchange 6 Section 4- Information Handling 6 Section 5- Incident Response 7 Section 6- Account Management 9 Section 7-System Access Control for Multiple Concurrent Sessions 12 Section 8- Remote Access 12 Section 9- Identification and Authentication 13 Section 10- Media Protection 14 Section 11- Physical Protection 15 Section 12- Encryption 16 Section 13- Voice Over Internet Protocol (VOIP) 17 Section 14- Patch Management 17 Section 15- Security Alerts and Advisories 17 Section 16- Wireless Usage Restrictions/Logs/Devices 18 Section 17-Bluetooth 19 Section 18- WiFi Logs 19 Section 19-Personnel Sanctions 19 Section 20- Telephone And Radio Recordings 20 INTRODUCTION PURPOSE The purpose of this security policy is to incorporate sound, appropriate security measures and provide guidelines for personnel to include personal issues and police department-issued equipment such as, but not limited to, computers, cellular phones, and other mobile communication devices. This policy also is designed to dictate physical and virtual security measures designed to protect and ensure the integrity of sensitive information that may be shared, exchanged, or viewed by Village or police personnel with regard to information technology resources and handling of criminal justice information (CJI). Information security measures for North Bay Village are intended to: • Protect valuable information assets • Preserve the privacy of employees, associates, and vendors • Protect the legal liability of North Bay Village All measures cited in this manual are designed to be compliant with current FBI security guidelines and mandates in accordance with the CJIS Security Policy (CSP). These mandates are designed to protect the employees of North Bay Village from possible sanctions, including legal consequences. SCOPE This policy applies to all North Bay Village personnel, to include Village administrators, employees, contractors, and subcontractors. The policy also covers any form of medium, covering the past, present, and future practices, actions, and communication so that they are in compliance with, at minimum, the FBI CJIS Security Policy. Any and all creations, processing communications, and disposal of departmental information by any combination of methods are covered within this policy. It is to be enforced and understood that information considered to be “Official” must be evaluated and protected against all forms of unauthorized access, use, disclosure, or unsupervised destruction. Each division and staff unit is required to determine, in compliance with and according to (e.g., information security guidelines, FDLE User Agreement mandates, Internal Audits) proper levels of protection of CJI as well as public records information and to implement proper and necessary safeguards. Security controls must be applied consistently with the value of the information to North Bay Village. Information that is considered to be critical and/or sensitive must follow Criminal Justice Information Services (CJIS) and Florida State Statute guidelines. Section 1-Personally Identifiable Information (PII) Personal identifiers include social security numbers, driver’s license numbers, fingerprint records, date of birth, place of birth, and mother’s maiden name. This information shall be kept confidential and is not to be shared unless it is within the law enforcement community or for specific employment screening purposes. Dissemination of personal identifiers may only be made in accordance with policy established by state and federal guidelines. PII may only be collected for the administration of official law enforcement purposes. Printing: If personal identifiers are to be printed, the information must be kept in a secure location not accessible by the public and only viewed by authorized personnel. Agency members may not make duplicate copies of documents containing PII. Additionally, any document containing PII may not be downloaded to any personally owned devices such as mobile phones, tablets, or unencrypted removable media.