Questions and Answers
Which of the following is true regarding access to criminal justice information (CJI) systems via wireless devices?
It must be done through the agency-provided VPN for secure access
What is the agency's policy on personal use of the wireless network?
It is prohibited
What is the requirement for passwords for access to the information system?
They must adhere to agency requirements for length, complexity, expiration, and uniqueness
What is the agency's policy on reporting incidents involving loss, compromise, or loss of control of mobile devices?
Signup and view all the answers
What is the agency's policy on access control mechanisms for CJI and information systems?
Signup and view all the answers
What is the agency's policy on physical and logical security measures?
Signup and view all the answers
What is the agency's policy on patch management for CJI information systems?
Signup and view all the answers
What is the agency's policy on up-to-date operating system security patches for agency-owned devices?
Signup and view all the answers
What is the agency's policy on access to physically secure locations?
Signup and view all the answers
Which of the following is NOT allowed when using the agency's wireless network?
Signup and view all the answers
What must users do if they experience any incidents involving loss, compromise, or loss of control of mobile devices?
Signup and view all the answers
What kind of access control mechanisms are in place to restrict access to CJI and modify information systems, applications, and communication configurations?
Signup and view all the answers
What are the requirements for passwords used to access the information system?
Signup and view all the answers
What is the agency's policy on user IDs?
Signup and view all the answers
What is the purpose of the patch management policy?
Signup and view all the answers
What is the City of Port St. Lucie IT Department's patch management procedure?
Signup and view all the answers
What must be installed on all workstations, mobile devices, and servers owned by the agency?
Signup and view all the answers
What kind of access authorizations are in place for physically secure locations?
Signup and view all the answers
Study Notes
Agency Policies for Information System Access and Protection
-
The agency has implemented a wireless network for daily operations, but it is only for agency information and systems.
-
Access to criminal justice information (CJI) systems is not allowed via wireless devices, and must be done through the agency-provided VPN for secure access.
-
The IT department will monitor and audit all connections and logs associated with devices and systems accessing CJI.
-
Personal use of the wireless network or attempts to modify any hardware, software, or network devices in place within the agency is prohibited.
-
Users must report any incidents involving loss, compromise, or loss of control of mobile devices to the LASO immediately.
-
Access control mechanisms are in place to restrict access to CJI and modify information systems, applications, and communication configurations.
-
The agency maintains management of all information system accounts and validates them annually.
-
Passwords for access to the information system must adhere to agency requirements for length, complexity, expiration, and uniqueness.
-
User IDs are assigned by the Police Department/City System Administrator and must not be shared or installed with boot-up passwords.
-
All digital and physical media containing CJI must be securely stored, transported, sanitized, and disposed of, with access restricted to authorized personnel only.
-
Physical and logical security measures apply to all agency processes, data, information systems and components, and personnel.
-
Perimeter security and physical access authorizations are in place for physically secure locations, with access granted via proximity card/key/pin code.Access Control and Patch Management Policy for CJI Information Systems
-
The policy outlines access control measures for physical, transmission, and display mediums to ensure that unauthorized individuals cannot access or view CJI.
-
Physical access to the server room is strictly controlled and monitored, with only authorized personnel allowed unescorted access.
-
Visitor control measures are in place, with non-authorized individuals escorted at all times and required to provide identification and sign in prior to being escorted within the facility.
-
Delivery and removal of information system related items are only allowed by authorized personnel, with escorted access for authorized vendors.
-
Physical and logical protection applies to all facilities housing CJI information systems or components, including data centers and physical storage areas.
-
The agency employs a patch management policy that requires the most recent security patches to be installed as soon as practical, with exceptions made only when immediate application would interfere with operational requirements.
-
Security patches are evaluated individually, validated as legitimate vendor patches, and installed on an "as-needed" basis.
-
Standard security principles of least required access and non-privileged accounts are recommended.
-
The City of Port St. Lucie IT Department has centralized, automated patch management procedures with roll back capability.
-
All workstations, mobile devices, and servers owned by the agency must have up-to-date operating system security patches installed.
-
Workstations, desktops, and laptops have automatic updates enabled for operating system patches.
-
Current agency servers have minimum baseline requirements for operating system levels, service packs, hotfixes, and patch levels.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
