SGSC Police Department CJI Media Protection Policy 2024 PDF

**SGSC POLICE DEPARTMENT** -- -------- 050121 -- -------- The intent of the Media Protection Policy is to ensure the protection of the Criminal Justice Information (CJI) until such time as the information is either released to the public via authorized dissemination or is purged or destroyed in accordance with applicable record retention rules. **1102.00 SCOPE** **1102.01 DEFINITIONS** **1102.02 USER ACCOUNTS/ACCESS VALIDATION** 1. review all accounts systems that contain Criminal Justice Information periodically and at least annually to ensure that access and account privileges commensurate with job functions, need-to-know, and employment status; 2. 3. 4. 5. 6. 7. 8. 9. Cooperate fully with an authorized security team that is investigating a security incident or performing an audit review. **1102.03 COMMERCIAL DISSEMINATION** **1102.04 MEDIA STORAGE AND ACCESS** 1. Securely store electronic and physical media within a secure area. A secured area includes a locked drawer, cabinet, or room. 2. Restrict access to electronic and physical media to authorized individuals. 3. Ensure that only authorized users remove printed or digital media from the CJI. 4. Physically protect CJI until media end of life. End of life CJI is destroyed or sanitized using approved equipment, techniques, and procedures. 5. Not use personally owned information system to access, process, store or transmit CJI. 6. Not utilize publicly accessible computers to access, process, store or transmit CJI. Publicly accessible computers include but are not limited to hotel business center computers, convention center computers, public library computers, etc. 7. Store all hardcopy CJI printouts maintained by the SGSC Police Department in a secure area accessible to only those employees whose job function require them to handle such documents. 8. Safeguard all CJI against possible misuse by complying with all CJI policies. 9. Take appropriate action when in possession of CJI while not in a secure area: 1. When CJI is at rest (i.e. stored electronically) outside the boundary of the physically secure location, the data shall be protected using encryption. Storage devices include external hard drives from computers, printers and copiers used with CJI. In addition, storage devices include thumb drives, flash drives, back-up tapes, mobile devices, laptops, etc. 2. When encryption is employed, the cryptographic module used shall be certified to meet FIPS 140-2 standards. 10. Lock or log off computer when not in immediate vicinity of work area to protect CJI. Not all personnel have same CJI access permissions and need to keep CJI protected on a need-to-know basis. 11. Establish appropriate administrative, technical, and physical safeguards to ensure the security and confidentiality of CJI. **1102.05 MEDIA TRANSPORT** 1. The other agency is an Authorized Recipient of such information and is being serviced by the accessing agency or 2. The other agency is performing personnel and appointment functions for criminal justice employment applicants. 1. Protect and control electronic and physical media during transport outside of controlled areas. 2. Restrict the pickup, receipt, transfer and delivery of such media to authorized personnel. 3. Control, protect and secure electronic and physical media during transport from public disclosure by: A. Use of privacy statements in electronic and paper documents. B. Limiting the collection, disclosure, sharing and use of CJI. C. Following the least privilege and role-based rules for allowing access. Limit access to CJI to only those people or roles that require access. D. Securing hand delivered confidential electronic and paper documents by: 1. Only viewing or accessing the CJI electronically or document printouts in a physically secure location by authorized personnel. 2. No hard copies will be mailed. 3. Package hard copy printouts in such a way as to not have any CJI information viewable. 4. Not taking CJI home or when traveling unless authorized by the SGSC Police Department LASO. When disposing of CJI documents, a shredder will be used. **1102.06 ELECTRONIC MEDIA SANITIZATION AND DISPOSAL** **1102.07 BREACH NOTIFICATION AND INCIDENT REPORTING** **1102.08 ROLES AND RESPONSIBILITIES** 1. SGSC Police Department personnel shall notify the Chief of Police, the TAC and the LASO and an incident-report form must be completed and submitted within 24 hours of discovery of the incident. The submitted report is to contain a detailed account of the incident, events leading to the incident and steps taken/to be taken in response to the incident. 2. The supervisor will communicate the situation to the LASO to notify of the loss or disclosure of CJI records. 3. The LASO will ensure the CJIS System Agency Information Security Officer (CSA ISO) is promptly informed of security incidents. 4. The CSA ISO will: A. Establish a security incident response and reporting procedure to discover, investigate, document and report to the CSA, the affected criminal justice agency and the FBI CJIS Division ISO major incidents that significantly endanger the security or integrity of CJI. B. Collect and disseminate all incident-related information received from the Department of Justice (DOJ), FBI CJIS Division and other entities to the appropriate local law enforcement POCs within their area. C. Act as a single POC for their jurisdictional area for requesting incident response assistance. **1102.09 SANCTIONS** **Contact Information** **NAME** **PHONE** **EMAIL** ----------------- ---------------- -------------- --------------------------- **LASO** Jimmy Harper 912.260.4314 **TAC** Rodney Davison 912.260.4489 **State C/ISO** Alfred Barker 706-583-2400 alfred.barker\@usg.edu

SGSC Police Department CJI Media Protection Policy 2024 PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue