We are beginning an upgrade of our computer-aided dispatch (CAD) and Mobile systems for the Mesa Police Dept (PD) and the Mesa Fire Dept (FD). Both the PD and FD use a shared CAD system. Because it's a shared system, a major issue we are having is trying to define, specifically, what needs to be done with the CAD/Mobile from a FBI CJIS Security perspective - i.e. what configuration, both software security and/or infrastructure, must be in place to meet CJIS Security compliance?
We want to be able to share as much information and use as many features/functionality as possible, while also staying in compliance with the FBI CJIS Security Policy. The Policy is rather vague when it comes to this issue, and doesn't provide specific details for configuration guidance. Many other agencies use a shared CAD system (PD and FD), and must have/had this issue, but we are unable to locate any published guidelines, case studies, or other documentation on this issue.
Therefore, we would like to request this TA to gather information regarding the configuration of CAD/Mobile from other agencies that use a shared (Law Enforcement and Fire/EMS) system to answer the following questions (suggested list - perhaps the TA provider will be able to assist in formulating these questions):
SOFTWARE
1) What CAD software application configurations did you include to address FBI CJIS Security Policy rules? (Include specifics regarding security configurations, user rights, user group rights, etc.)
2) What Mobile software application configurations did you include to address FBI CJIS Security Policy rules? (Include specifics regarding security configurations, user rights, user group rights, etc.)
3) Is your software configuration designed to meet or exceed the FBI CJIS Security Policy rules?
INFRASTRUCTURE
4) What infrastructure configurations did you include to address FBI CJIS Security Policy rules? (Include specifics regarding security, architecture, domains, networks, etc.)
5) Is your infrastructure configuration designed to meet or exceed the FBI CJIS Security Policy rules?
Please check the box next to the following questions if the answer is 'yes'.
Please enter the applicable Event Date if there is an Event associated with this TTA.
When entering an Event Date, the Time is also required.
Please respond to the Performance Metrics below. The Performance Metrics questions are based on the TTA Type indicated in the General Information section of the TTA.