CJIS Security Policy Resource Center

Home | Requirements Companion Document | Security Control Mapping of CJIS Security Policy | 2022 ISO Symposium Presentations | Use Cases | Links of Importance  | Submit a Question

Download Criminal Justice Information Services (CJIS) Security Policy - Version 5.9.2

Download CJIS_Security_Policy_v5-9-2_20221207 (5).pdf — 6976 KB

[{"dest": {"list": [{"ref": 1}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 1, "sub": [], "pageno": 1, "title": "Executive Summary"}, {"dest": {"list": [{"ref": 3}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 1, "sub": [], "pageno": 2, "title": "Change Management"}, {"dest": {"list": [{"ref": 5}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 1, "sub": [], "pageno": 3, "title": "Summary of Changes"}, {"dest": {"list": [{"ref": 8}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 1, "sub": [], "pageno": 4, "title": "Table of Contents"}, {"dest": {"list": [{"ref": 29}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 1, "sub": [], "pageno": 11, "title": "List of Figures"}, {"dest": {"list": [{"ref": 32}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 1, "sub": [], "pageno": 12, "title": "1 Introduction"}, {"dest": {"list": [{"ref": 32}, {"literal": "XYZ"}, {"number": 70}, {"number": 654}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 12, "title": "1.1 Purpose"}, {"dest": {"list": [{"ref": 32}, {"literal": "XYZ"}, {"number": 70}, {"number": 462}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 12, "title": "1.2 Scope"}, {"dest": {"list": [{"ref": 32}, {"literal": "XYZ"}, {"number": 70}, {"number": 325}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 12, "title": "1.3 Relationship to Local Security Policy and Other Policies"}, {"dest": {"list": [{"ref": 34}, {"literal": "XYZ"}, {"number": 70}, {"number": 686}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 13, "title": "1.4 Terminology Used in This Document"}, {"dest": {"list": [{"ref": 34}, {"literal": "XYZ"}, {"number": 70}, {"number": 481}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 13, "title": "1.5 Distribution of the CJIS Security Policy"}, {"dest": {"list": [{"ref": 36}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 1, "sub": [], "pageno": 14, "title": "2 CJIS Security Policy Approach"}, {"dest": {"list": [{"ref": 36}, {"literal": "XYZ"}, {"number": 70}, {"number": 632}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 14, "title": "2.1 CJIS Security Policy Vision Statement"}, {"dest": {"list": [{"ref": 36}, {"literal": "XYZ"}, {"number": 70}, {"number": 543}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 14, "title": "2.2 Architecture Independent"}, {"dest": {"list": [{"ref": 36}, {"literal": "XYZ"}, {"number": 70}, {"number": 309}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 14, "title": "2.3 Risk Versus Realism"}, {"dest": {"list": [{"ref": 38}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 1, "sub": [], "pageno": 15, "title": "3 Roles and Responsibilities"}, {"dest": {"list": [{"ref": 38}, {"literal": "XYZ"}, {"number": 70}, {"number": 694}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 15, "title": "3.1 Shared Management Philosophy"}, {"dest": {"list": [{"ref": 38}, {"literal": "XYZ"}, {"number": 70}, {"number": 447}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 15, "title": "3.2 Roles and Responsibilities for Agencies and Parties"}, {"dest": {"list": [{"ref": 75}, {"literal": "XYZ"}, {"number": 70}, {"number": 463}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 16, "title": "3.2.1 CJIS Systems Agencies (CSA)"}, {"dest": {"list": [{"ref": 75}, {"literal": "XYZ"}, {"number": 70}, {"number": 376}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 16, "title": "3.2.2 CJIS Systems Officer (CSO)"}, {"dest": {"list": [{"ref": 77}, {"literal": "XYZ"}, {"number": 70}, {"number": 301}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 17, "title": "3.2.3 Terminal Agency Coordinator (TAC)"}, {"dest": {"list": [{"ref": 77}, {"literal": "XYZ"}, {"number": 70}, {"number": 228}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 17, "title": "3.2.4 Criminal Justice Agency (CJA)"}, {"dest": {"list": [{"ref": 77}, {"literal": "XYZ"}, {"number": 70}, {"number": 141}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 17, "title": "3.2.5 Noncriminal Justice Agency (NCJA)"}, {"dest": {"list": [{"ref": 79}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 18, "title": "3.2.6 Contracting Government Agency (CGA)"}, {"dest": {"list": [{"ref": 79}, {"literal": "XYZ"}, {"number": 70}, {"number": 653}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 18, "title": "3.2.7 Agency Coordinator (AC)"}, {"dest": {"list": [{"ref": 79}, {"literal": "XYZ"}, {"number": 70}, {"number": 175}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 18, "title": "3.2.8 CJIS Systems Agency Information Security Officer (CSA ISO)"}, {"dest": {"list": [{"ref": 81}, {"literal": "XYZ"}, {"number": 70}, {"number": 592}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 19, "title": "3.2.9 Local Agency Security Officer (LASO)"}, {"dest": {"list": [{"ref": 81}, {"literal": "XYZ"}, {"number": 70}, {"number": 392}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 19, "title": "3.2.10 FBI CJIS Division Information Security Officer (FBI CJIS ISO)"}, {"dest": {"list": [{"ref": 83}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 20, "title": "3.2.11 Repository Manager"}, {"dest": {"list": [{"ref": 83}, {"literal": "XYZ"}, {"number": 70}, {"number": 639}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 20, "title": "3.2.12 Compact Officer"}, {"dest": {"list": [{"ref": 85}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 1, "sub": [], "pageno": 21, "title": "4 Criminal Justice Information and Personally Identifiable Information"}, {"dest": {"list": [{"ref": 85}, {"literal": "XYZ"}, {"number": 70}, {"number": 675}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 21, "title": "4.1 Criminal Justice Information (CJI)"}, {"dest": {"list": [{"ref": 85}, {"literal": "XYZ"}, {"number": 70}, {"number": 254}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 21, "title": "4.1.1 Criminal History Record Information (CHRI)"}, {"dest": {"list": [{"ref": 87}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 22, "title": "4.2 Access, Use and Dissemination of Criminal History Record Information (CHRI), NCIC Restricted Files Information, and NCIC Non-Restricted Files Information"}, {"dest": {"list": [{"ref": 87}, {"literal": "XYZ"}, {"number": 70}, {"number": 632}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 22, "title": "4.2.1 Proper Access, Use, and Dissemination of CHRI"}, {"dest": {"list": [{"ref": 87}, {"literal": "XYZ"}, {"number": 70}, {"number": 504}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 22, "title": "4.2.2 Proper Access, Use, and Dissemination of NCIC Restricted Files Information"}, {"dest": {"list": [{"ref": 87}, {"literal": "XYZ"}, {"number": 70}, {"number": 171}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 22, "title": "4.2.3 Proper Access, Use, and Dissemination of NCIC Non-Restricted Files Information"}, {"dest": {"list": [{"ref": 87}, {"literal": "XYZ"}, {"number": 70}, {"number": 132}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 22, "title": "4.2.3.1 For Official Purposes"}, {"dest": {"list": [{"ref": 89}, {"literal": "XYZ"}, {"number": 70}, {"number": 673}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 23, "title": "4.2.3.2 For Other Authorized Purposes"}, {"dest": {"list": [{"ref": 89}, {"literal": "XYZ"}, {"number": 70}, {"number": 512}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 23, "title": "4.2.3.3 CSO Authority in Other Circumstances"}, {"dest": {"list": [{"ref": 89}, {"literal": "XYZ"}, {"number": 70}, {"number": 454}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 23, "title": "4.2.4 Storage"}, {"dest": {"list": [{"ref": 89}, {"literal": "XYZ"}, {"number": 70}, {"number": 367}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 23, "title": "4.2.5 Justification and Penalties"}, {"dest": {"list": [{"ref": 89}, {"literal": "XYZ"}, {"number": 70}, {"number": 341}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 23, "title": "4.2.5.1 Justification"}, {"dest": {"list": [{"ref": 89}, {"literal": "XYZ"}, {"number": 70}, {"number": 269}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 23, "title": "4.2.5.2 Penalties"}, {"dest": {"list": [{"ref": 89}, {"literal": "XYZ"}, {"number": 70}, {"number": 197}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 23, "title": "4.3 Personally Identifiable Information (PII)"}, {"dest": {"list": [{"ref": 93}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 1, "sub": [], "pageno": 25, "title": "5 Policy and Implementation"}, {"dest": {"list": [{"ref": 95}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 26, "title": "5.1 Policy Area 1: Information Exchange Agreements"}, {"dest": {"list": [{"ref": 95}, {"literal": "XYZ"}, {"number": 70}, {"number": 637}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 26, "title": "5.1.1 Information Exchange"}, {"dest": {"list": [{"ref": 95}, {"literal": "XYZ"}, {"number": 70}, {"number": 339}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 26, "title": "5.1.1.1 Information Handling"}, {"dest": {"list": [{"ref": 95}, {"literal": "XYZ"}, {"number": 70}, {"number": 164}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 26, "title": "5.1.1.2 State and Federal Agency User Agreements"}, {"dest": {"list": [{"ref": 97}, {"literal": "XYZ"}, {"number": 70}, {"number": 673}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 27, "title": "5.1.1.3 Criminal Justice Agency User Agreements"}, {"dest": {"list": [{"ref": 97}, {"literal": "XYZ"}, {"number": 70}, {"number": 369}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 27, "title": "5.1.1.4 Interagency and Management Control Agreements"}, {"dest": {"list": [{"ref": 97}, {"literal": "XYZ"}, {"number": 70}, {"number": 241}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 27, "title": "5.1.1.5 Private Contractor User Agreements and CJIS Security Addendum"}, {"dest": {"list": [{"ref": 99}, {"literal": "XYZ"}, {"number": 70}, {"number": 467}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 28, "title": "5.1.1.6 Agency User Agreements"}, {"dest": {"list": [{"ref": 99}, {"literal": "XYZ"}, {"number": 70}, {"number": 176}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 28, "title": "5.1.1.7 Outsourcing Standards for Channelers"}, {"dest": {"list": [{"ref": 101}, {"literal": "XYZ"}, {"number": 70}, {"number": 639}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 29, "title": "5.1.1.8 Outsourcing Standards for Non-Channelers"}, {"dest": {"list": [{"ref": 101}, {"literal": "XYZ"}, {"number": 70}, {"number": 484}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 29, "title": "5.1.2 Monitoring, Review, and Delivery of Services"}, {"dest": {"list": [{"ref": 101}, {"literal": "XYZ"}, {"number": 70}, {"number": 356}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 29, "title": "5.1.2.1 Managing Changes to Service Providers"}, {"dest": {"list": [{"ref": 101}, {"literal": "XYZ"}, {"number": 70}, {"number": 270}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 29, "title": "5.1.3 Secondary Dissemination"}, {"dest": {"list": [{"ref": 101}, {"literal": "XYZ"}, {"number": 70}, {"number": 197}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 29, "title": "5.1.4 Secondary Dissemination of Non-CHRI CJI"}, {"dest": {"list": [{"ref": 105}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 31, "title": "5.2 AWARENESS AND TRAINING (AT)"}, {"dest": {"list": [{"ref": 105}, {"literal": "XYZ"}, {"number": 70}, {"number": 623}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 31, "title": "AT-1 POLICY AND PROCEDURES1F"}, {"dest": {"list": [{"ref": 108}, {"literal": "XYZ"}, {"number": 70}, {"number": 583}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 32, "title": "AT-2 LITERACY TRAINING AND AWARENESS"}, {"dest": {"list": [{"ref": 111}, {"literal": "XYZ"}, {"number": 70}, {"number": 481}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 33, "title": "(2) LITERACY TRAINING AND AWARENESS | INSIDER THREAT3F2"}, {"dest": {"list": [{"ref": 111}, {"literal": "XYZ"}, {"number": 70}, {"number": 259}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 33, "title": "(3) LITERACY TRAINING AND AWARENESS | SOCIAL ENGINEERING AND MINING"}, {"dest": {"list": [{"ref": 114}, {"literal": "XYZ"}, {"number": 70}, {"number": 637}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 34, "title": "AT-3 ROLE-BASED TRAINING"}, {"dest": {"list": [{"ref": 122}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 37, "title": "(5) ROLE-BASED TRAINING | PROCESSING PERSONALLY IDENTIFIABLE INFORMATION6F2"}, {"dest": {"list": [{"ref": 122}, {"literal": "XYZ"}, {"number": 70}, {"number": 470}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 37, "title": "AT-4 TRAINING RECORDS"}, {"dest": {"list": [{"ref": 127}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 39, "title": "5.3 Policy Area 3: Incident Response"}, {"dest": {"list": [{"ref": 127}, {"literal": "XYZ"}, {"number": 70}, {"number": 528}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 39, "title": "5.3.1 Reporting Security Events"}, {"dest": {"list": [{"ref": 127}, {"literal": "XYZ"}, {"number": 70}, {"number": 386}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 39, "title": "5.3.1.1 Reporting Structure and Responsibilities"}, {"dest": {"list": [{"ref": 127}, {"literal": "XYZ"}, {"number": 70}, {"number": 361}, {"number": 0.0}], "size": 5}, "level": 5, "sub": [], "pageno": 39, "title": "5.3.1.1.1 FBI CJIS Division Responsibilities"}, {"dest": {"list": [{"ref": 127}, {"literal": "XYZ"}, {"number": 70}, {"number": 129}, {"number": 0.0}], "size": 5}, "level": 5, "sub": [], "pageno": 39, "title": "5.3.1.1.2 CSA ISO Responsibilities"}, {"dest": {"list": [{"ref": 129}, {"literal": "XYZ"}, {"number": 70}, {"number": 505}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 40, "title": "5.3.2 Management of Security Incidents"}, {"dest": {"list": [{"ref": 129}, {"literal": "XYZ"}, {"number": 70}, {"number": 431}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 40, "title": "5.3.2.1 Incident Handling"}, {"dest": {"list": [{"ref": 129}, {"literal": "XYZ"}, {"number": 70}, {"number": 298}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 40, "title": "5.3.2.2 Collection of Evidence"}, {"dest": {"list": [{"ref": 129}, {"literal": "XYZ"}, {"number": 70}, {"number": 226}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 40, "title": "5.3.3 Incident Response Training"}, {"dest": {"list": [{"ref": 129}, {"literal": "XYZ"}, {"number": 70}, {"number": 167}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 40, "title": "5.3.4 Incident Monitoring"}, {"dest": {"list": [{"ref": 133}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 42, "title": "5.4 Policy Area 4: Auditing and Accountability"}, {"dest": {"list": [{"ref": 133}, {"literal": "XYZ"}, {"number": 70}, {"number": 528}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 42, "title": "5.4.1 Auditable Events and Content (Information Systems)"}, {"dest": {"list": [{"ref": 133}, {"literal": "XYZ"}, {"number": 70}, {"number": 352}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 42, "title": "5.4.1.1 Events"}, {"dest": {"list": [{"ref": 135}, {"literal": "XYZ"}, {"number": 70}, {"number": 680}, {"number": 0.0}], "size": 5}, "level": 5, "sub": [], "pageno": 43, "title": "5.4.1.1.1 Content"}, {"dest": {"list": [{"ref": 135}, {"literal": "XYZ"}, {"number": 70}, {"number": 523}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 43, "title": "5.4.2 Response to Audit Processing Failures"}, {"dest": {"list": [{"ref": 135}, {"literal": "XYZ"}, {"number": 70}, {"number": 436}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 43, "title": "5.4.3 Audit Monitoring, Analysis, and Reporting"}, {"dest": {"list": [{"ref": 135}, {"literal": "XYZ"}, {"number": 70}, {"number": 280}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 43, "title": "5.4.4 Time Stamps"}, {"dest": {"list": [{"ref": 135}, {"literal": "XYZ"}, {"number": 70}, {"number": 207}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 43, "title": "5.4.5 Protection of Audit Information"}, {"dest": {"list": [{"ref": 135}, {"literal": "XYZ"}, {"number": 70}, {"number": 148}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 43, "title": "5.4.6 Audit Record Retention"}, {"dest": {"list": [{"ref": 137}, {"literal": "XYZ"}, {"number": 70}, {"number": 686}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 44, "title": "5.4.7 Logging NCIC and III Transactions"}, {"dest": {"list": [{"ref": 139}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 45, "title": "5.5 Policy Area 5: Access Control"}, {"dest": {"list": [{"ref": 139}, {"literal": "XYZ"}, {"number": 70}, {"number": 603}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 45, "title": "5.5.1 Account Management"}, {"dest": {"list": [{"ref": 139}, {"literal": "XYZ"}, {"number": 70}, {"number": 342}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 45, "title": "5.5.2 Access Enforcement"}, {"dest": {"list": [{"ref": 141}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 46, "title": "5.5.2.1 Least Privilege"}, {"dest": {"list": [{"ref": 141}, {"literal": "XYZ"}, {"number": 70}, {"number": 565}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 46, "title": "5.5.2.2 System Access Control"}, {"dest": {"list": [{"ref": 141}, {"literal": "XYZ"}, {"number": 70}, {"number": 398}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 46, "title": "5.5.2.3 Access Control Criteria"}, {"dest": {"list": [{"ref": 141}, {"literal": "XYZ"}, {"number": 70}, {"number": 241}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 46, "title": "5.5.2.4 Access Control Mechanisms"}, {"dest": {"list": [{"ref": 143}, {"literal": "XYZ"}, {"number": 70}, {"number": 598}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 47, "title": "5.5.3 Unsuccessful Login Attempts"}, {"dest": {"list": [{"ref": 143}, {"literal": "XYZ"}, {"number": 70}, {"number": 511}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 47, "title": "5.5.4 System Use Notification"}, {"dest": {"list": [{"ref": 143}, {"literal": "XYZ"}, {"number": 70}, {"number": 143}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 47, "title": "5.5.5 Session Lock"}, {"dest": {"list": [{"ref": 145}, {"literal": "XYZ"}, {"number": 70}, {"number": 617}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 48, "title": "5.5.6 Remote Access"}, {"dest": {"list": [{"ref": 145}, {"literal": "XYZ"}, {"number": 70}, {"number": 288}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 48, "title": "5.5.6.1 Personally Owned Information Systems"}, {"dest": {"list": [{"ref": 145}, {"literal": "XYZ"}, {"number": 70}, {"number": 145}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 48, "title": "5.5.6.2 Publicly Accessible Computers"}, {"dest": {"list": [{"ref": 149}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 50, "title": "5.6 IDENTIFICATION AND AUTHENTICATION (IA)"}, {"dest": {"list": [{"ref": 149}, {"literal": "XYZ"}, {"number": 70}, {"number": 637}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 50, "title": "IA-0 USE OF ORIGINATING AGENCY IDENTIFIERS IN TRANSACTIONS AND INFORMATION EXCHANGES"}, {"dest": {"list": [{"ref": 149}, {"literal": "XYZ"}, {"number": 70}, {"number": 319}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 50, "title": "IA-1 POLICY AND PROCEDURES7F"}, {"dest": {"list": [{"ref": 152}, {"literal": "XYZ"}, {"number": 70}, {"number": 286}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 51, "title": "IA-2 IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS)"}, {"dest": {"list": [{"ref": 154}, {"literal": "XYZ"}, {"number": 70}, {"number": 461}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 52, "title": "(1) IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS) | MULTI-FACTOR AUTHENTICATION TO PRIVILEGED ACCOUNTS8F3"}, {"dest": {"list": [{"ref": 157}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 53, "title": "(2) IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS) | MULTI-FACTOR AUTHENTICATION TO NON-PRIVILEGED ACCOUNTS9F3"}, {"dest": {"list": [{"ref": 157}, {"literal": "XYZ"}, {"number": 70}, {"number": 424}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 53, "title": "(8) IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS) | ACCESS TO ACCOUNTS \u2014 REPLAY RESISTANT10F3"}, {"dest": {"list": [{"ref": 157}, {"literal": "XYZ"}, {"number": 70}, {"number": 233}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 53, "title": "(12) IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS) | ACCEPTANCE OF PIV CREDENTIALS11F3"}, {"dest": {"list": [{"ref": 160}, {"literal": "XYZ"}, {"number": 70}, {"number": 578}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 54, "title": "IA-3 DEVICE IDENTIFICATION AND AUTHENTICATION12F3"}, {"dest": {"list": [{"ref": 160}, {"literal": "XYZ"}, {"number": 70}, {"number": 260}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 54, "title": "IA-4 IDENTIFIER MANAGEMENT"}, {"dest": {"list": [{"ref": 163}, {"literal": "XYZ"}, {"number": 70}, {"number": 517}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 55, "title": "(4) IDENTIFIER MANAGEMENT | IDENTIFY USER STATUS 14F3"}, {"dest": {"list": [{"ref": 163}, {"literal": "XYZ"}, {"number": 70}, {"number": 338}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 55, "title": "IA-5 AUTHENTICATOR MANAGEMENT"}, {"dest": {"list": [{"ref": 214}, {"literal": "XYZ"}, {"number": 70}, {"number": 124}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 77, "title": "(1) AUTHENTICATOR MANAGEMENT | AUTHENTICATOR TYPES"}, {"dest": {"list": [{"ref": 216}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 5, "sub": [], "pageno": 78, "title": "(a) Memorized Secret Authenticators and Verifiers:"}, {"dest": {"list": [{"ref": 231}, {"literal": "XYZ"}, {"number": 70}, {"number": 334}, {"number": 0.0}], "size": 5}, "level": 5, "sub": [], "pageno": 83, "title": "(b) Look-Up Secret Authenticators and Verifiers39F3"}, {"dest": {"list": [{"ref": 240}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 5, "sub": [], "pageno": 87, "title": "(c) Out-of-Band Authenticators and Verifiers40F3"}, {"dest": {"list": [{"ref": 251}, {"literal": "XYZ"}, {"number": 70}, {"number": 480}, {"number": 0.0}], "size": 5}, "level": 5, "sub": [], "pageno": 92, "title": "(d) OTP Authenticators and Verifiers41F3"}, {"dest": {"list": [{"ref": 260}, {"literal": "XYZ"}, {"number": 70}, {"number": 429}, {"number": 0.0}], "size": 5}, "level": 5, "sub": [], "pageno": 96, "title": "(e) Cryptographic Authenticators and Verifiers (including single- and multi-factor cryptographic authenticators, both hardware- and software-based)42F3"}, {"dest": {"list": [{"ref": 269}, {"literal": "XYZ"}, {"number": 70}, {"number": 566}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 100, "title": "(2) AUTHENTICATOR MANAGEMENT | PUBLIC KEY BASED AUTHENTICATION"}, {"dest": {"list": [{"ref": 269}, {"literal": "XYZ"}, {"number": 70}, {"number": 145}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 100, "title": "(6) AUTHENTICATOR MANAGEMENT | PROTECTION OF AUTHENTICATORS"}, {"dest": {"list": [{"ref": 271}, {"literal": "XYZ"}, {"number": 70}, {"number": 595}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 101, "title": "IA-6 AUTHENTICATION FEEDBACK43F3"}, {"dest": {"list": [{"ref": 271}, {"literal": "XYZ"}, {"number": 70}, {"number": 346}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 101, "title": "IA-7 CRYPTOGRAPHIC MODULE AUTHENTICATION 44F3"}, {"dest": {"list": [{"ref": 274}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 102, "title": "IA-8 IDENTIFICATION AND AUTHENTICATION (NON-ORGANIZATIONAL USERS)45F3"}, {"dest": {"list": [{"ref": 274}, {"literal": "XYZ"}, {"number": 70}, {"number": 477}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 102, "title": "(1) IDENTIFICATION AND AUTHENTICATION (NON-ORGANIZATIONAL USERS) | ACCEPTANCE OF PIV CREDENTIALS FROM OTHER AGENCIES46F3"}, {"dest": {"list": [{"ref": 274}, {"literal": "XYZ"}, {"number": 70}, {"number": 305}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 102, "title": "(2) IDENTIFICATION AND AUTHENTICATION (NON-ORGANIZATIONAL USERS) | ACCEPTANCE OF EXTERNAL AUTHENTICATORS47F3"}, {"dest": {"list": [{"ref": 277}, {"literal": "XYZ"}, {"number": 70}, {"number": 653}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 103, "title": "(4) IDENTIFICATION AND AUTHENTICATION (NON-ORGANIZATIONAL USERS) | USE OF DEFINED PROFILES48F3"}, {"dest": {"list": [{"ref": 277}, {"literal": "XYZ"}, {"number": 70}, {"number": 448}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 103, "title": "IA-11 RE-AUTHENTICATION49F3"}, {"dest": {"list": [{"ref": 277}, {"literal": "XYZ"}, {"number": 70}, {"number": 268}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 103, "title": "IA-12 IDENTITY PROOFING50F3"}, {"dest": {"list": [{"ref": 280}, {"literal": "XYZ"}, {"number": 70}, {"number": 489}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 104, "title": "(2) IDENTITY PROOFING | IDENTITY EVIDENCE51F3"}, {"dest": {"list": [{"ref": 280}, {"literal": "XYZ"}, {"number": 70}, {"number": 255}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 104, "title": "(3) IDENTITY PROOFING | IDENTITY EVIDENCE VALIDATION AND VERIFICATION52F3"}, {"dest": {"list": [{"ref": 341}, {"literal": "XYZ"}, {"number": 70}, {"number": 625}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 133, "title": "(5) IDENTITY PROOFING | ADDRESS CONFIRMATION53F3"}, {"dest": {"list": [{"ref": 350}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 137, "title": "5.7 Policy Area 7: Configuration Management"}, {"dest": {"list": [{"ref": 350}, {"literal": "XYZ"}, {"number": 70}, {"number": 692}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 137, "title": "5.7.1 Access Restrictions for Changes"}, {"dest": {"list": [{"ref": 350}, {"literal": "XYZ"}, {"number": 70}, {"number": 591}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 137, "title": "5.7.1.1 Least Functionality"}, {"dest": {"list": [{"ref": 350}, {"literal": "XYZ"}, {"number": 70}, {"number": 519}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 137, "title": "5.7.1.2 Network Diagram"}, {"dest": {"list": [{"ref": 350}, {"literal": "XYZ"}, {"number": 70}, {"number": 293}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 137, "title": "5.7.2 Security of Configuration Documentation"}, {"dest": {"list": [{"ref": 352}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 138, "title": "5.8 MEDIA PROTECTION (MP)"}, {"dest": {"list": [{"ref": 352}, {"literal": "XYZ"}, {"number": 70}, {"number": 651}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 138, "title": "MP-1 POLICY AND PROCEDURES"}, {"dest": {"list": [{"ref": 355}, {"literal": "XYZ"}, {"number": 70}, {"number": 679}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 139, "title": "MP-2 MEDIA ACCESS"}, {"dest": {"list": [{"ref": 355}, {"literal": "XYZ"}, {"number": 70}, {"number": 454}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 139, "title": "MP-3 MEDIA MARKING55F4"}, {"dest": {"list": [{"ref": 358}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 140, "title": "MP-4 MEDIA STORAGE"}, {"dest": {"list": [{"ref": 358}, {"literal": "XYZ"}, {"number": 70}, {"number": 332}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 140, "title": "MP-5 MEDIA TRANSPORT"}, {"dest": {"list": [{"ref": 360}, {"literal": "XYZ"}, {"number": 70}, {"number": 472}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 141, "title": "MP-6 MEDIA SANITIZATION"}, {"dest": {"list": [{"ref": 362}, {"literal": "XYZ"}, {"number": 70}, {"number": 596}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 142, "title": "MP-7 MEDIA USE56F4"}, {"dest": {"list": [{"ref": 367}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 144, "title": "5.9 Policy Area 9: Physical Protection"}, {"dest": {"list": [{"ref": 367}, {"literal": "XYZ"}, {"number": 70}, {"number": 651}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 144, "title": "5.9.1 Physically Secure Location"}, {"dest": {"list": [{"ref": 367}, {"literal": "XYZ"}, {"number": 70}, {"number": 461}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 144, "title": "5.9.1.1 Security Perimeter"}, {"dest": {"list": [{"ref": 367}, {"literal": "XYZ"}, {"number": 70}, {"number": 389}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 144, "title": "5.9.1.2 Physical Access Authorizations"}, {"dest": {"list": [{"ref": 367}, {"literal": "XYZ"}, {"number": 70}, {"number": 317}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 144, "title": "5.9.1.3 Physical Access Control"}, {"dest": {"list": [{"ref": 367}, {"literal": "XYZ"}, {"number": 70}, {"number": 244}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 144, "title": "5.9.1.4 Access Control for Transmission Medium"}, {"dest": {"list": [{"ref": 367}, {"literal": "XYZ"}, {"number": 70}, {"number": 184}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 144, "title": "5.9.1.5 Access Control for Display Medium"}, {"dest": {"list": [{"ref": 369}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 145, "title": "5.9.1.6 Monitoring Physical Access"}, {"dest": {"list": [{"ref": 369}, {"literal": "XYZ"}, {"number": 70}, {"number": 668}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 145, "title": "5.9.1.7 Visitor Control"}, {"dest": {"list": [{"ref": 369}, {"literal": "XYZ"}, {"number": 70}, {"number": 595}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 145, "title": "5.9.1.8 Delivery and Removal"}, {"dest": {"list": [{"ref": 369}, {"literal": "XYZ"}, {"number": 70}, {"number": 536}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 145, "title": "5.9.2 Controlled Area"}, {"dest": {"list": [{"ref": 371}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 146, "title": "5.10 Policy Area 10: System and Communications Protection"}, {"dest": {"list": [{"ref": 371}, {"literal": "XYZ"}, {"number": 70}, {"number": 589}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 146, "title": "5.10.1 Information Flow Enforcement"}, {"dest": {"list": [{"ref": 371}, {"literal": "XYZ"}, {"number": 70}, {"number": 340}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 146, "title": "5.10.1.1 Boundary Protection"}, {"dest": {"list": [{"ref": 373}, {"literal": "XYZ"}, {"number": 70}, {"number": 686}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 147, "title": "5.10.1.2 Encryption"}, {"dest": {"list": [{"ref": 373}, {"literal": "XYZ"}, {"number": 70}, {"number": 559}, {"number": 0.0}], "size": 5}, "level": 5, "sub": [], "pageno": 147, "title": "5.10.1.2.1 Encryption for CJI in Transit"}, {"dest": {"list": [{"ref": 375}, {"literal": "XYZ"}, {"number": 70}, {"number": 672}, {"number": 0.0}], "size": 5}, "level": 5, "sub": [], "pageno": 148, "title": "5.10.1.2.2 Encryption for CJI at Rest"}, {"dest": {"list": [{"ref": 375}, {"literal": "XYZ"}, {"number": 70}, {"number": 323}, {"number": 0.0}], "size": 5}, "level": 5, "sub": [], "pageno": 148, "title": "5.10.1.2.3 Public Key Infrastructure (PKI) Technology"}, {"dest": {"list": [{"ref": 375}, {"literal": "XYZ"}, {"number": 70}, {"number": 192}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 148, "title": "5.10.1.3 Voice over Internet Protocol"}, {"dest": {"list": [{"ref": 377}, {"literal": "XYZ"}, {"number": 70}, {"number": 546}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 149, "title": "5.10.1.4 Cloud Computing"}, {"dest": {"list": [{"ref": 377}, {"literal": "XYZ"}, {"number": 70}, {"number": 140}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 149, "title": "5.10.2 Facsimile Transmission of CJI"}, {"dest": {"list": [{"ref": 379}, {"literal": "XYZ"}, {"number": 70}, {"number": 686}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 150, "title": "5.10.3 Partitioning and Virtualization"}, {"dest": {"list": [{"ref": 379}, {"literal": "XYZ"}, {"number": 70}, {"number": 572}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 150, "title": "5.10.3.1 Partitioning"}, {"dest": {"list": [{"ref": 379}, {"literal": "XYZ"}, {"number": 70}, {"number": 353}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 150, "title": "5.10.3.2 Virtualization"}, {"dest": {"list": [{"ref": 385}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 153, "title": "5.11 Policy Area 11: Formal Audits"}, {"dest": {"list": [{"ref": 385}, {"literal": "XYZ"}, {"number": 70}, {"number": 664}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 153, "title": "5.11.1 Audits by the FBI CJIS Division"}, {"dest": {"list": [{"ref": 385}, {"literal": "XYZ"}, {"number": 70}, {"number": 639}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 153, "title": "5.11.1.1 Triennial Compliance Audits by the FBI CJIS Division"}, {"dest": {"list": [{"ref": 385}, {"literal": "XYZ"}, {"number": 70}, {"number": 497}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 153, "title": "5.11.1.2 Triennial Security Audits by the FBI CJIS Division"}, {"dest": {"list": [{"ref": 385}, {"literal": "XYZ"}, {"number": 70}, {"number": 398}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 153, "title": "5.11.2 Audits by the CSA"}, {"dest": {"list": [{"ref": 387}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 154, "title": "5.11.3 Special Security Inquiries and Audits"}, {"dest": {"list": [{"ref": 387}, {"literal": "XYZ"}, {"number": 70}, {"number": 639}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 154, "title": "5.11.4 Compliance Subcommittees"}, {"dest": {"list": [{"ref": 389}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 155, "title": "5.12 Policy Area 12: Personnel Security"}, {"dest": {"list": [{"ref": 389}, {"literal": "XYZ"}, {"number": 70}, {"number": 595}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 155, "title": "5.12.1 Personnel Screening Requirements for Individuals Requiring Unescorted Access to Unencrypted CJI"}, {"dest": {"list": [{"ref": 391}, {"literal": "XYZ"}, {"number": 70}, {"number": 361}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 156, "title": "5.12.2 Personnel Termination"}, {"dest": {"list": [{"ref": 391}, {"literal": "XYZ"}, {"number": 70}, {"number": 260}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 156, "title": "5.12.3 Personnel Transfer"}, {"dest": {"list": [{"ref": 391}, {"literal": "XYZ"}, {"number": 70}, {"number": 187}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 156, "title": "5.12.4 Personnel Sanctions"}, {"dest": {"list": [{"ref": 397}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 159, "title": "5.13 Policy Area 13: Mobile Devices"}, {"dest": {"list": [{"ref": 397}, {"literal": "XYZ"}, {"number": 70}, {"number": 550}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 159, "title": "5.13.1 Wireless Communications Technologies"}, {"dest": {"list": [{"ref": 397}, {"literal": "XYZ"}, {"number": 70}, {"number": 449}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 159, "title": "5.13.1.1 802.11 Wireless Protocols"}, {"dest": {"list": [{"ref": 399}, {"literal": "XYZ"}, {"number": 70}, {"number": 390}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 160, "title": "5.13.1.2 Cellular Devices"}, {"dest": {"list": [{"ref": 401}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 5, "sub": [], "pageno": 161, "title": "5.13.1.2.1 Cellular Service Abroad"}, {"dest": {"list": [{"ref": 401}, {"literal": "XYZ"}, {"number": 70}, {"number": 605}, {"number": 0.0}], "size": 5}, "level": 5, "sub": [], "pageno": 161, "title": "5.13.1.2.2 Voice Transmissions Over Cellular Devices"}, {"dest": {"list": [{"ref": 401}, {"literal": "XYZ"}, {"number": 70}, {"number": 547}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 161, "title": "5.13.1.3 Bluetooth"}, {"dest": {"list": [{"ref": 401}, {"literal": "XYZ"}, {"number": 70}, {"number": 366}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 161, "title": "5.13.1.4 Mobile Hotspots"}, {"dest": {"list": [{"ref": 403}, {"literal": "XYZ"}, {"number": 70}, {"number": 661}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 162, "title": "5.13.2 Mobile Device Management (MDM)"}, {"dest": {"list": [{"ref": 403}, {"literal": "XYZ"}, {"number": 70}, {"number": 163}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 162, "title": "5.13.3 Wireless Device Risk Mitigations"}, {"dest": {"list": [{"ref": 405}, {"literal": "XYZ"}, {"number": 70}, {"number": 532}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 163, "title": "5.13.4 System Integrity"}, {"dest": {"list": [{"ref": 405}, {"literal": "XYZ"}, {"number": 70}, {"number": 431}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 163, "title": "5.13.4.1 Patching/Updates"}, {"dest": {"list": [{"ref": 405}, {"literal": "XYZ"}, {"number": 70}, {"number": 326}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 163, "title": "5.13.4.2 Malicious Code Protection"}, {"dest": {"list": [{"ref": 405}, {"literal": "XYZ"}, {"number": 70}, {"number": 193}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 163, "title": "5.13.4.3 Personal Firewall"}, {"dest": {"list": [{"ref": 407}, {"literal": "XYZ"}, {"number": 70}, {"number": 556}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 164, "title": "5.13.5 Incident Response"}, {"dest": {"list": [{"ref": 407}, {"literal": "XYZ"}, {"number": 70}, {"number": 277}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 164, "title": "5.13.6 Access Control"}, {"dest": {"list": [{"ref": 407}, {"literal": "XYZ"}, {"number": 70}, {"number": 204}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 164, "title": "5.13.7 Identification and Authentication"}, {"dest": {"list": [{"ref": 407}, {"literal": "XYZ"}, {"number": 70}, {"number": 145}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 164, "title": "5.13.7.1 Local Device Authentication"}, {"dest": {"list": [{"ref": 409}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 165, "title": "5.13.7.2 Advanced Authentication"}, {"dest": {"list": [{"ref": 409}, {"literal": "XYZ"}, {"number": 70}, {"number": 654}, {"number": 0.0}], "size": 5}, "level": 5, "sub": [], "pageno": 165, "title": "5.13.7.2.1 Compensating Controls"}, {"dest": {"list": [{"ref": 409}, {"literal": "XYZ"}, {"number": 70}, {"number": 268}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 165, "title": "5.13.7.3 Device Certificates"}, {"dest": {"list": [{"ref": 411}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 166, "title": "5.14 SYSTEM AND SERVICES ACQUISITION (SA)"}, {"dest": {"list": [{"ref": 411}, {"literal": "XYZ"}, {"number": 70}, {"number": 692}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 166, "title": "SA-22 UNSUPPORTED SYSTEM COMPONENTS57F"}, {"dest": {"list": [{"ref": 414}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 167, "title": "5.15 SYSTEM AND INFORMATION INTEGRITY (SI)"}, {"dest": {"list": [{"ref": 414}, {"literal": "XYZ"}, {"number": 70}, {"number": 686}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 167, "title": "SI-1 POLICY AND PROCEDURES58F"}, {"dest": {"list": [{"ref": 417}, {"literal": "XYZ"}, {"number": 70}, {"number": 666}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 168, "title": "SI-2 FLAW REMEDIATION"}, {"dest": {"list": [{"ref": 420}, {"literal": "XYZ"}, {"number": 70}, {"number": 706}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 169, "title": "(2) FLAW REMEDIATION | AUTOMATED FLAW REMEDIATION STATUS60F5"}, {"dest": {"list": [{"ref": 420}, {"literal": "XYZ"}, {"number": 70}, {"number": 550}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 169, "title": "SI-3 MALICIOUS CODE PROTECTION"}, {"dest": {"list": [{"ref": 423}, {"literal": "XYZ"}, {"number": 70}, {"number": 377}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 170, "title": "SI-4 SYSTEM MONITORING61F5"}, {"dest": {"list": [{"ref": 428}, {"literal": "XYZ"}, {"number": 70}, {"number": 661}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 172, "title": "(2) SYSTEM MONITORING | AUTOMATED TOOLS AND MECHANISMS FOR REAL-TIME ANALYSIS"}, {"dest": {"list": [{"ref": 428}, {"literal": "XYZ"}, {"number": 70}, {"number": 416}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 172, "title": "(4) SYSTEM MONITORING | INBOUND AND OUTBOUND COMMUNICATIONS TRAFFIC"}, {"dest": {"list": [{"ref": 428}, {"literal": "XYZ"}, {"number": 70}, {"number": 416}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 172, "title": "(4) SYSTEM MONITORING | INBOUND AND OUTBOUND COMMUNICATIONS TRAFFIC"}, {"dest": {"list": [{"ref": 428}, {"literal": "XYZ"}, {"number": 70}, {"number": 132}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 172, "title": "(5) SYSTEM MONITORING | SYSTEM-GENERATED ALERTS"}, {"dest": {"list": [{"ref": 430}, {"literal": "XYZ"}, {"number": 70}, {"number": 501}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 173, "title": "SI-5 SECURITY ALERTS, ADVISORIES, AND DIRECTIVES"}, {"dest": {"list": [{"ref": 433}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 174, "title": "SI-7 SOFTWARE, FIRMWARE, AND INFORMATION INTEGRITY63F5"}, {"dest": {"list": [{"ref": 433}, {"literal": "XYZ"}, {"number": 70}, {"number": 422}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 174, "title": "(1) SOFTWARE, FIRMWARE, AND INFORMATION INTEGRITY | INTEGRITY CHECKS5"}, {"dest": {"list": [{"ref": 433}, {"literal": "XYZ"}, {"number": 70}, {"number": 266}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 174, "title": "(7) SOFTWARE, FIRMWARE, AND INFORMATION INTEGRITY | INTEGRATION OF DETECTION AND RESPONSE5"}, {"dest": {"list": [{"ref": 436}, {"literal": "XYZ"}, {"number": 70}, {"number": 645}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 175, "title": "SI-8 SPAM PROTECTION"}, {"dest": {"list": [{"ref": 436}, {"literal": "XYZ"}, {"number": 70}, {"number": 426}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 175, "title": "(2) SPAM PROTECTION | AUTOMATIC UPDATES64F5"}, {"dest": {"list": [{"ref": 436}, {"literal": "XYZ"}, {"number": 70}, {"number": 298}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 175, "title": "SI-10 INFORMATION INPUT VALIDATION5"}, {"dest": {"list": [{"ref": 439}, {"literal": "XYZ"}, {"number": 70}, {"number": 555}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 176, "title": "SI-11 ERROR HANDLING65F5"}, {"dest": {"list": [{"ref": 439}, {"literal": "XYZ"}, {"number": 70}, {"number": 300}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 176, "title": "SI-12 INFORMATION MANAGEMENT AND RETENTION"}, {"dest": {"list": [{"ref": 442}, {"literal": "XYZ"}, {"number": 70}, {"number": 598}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 177, "title": "(1) INFORMATION MANAGEMENT AND RETENTION | LIMIT PERSONALLY IDENTIFIABLE INFORMATION ELEMENTS"}, {"dest": {"list": [{"ref": 442}, {"literal": "XYZ"}, {"number": 70}, {"number": 371}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 177, "title": "(2) INFORMATION MANAGEMENT AND RETENTION | MINIMIZE PERSONALLY IDENTIFIABLE INFORMATION IN TESTING, TRAINING, AND RESEARCH66F5"}, {"dest": {"list": [{"ref": 442}, {"literal": "XYZ"}, {"number": 70}, {"number": 161}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 177, "title": "(3) INFORMATION MANAGEMENT AND RETENTION | INFORMATION DISPOSAL"}, {"dest": {"list": [{"ref": 445}, {"literal": "XYZ"}, {"number": 70}, {"number": 614}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 178, "title": "SI-16 MEMORY PROTECTION67F5"}, {"dest": {"list": [{"ref": 448}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 1, "sub": [], "pageno": 179, "title": "Appendices"}, {"dest": {"list": [{"ref": 450}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 180, "title": "Appendix A TERMS AND DEFINITIONS"}, {"dest": {"list": [{"ref": 478}, {"literal": "XYZ"}, {"number": 70}, {"number": 727}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 194, "title": "Appendix B ACRONYMS"}, {"dest": {"list": [{"ref": 486}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 198, "title": "Appendix C NETWORK TOPOLOGY DIAGRAMS"}, {"dest": {"list": [{"ref": 528}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 204, "title": "Appendix D SAMPLE INFORMATION EXCHANGE AGREEMENTS"}, {"dest": {"list": [{"ref": 530}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 205, "title": "D.1 CJIS User Agreement"}, {"dest": {"list": [{"ref": 548}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 214, "title": "D.2 Management Control Agreement"}, {"dest": {"list": [{"ref": 550}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 215, "title": "D.3 Noncriminal Justice Agency Agreement & Memorandum of Understanding"}, {"dest": {"list": [{"ref": 560}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 220, "title": "D.4 Interagency Connection Agreement"}, {"dest": {"list": [{"ref": 572}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 226, "title": "Appendix E SECURITY FORUMS AND ORGANIZATIONAL ENTITIES"}, {"dest": {"list": [{"ref": 574}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 227, "title": "Appendix F SAMPLE FORMS"}, {"dest": {"list": [{"ref": 576}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 228, "title": "F.1 Security Incident Response Form"}, {"dest": {"list": [{"ref": 579}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 229, "title": "Appendix G BEST PRACTICES"}, {"dest": {"list": [{"ref": 581}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 230, "title": "G.1 Virtualization"}, {"dest": {"list": [{"ref": 589}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 233, "title": "G.2 Voice over Internet Protocol"}, {"dest": {"list": [{"ref": 611}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 244, "title": "G.3 Cloud Computing"}, {"dest": {"list": [{"ref": 648}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 261, "title": "G.4 Mobile Appendix"}, {"dest": {"list": [{"ref": 690}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 282, "title": "G.5 Administrator Accounts for Least Privilege and Separation of Duties"}, {"dest": {"list": [{"ref": 716}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 295, "title": "G.6 Encryption"}, {"dest": {"list": [{"ref": 739}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 305, "title": "G.7 Incident Response"}, {"dest": {"list": [{"ref": 765}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 318, "title": "G.8 Secure Coding"}, {"dest": {"list": [{"ref": 794}, {"literal": "XYZ"}, {"number": 70}, {"number": 745}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 327, "title": "Appendix H SECURITY ADDENDUM"}, {"dest": {"list": [{"ref": 810}, {"literal": "XYZ"}, {"number": 70}, {"number": 745}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 335, "title": "Appendix I REFERNCES"}, {"dest": {"list": [{"ref": 818}, {"literal": "XYZ"}, {"number": 70}, {"number": 745}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 339, "title": "Appendix J NONCRIMINAL JUSTICE AGENCY SUPPLEMENTAL GUIDANCE"}, {"dest": {"list": [{"ref": 834}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 347, "title": "Appendix K CRIMINAL JUSTICE AGENCY SUPPLEMENTAL GUIDANCE"}] {}