FREE e-Newsletter
Important News - Hot Topics
Get them Now!

Cobalt Software Platform - Mark43
Mark43's Cobalt software platform unites a set of law enforcement tools securely...

No upcoming webinars scheduled

Ask The Expert

Submit your question here

Q. Should cities place the person responsible for CJIS compliance or cyber security of systems in the city under the direction of the police department?

Section 3 of the FBI-CJIS Security Policy defines Roles and Responsibilities for an agency. With regard to this specific question, the answer is that the responsibility for this can be in either department. There are a few more roles outlined in this section that indicate a staff role assignment within an agency, etc., however, the role of CJIS Systems Agency Information Security Officer (CSA ISO) noted in Section 3.2.8 does not prohibit the role from going to an IT security person as you describe. The same can be said for the role you inquire about, the Local Agency Security Officer (LASO) in Section 3.2.9. Each of these roles has differences in responsibility and may be held by the same person.

The role is best filled with the person who has the high level working knowledge of the networks, systems application and appropriate use requirement with the authority to impact carrying out the policy over the users, application development, networks, etc. This is best determined through discussion with the agency head who has been given responsibility and access privileges to FBI-CJIS Systems and FBI CJI Criminal Justice Information and the IT department, to determine who can carry out the responsibilities effectively with the expectations for compliance. As IT has gotten more complex this often requires a collaborative effort between IT and the persons responsible for the user community. The CJIS Information Security Officer role is an administrative position that ensures policy compliance across business lines that encompass the users and IT assets. Cybersecurity requires is a specific skill set requiring much more day-to-day technical expertise.

Mark Rivera

Mark Rivera

FBI-CJIS Security Policy Compliance Officer

Mark Rivera, Customer Retention Manager and CJIS Security Compliance Officer with Vigilant Solutions, served for sixteen years with the Maryland State Police, retiring at the rank of First Sergeant with thirteen of those years at the supervisory and command level. He holds a Master of Science Degree in Management from The Johns Hopkins University and Secret clearance through the FBI, Baltimore.

Be the first to comment on this story

POLICE Magazine does not tolerate comments that include profanity, personal attacks or antisocial behavior (such as "spamming" or "trolling"). This and other inappropriate content or material will be removed. We reserve the right to block any user who violates this, including removing all content posted by that user.

Other Recent Questions

What are the biggest challenges in small rural communities for law enforcement?
With regard to security compliance the biggest challenges would be staffing and...
Is case and incident information I exchange by voice over my ePTT system (Kodiak) subject to CJIS requirements for encryption and authentication?
The short answer is “No”. Case and incident information would be generated by...
What is the certification process for vendors?
In short, there isn’t one. I wrote a whitepaper recently covering this topic, among...

Police Magazine