Is case and incident information I exchange by voice over my ePTT system (Kodiak) subject to CJIS requirements for encryption and authentication?

The short answer is “No”. Case and incident information would be generated by the police agency responding to the call and most of the time this is transmitted over the radio dispatch which is accessible to the public via scanners or Web streaming.

Mark Rivera New 1 130x80 Headshot

The short answer is “No”. Case and incident information would be generated by the police agency responding to the call and most of the time this is transmitted over the radio dispatch which is accessible to the public via scanners or Web streaming. However, some agencies voluntarily choose to use and comply with the FBI-CJIS Security Policy standards, so it is best to check with your Local Agency CJIS Information Security Officer (LASO). According to the definition found in Section 4.1 of the CJIS Security Policy; “Criminal Justice Information (CJI) Criminal Justice Information is the term used to refer to all of the FBI-CJIS provided data necessary for law enforcement and civil agencies to perform their missions, including but not limited to: biometric, identity history, biographic, property, and case/incident history data.” The key term is “FBI-CJIS Provided Data;” moreover the Restricted Files would need to be protected under the CJIS Security Policy. This is similar to the approach with which my company handles the license plate reader (LPR) solution it offers to the market; LPR scans are not required to comply with FBI-CJIS Security Policy as they do not contain biometric, identity history, biographic, property or case/incident data, nor is this data provided by FBI-CJIS. But because LPR hotlist data may meet these standards, we apply the same standards to our entire system as a best practice.

About the Author
Mark Rivera New 1 130x80 Headshot
FBI-CJIS Security Policy Compliance Officer
View Bio