MOBILITY AND CJIS SECURITY - NetMotion Software
MOBILITY AND CJIS SECURITYMeeting Requirements for AdvancedAuthentication and Encryptionwww.NetMotionWireless.com
NETMOTION MOBILITY AND CJIS SECURITYMatching Needs with SolutionsCriminal Justice Information Services (CJIS) security policymandates minimum security procedures for all law enforcementagencies using wireless technology to connect to the federalsystem. The NetMotion Mobility mobile VPN is widely used in lawenforcement, and can be used to comply with CJIS requirementsfor mobile device access.CJIS security policy version 5.2 section 5.6 calls for the useof advanced authentication methods – authentication basedon additional factors beyond simple user name/passwordauthentication. All newly procured or upgraded systems thatconnect to CJIS via wireless networks, the Internet or dial-upmust meet the standards. Existing systems must comply by 2013,although CJIS recommends agencies not delay putting measures inplace to meet the requirements as soon as possible. Public safetyagencies that use Mobility have the flexibility to implement any ofthe advanced authentication methods.Mobility can be used to comply with CJIS requirementsfor mobile device access.Low-cost, Standards-based ApproachTo assist with complying with the CJIS advanced authentication directive,NetMotion Wireless has created the Advanced Authentication Alliance certifying interoperability between Mobility and many leading authenticationsolutions. For more information on the advanced authentication alliance,see px,NetMotion has adopted a low-cost approach for implementing a fully compliant, secure system so that agencies maycomply without significant new budget outlays, and it is based on widely available, industry standards.www.NetMotionWireless.com2
NETMOTION MOBILITY AND CJIS SECURITYAdvanced Authentication Methods SupportedMobility versions 8.5 and above support the following methods, which are specifically listed in the CJIS security policyversion 5.1.Smart cardsNetMotion Mobility supports advanced authentication using smart cards, including smartcards that comply with the requirements specified in Homeland Security PresidentialDirective 12 (HSPD-12). Smart cards conforming to Federal Information Processing StandardsPublication 201 (FIPS 201), Personal Identity Verification (PIV) of Federal Employees andContractors and NIST Special Publication 800-78-1, Cryptographic Algorithms and Key Sizesfor Personal Identity Verification are all supported. PKI Smart cards from vendors that meetMicrosoft’s smart card mini-driver requirements and from vendors that provide a MicrosoftCryptographic Service Provider (CSP) are compatible and supported for use with Mobility.Public Key Infrastructure (PKI)Mobility supports strong user authentication with X.509v3 user certificatesstored on the mobile device, in a protected location only accessible to userswho successfully complete desktop authentication and who provide thepassword to access the user certificate.Biometric SystemsVendors providing solutions with biometric access to PKI smart cards and/oruser certificates are supported by Mobility where the biometric function is usedin place of a PIN or password to unlock access to the X.509v3 certificates.In addition, Mobility supports biometric-based user authentication on the Ubtekand Wave biometric systems, which are commonly installed on Lenovo, Itronix,and Dell portable computers.Microsoft IPSecMobility fully supports the use of PKI X.509v3 certificates and shared secretson both the Mobility client and server using Microsoft’s IPSec transport. Eachpacket is authenticated using IPSec AH headers, or a defense-in-depth strategyby using ESP encryption and integrity checking. This method is currentlysupported on all versions of Mobility.COMPLIANCE WITH FIPS 140-2ENCRYPTION REQUIREMENTSIn addition to strong authentication,CJIS security policy mandates the useof FIPS 140-2 validated encryption.Section 5.10.1.2 Encryption explicitlydefines acceptable encryptionstandards: Paragraph 1 - “encryption shall bea minimum of 128-bit.” Paragraph 4 - “When encryptionis employed the cryptographicmodule used shall be certified tomeet FIPS 140-2 standards.”Mobility’s use of validated/certifiedcryptographic libraries (NIST certificatenumbers 237, 441, 493, 1507, 1328,1335 and 1878) meets this requirement.2FANetMotion Wireless offers both full Advanced Authentication Solution, helping you set up your solution from scratch, andAdvanced Authentication Assistance, which reviews your current solution and authentication vendor and helps to ensureyou’re meeting all of your requirements.www.NetMotionWireless.com3
NETMOTION MOBILITY AND CJIS SECURITYRSA SecurIDElectronic token devices are another strong authentication method specified in the CJIS policy. Specifically, Mobilitysupports RSA SecurID, which uses an electronic token to generate a one-time password.Mobility servers communicate directly with the RSA Authentication Manager via Authentication Agent software installed onthe Mobility server. Mobility versions 7.x and above are certified as RSA SecurID Ready. They are compatible with RSA SecurIDhardware, USB and software tokens on all client operating systems that Mobility supports.Beyond Current RequirementsWhile not specifically required under current CJIS policy, the following measures represent an additional layer of protection,and could assist in complying with more stringent requirements in the future.Device authenticationThe current security policy mandates user authentication as opposed to device authentication. However, Mobility alsoallows individual devices to authenticate independent of the user, with the ability to mandate that users only be allowed toauthenticate with specific devices. This provides an additional security factor that exceeds the CJIS requirement.Enforcement for firewalls and anti-virusSection 5.10.4 mandates the use of personal firewalls and antivirus protection. Mobility, through its Mobile NAC module, canverify that these measures are in place and enabled, require that antivirus signatures are updated according to organizationpolicy, and even automatically update those signatures through integration with the Policy Management module.Extensive Platform SupportMobility has extensive platform support, working on the majority of widely-used mobileoperating systems. Mobility supports Android devices running on Android 4.0x to 4.3x, andWindows Pro Tablets as well as devices running Windows XP, 7, and 8. Mobility also offersconnectivity for iOS, Mac, and Linux devices.ConclusionNetMotion product development specifically engineers our product to be compliant with applicable portions of CJISsecurity policy. In addition, Mobility provides extensions and integration with other vendors’ products, promoting morestreamlined compliance with the policy as a whole.www.NetMotionWireless.com4
www.NetMotionWireless.comFOR MORE INFORMATION, CONTACT US:United StatesSeattle, WashingtonTelephone: (206) 691-5500Toll Free: (866) 262-7626Sales@NetMotionWireless.comEuropeGermany and ted KingdomNorthernEurope@NetMotionWireless.com 2014 NetMotion Wireless, Inc. All rights reserved. NetMotion is a registered trademark, and NetMotion Wireless Locality , NetMotion Mobility , Roamable IPSec , InterNetwork Roaming , Best-Bandwidth Routing and Analytics Module are trademarks of NetMotion Wireless, Inc. Microsoft , Microsoft Windows , Active Directory , ActiveSync ,Internet Explorer , Windows Mobile , Windows Server , Windows XP , SQL Server , Windows XP Tablet PC Edition and Windows Vista are registered trademarks of MicrosoftCorporation. All other trademarks, trade names or company names referenced herein are used for identification purposes only and are the property of their respective owners.NetMotion Wireless technology is protected by one or more of the following US Patents: 5,717,737; 6,198,920; 6,418,324; 6,546,425; 6,826,405; 6,981,047; 7,136,645; 7,293,107;7,574,208; 7,602,782; 7,644,171; 7,778,260 and Canadian Patent 2,303,987. Other US and foreign patents pending.
CJIS security policy mandates the use of FIPS 140-2 validated encryption. Section 5.10.1.2 Encryption explicitly defines acceptable encryption standards: Paragraph 1 - “encryption shall be a minimum of 128-bit.” Paragraph 4 - “When encryption is employed the cryptographic module used shall be certified to meet FIPS 140-2 standards.”
Criminal Justice Information Services (CJIS) Security Policy Version 5.9 06/01/2020 CJISD-ITS-DOC-08140-5.9 Prepared by: CJIS Information Security Officer . Section 5.6.2.2.2 Advanced Authentication Decision Tree: updated the tree description to account for direct and indirect access to CJI. 2. Figures 9 and 10: updated both figures to .
Criminal Justice Information Services (CJIS) Security Policy Version 5. 9. 06/01/2020. CJISD-ITS-DOC-08140-5.9 Prepared by: CJIS Information Security Officer . . Section 5.6.2.2.2 Advanced Authentication Decision Tree: updated the tree description to account for direct and indirect access to CJI. 2. Figures 9 and 10: updated both figures to .
Criminal Justice Information Services (CJIS) Security Policy Version 5.9 06/01/2020 CJISD-ITS-DOC-08140-5.9 Prepared by: CJIS Information Security Officer . Section 5.6.2.2.2 Advanced Authentication Decision Tree: updated the tree description to account for direct and indirect access to CJI. 2.
The FBI's CJIS Security Policy (Section 5.6.2.2) requires organizations to implement advanced authentication controls to securely and properly access the CJIS database from non-secure locations. Learn the reasons behind this policy change, understand the strategy for advanced authentication and review the options available to
Amazon Web Services –Certifications, Programs, Reports, and Third-Party Attestations Page 1 CJIS AWS complies with the FBI's Criminal Justice Information Services (CJIS) standard. We sign CJIS security agreements with our customers, including allowing or performing any required employee background checks according to the
Feb 04, 2016 · Federal Bureau of Investigations (FBI) Criminal Justice Information Services (CJIS), CJIS Systems Agency (CSA), CJIS Systems Officer (CSO) and the many users of the system, NCJIS would not function properly. Criminal Justice Information (CJI) is information accessed via any system (including but not limited
Kerry.Creach@mshp.dps.mo.gov Missouri State Highway Patrol, CJIS Division Criminal History Research Unit (573)526-6374 criminalressearch@mshp.dps.mo.gov Missouri State Highway Patrol, CJIS Division Valerie L. Hampton CJIS Program Manager Livescan Software Updates (573)526-6264 Valerie.Hampton@msph.dps.mo.gov Missouri Office of .
Chennai ( Ambattur ) Pune ( Chakan ) Our accumulated expertise of over 100 person years provides us the supremacy and the strength to address the critical needs of Water Jet Cutting Service. www.waterjetgermany.com WATER JET TECHNOLOGY Water Jet cutting is an innovative and relatively new technology that allows for precise yet inexpensive cutting of a wide range of materials. The high .
