Connecticut Justice Information System Security Compliance Assessment Form



Similar documents
Payment Card Industry Self-Assessment Questionnaire

Security and Access Control Lists (ACLs)

Network and Security Controls

Electronic Prescribing of Controlled Substances Technical Framework Panel. Mark Gingrich, RxHub LLC July 11, 2006

PierianDx - Clinical Genomicist Workstation Software as a Service FAQ s

Critical Controls for Cyber Security.

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Remote Infrastructure Support Services & Managed IT Services

5 Steps to Advanced Threat Protection

Appalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation Areas for Improvement... 2

A Rackspace White Paper Spring 2010

Client Security Risk Assessment Questionnaire

Data Stored on a Windows Server Connected to a Network

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

Check Point and Security Best Practices. December 2013 Presented by David Rawle

Exhibit B5b South Dakota. Vendor Questions COTS Software Set

Virtual Private Networks (VPN) Connectivity and Management Policy

Outsource IT Services

White Paper. BD Assurity Linc Software Security. Overview

Four Top Emagined Security Services

THE TOP 4 CONTROLS.

Medical Device Security Health Group Digital Output

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes

General Information. About This Document. MD RES PCI Data Standard November 14, 2007 Page 1 of 19

Step-by-Step Configuration

ADM:49 DPS POLICY MANUAL Page 1 of 5

Step-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses

Manual. Traffic Exchange

Easy Setup Guide for the Sony Network Camera

Internet Banking Internal Control Questionnaire

TECHNICAL WHITE PAPER. Symantec pcanywhere Security Recommendations

Boston University Security Awareness. What you need to know to keep information safe and secure

Patch Management Policy

Virtualization Demystified

Credit Card Security

PCI-DSS Penetration Testing

Goals. Understanding security testing

National Endowment for the Arts Evaluation Report. Table of Contents. Results of Evaluation Areas for Improvement Exit Conference...

Default configuration for the Workstation service and the Server service

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD Effective Date: April 7, 2005

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst Page 1 of 7

DEPLOYMENT OF I M INTOUCH (IIT) IN TYPICAL NETWORK ENVIRONMENTS. Single Computer running I m InTouch with a DSL or Cable Modem Internet Connection

Minimum Requirements for Cencon 4 with Microsoft R SQL 2008 R2 Standard

Credit Card Acceptance Policy. Vice Chancellor of Business Affairs. History: Effective July 1, 2011 Updated February 2013

The Protection Mission a constant endeavor

Healthcare Security Vulnerabilities. Adam Goslin Chief Operations Officer High Bit Security

Automated Patch Management Service

Information and Communication Technology. Patch Management Policy

How To Protect Your Data From Being Stolen

Today s Topics. Protect - Detect - Respond A Security-First Strategy. HCCA Compliance Institute April 27, Concepts.

Microsoft Technologies

NCIRC Security Tools NIAPC Submission Summary Microsoft Baseline Security Analyzer (MBSA)

PATCH MANAGEMENT POLICY IT-P-016

Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)?

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

Security Policy for External Customers

UNITED STATES PATENT AND TRADEMARK OFFICE. AGENCY ADMINISTRATIVE ORDER Agency Administrative Order Series. Secure Baseline Attachment

Taxonomy of Intrusion Detection System

Section 1 CREDIT UNION Member Information Security Due Diligence Questionnaire

Determine if the expectations/goals/strategies of the firewall have been identified and are sound.

Best Practices For Department Server and Enterprise System Checklist

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness

PCI DSS Requirements - Security Controls and Processes

Sygate Secure Enterprise and Alcatel

CareGiver Remote Support Information Technology FAQ

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

WEB COMPAS MINIMUM HOSTING REQUIREMENTS

Securing and Accelerating Databases In Minutes using GreenSQL

Module 5 Introduction to Processes and Controls

Accessing Restricted University Online Resources Using Network Connect. on the Secure Remote Access Service

Security Maintenance Practices. IT 4823 Information Security Administration. Patches, Fixes, and Revisions. Hardening Operating Systems

Intertek esignature Customer Reference Document Author: Application Support. Page 1 of 17

Course Syllabus. Fundamentals of Windows Server 2008 Network and Applications Infrastructure. Key Data. Audience. Prerequisites. At Course Completion

Global Partner Management Notice

Cybersecurity Health Check At A Glance

RAS Associates, Inc. Systems Development Proposal. Scott Klarman. March 15, 2009

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

How to Restore a Windows System to Bare Metal

OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

SANS Top 20 Critical Controls for Effective Cyber Defense

GE Oil & Gas. Cyber Security for NERC CIP Versions 5 & 6 Compliance

Guideline on Auditing and Log Management

Security Management. Keeping the IT Security Administrator Busy

Transcription:

The Connecticut Justice Information System (CJIS-2) is used as a mechanism for municipalities, State and Federal agencies to assess their compliance with the CJIS Security Requirements & Recommendations as adopted by the State of Connecticut CJIS Governing Board. This form may be used as an internal document for an agency to assess their present level of compliance and subsequently perform necessary changes to attain compliance or submitted to the Department of Information Technology (DoIT) CJIS Support Group for assistance in attaining compliance. Location Agency Name: Agency Address/Location Address: Agency Location Router IP Address: Internal IP Scheme/SubNet Mask: Assessment 1 - Network Infrastructure 1.1 Firewalls Refer to CJIS Security Requirements & Recommendations Section 1. Is the CJIS portion of your agency s network segment protected by a firewall? Is this firewall configured to allow only permissible protocols and traffic inherent to your agency s network environment? Is this firewall configured to perform logging and audit capability? Is this firewall configured to retain logs for a minimum of one (1) year? CJIS-2 Rev 06-01 Page 1 of 7

Assessment 2 - Workstations and Laptops 2.1 Hardware and Operating Systems Refer to CJIS Security Requirements & Recommendations Section 4. How many total workstations and laptops are in your network environment? How many of these are COLLECT certified devices? How many utilize each of the following operating systems? Windows 3.1 * Windows 95 * Windows 98 Standard Edition * Windows 98 Second Edition * Windows Millennium Edition * Windows NT Workstation 4.xx * Windows 2000 Professional Windows XP Professional Windows XP Home Please specify: Please specify: * Security hot fixes for this release are no longer supported by Microsoft Is each of the above devices and its operating system presently under contract for maintenance and support with its manufacturer? Have you performed OS Hardening on each of the above devices to reduce vulnerabilities in the computer hardware and operating system? 2.2 Anti-Virus Program Refer to CJIS Security Requirements & Recommendations Section 2. Are all workstations and laptops residing within your agency s CJIS network protected by a currently supported virus protection program? Does the Anti-Virus program on each workstation and laptop receive virus signature updates automatically? CJIS-2 Rev 06-01 Page 2 of 7

2.3 Patch Management Process Refer to CJIS Security Requirements & Recommendations Section 3. Are all workstations and laptops residing within your agency s CJIS network protected by a patch management program? Does the patch management application receive updates automatically? Are these patches applied to each workstation and laptop through an automated process? 2.4 Browsers Supporting 128 Bit Encryption Refer to CJIS Security Requirements & Recommendations Sect. 6. How many total workstations and laptops are browser enabled? How many utilize each of the following browsers? Internet Explorer 5.01 or lower * Internet Explorer 5.5 * Internet Explorer 6 Netscape 6.x + Netscape 7.x Netscape 8.x Please specify: Please specify: * Security hotfixes for this release are no longer supported by Microsoft + Security hotfixes for this release are no longer supported by Netscape CJIS-2 Rev 06-01 Page 3 of 7

Assessment 3 LiveScan Devices 3.1 Hardware and Operating Systems Refer to CJIS Security Requirements & Recommendations Section 4. How many LiveScan devices are in your network environment? (if 0, proceed to Assessment 4) Which vendor(s) manufacturer the LiveScan(s)? Please specify: Please specify: Please specify: How many utilize each of the following operating systems? Windows NT Workstation 4.xx * Windows 2000 Professional Windows XP Professional Windows XP Home Unknown Please specify: Please specify: Please specify: * Security hot fixes for this release are no longer supported by Microsoft Is each of the above LiveScan devices and its operating system presently under contract for maintenance and support with its manufacturer? Have you or the manufacturer(s) performed OS Hardening on each of the above LiveScan devices to reduce vulnerabilities in the computer hardware and operating system? 3.2 Anti-Virus Program Refer to CJIS Security Requirements & Recommendations Section 2. Are all LiveScan devices residing within your agency s CJIS network protected by a currently supported virus protection program? Does the Anti-Virus program on each LiveScan device receive virus signature updates automatically? CJIS-2 Rev 06-01 Page 4 of 7

3.3 Patch Management Process Refer to CJIS Security Requirements & Recommendations Section 3. Are all LiveScan devices residing within your agency s CJIS network protected by a patch management program? Does the patch management application receive updates automatically? Are these patches applied to each LiveScan device through an automated process? Assessment 4 - Servers 4.1 Hardware and Operating Systems Refer to CJIS Security Requirements & Recommendations Section 4. How many total servers are in your network environment? How many utilize each of the following operating systems? Windows NT Server 4.xx * Windows 2000 Server Windows Server 2003 (if 0, proceed to Assessment 5) Please specify: Please specify: Please specify: Please specify: Please specify: Please specify: * Security hotfixes for this product are no longer supported by Microsoft CJIS-2 Rev 06-01 Page 5 of 7

Is each of the above servers and its operating system presently under contract for maintenance and support with its manufacturer? Have you performed OS Hardening on each of the above servers to reduce vulnerabilities in the computer hardware and operating system? 4.2 Anti-Virus Program Refer to CJIS Security Requirements & Recommendations Section 2. Are all servers residing within your agency s CJIS network protected by a currently supported virus protection program? Does the Anti-Virus program on each server receive virus signature updates automatically? 4.3 Patch Management Process Refer to CJIS Security Requirements & Recommendations Section 3. Are all servers residing within your agency s CJIS network protected by a patch management program? Does the patch management application receive updates automatically? Are these patches applied to each server through an automated process? CJIS-2 Rev 06-01 Page 6 of 7

Assessment 5 - Physical Location 5.1 Physical Safeguards Refer to CJIS Security Requirements & Recommendations Appendix A. Special Note: While the actual requirements of Appendix A are required only for COLLECT devices, it is the desire of the Security Committee of the CJIS Governing Board that best effort physical safeguards be in place for ALL devices that reside in an agency s CJIS network segment and access CJIS systems. Does your agency have adequate physical safeguards in place to protect against unauthorized access or routine viewing of display devices or printed materials by unauthorized persons? If NO, please explain Does your agency have adequate physical safeguards in place to protect network and infrastructure components from unauthorized access? If NO, please explain For the Agency/Location Assessment Date: Assessing Individual Signature: Assessing Individual Printed Name: Assessing Individual email Address: Assessing Individual Phone Number: CJIS-2 Rev 06-01 Page 7 of 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information