Advance Authentication Update From The APB Executive Committee


Currently, the CJIS Security Policy, Section 5.6.2.2.1, Advanced Authentication (AA) Policy and Rationale, states AA is required when accessing Criminal Justice Information (CJI) outside the boundary of physically security location with physical, personnel, and technical security controls implemented. Section 5.6.2.2.1 contains interim compliance designating a police vehicle as a physically secure location to permit authorized users accessing CJI within a police vehicle to be exempt from the AA requirements until September 30, 2013.


Section 5.6.2.2.1 contains additional interim compliance stating IPSec (Internet Protocol Security – Provides secure Internet Protocol communications) may continue to be utilized to meet the AA requirements until 2013 if it was implemented to meet the CJIS Security Policy version 4.5 requirements.


On Wednesday, 2/13/2013, the APB Chair and APB Executive Committee requested the FBI extend Section 5.6.2.2.1 of the CJIS Security Policy’s interim compliance for police vehicles and IPSec to meet the AA requirements for an additional year. The Executive Committee conveyed their concern over the possibility of law enforcement expending fiscal resources to implement a policy requirement that may be subject to change as a result of a topic going to the Working Groups this March.  The committee felt that extending the interim compliance dates for a police vehicle to be considered a physically secure location for the purpose of AA and IPSec implemented to meet CJIS Security Policy version 4.5 requirements (Section 5.6.2.2.1) for an additional year will prevent unnecessary expenditures while the topic moves through the process.

 
The FBI has agreed to the request with the understanding that this topic will be voted upon at the next APB meeting.  Effective immediately, compliance for the IPSec extension and extension for police vehicles to be considered physically secure locations for the purpose of AA will both be 9/30/2014.