Orange County NC Website
Browse       Search
10/01/2022 <br />CJISD-ITS-DOC-08140-5.9.1 <br />H-6 <br />FEDERAL BUREAU OF INVESTIGATION <br />CRIMINAL JUSTICE INFORMATION SERVICES <br />SECURITY ADDENDUM <br /> <br /> The goal of this document is to augment the CJIS Security Policy to ensure adequate <br />security is provided for criminal justice systems while (1) under the control or management of <br />a private entity or (2) connectivity to FBI CJIS Systems has been provided to a private entity <br />(contractor). Adequate security is defined in Office of Management and Budget Circular A- <br />130 as “security commensurate with the risk and magnitude of harm resulting from the loss, <br />misuse, or unauthorized access to or modification of information.” <br /> The intent of this Security Addendum is to require that the Contractor maintain a <br />security program consistent with federal and state laws, regulations, and standards (including <br />the CJIS Security Policy in effect when the contract is executed), as well as with policies and <br />standards established by the Criminal Justice Information Services (CJIS) Advisory Policy <br />Board (APB). <br /> This Security Addendum identifies the duties and responsibilities with respect to the <br />installation and maintenance of adequate internal controls within the contractual relationship so <br />that the security and integrity of the FBI's information resources are not compromised. The <br />security program shall include consideration of personnel security, site security, system <br />security, and data security, and technical security. <br /> The provisions of this Security Addendum apply to all personnel, systems, networks and <br />support facilities supporting and/or acting on behalf of the government agency. <br />1.00 Definitions <br />1.01 Contracting Government Agency (CGA) - the government agency, whether a Criminal <br />Justice Agency or a Noncriminal Justice Agency, which enters into an agreement with a private <br />contractor subject to this Security Addendum. <br />1.02 Contractor - a private business, organization or individual which has entered into an <br />agreement for the administration of criminal justice with a Criminal Justice Agency or a <br />Noncriminal Justice Agency. <br />2.00 Responsibilities of the Contracting Government Agency. <br />2.01 The CGA will ensure that each Contractor employee receives a copy of the Security <br />Addendum and the CJIS Security Policy and executes an acknowledgment of such receipt and <br />the contents of the Security Addendum. The signed acknowledgments shall remain in the <br />possession of the CGA and available for audit purposes. The acknowledgement may be signed <br />by hand or via digital signature (see glossary for definition of digital signature). <br />3.00 Responsibilities of the Contractor. <br />3.01 The Contractor will maintain a security program consistent with federal and state laws, <br />regulations, and standards (including the CJIS Security Policy in effect when the contract is <br />executed and all subsequent versions), as well as with policies and standards established by the <br />Criminal Justice Information Services (CJIS) Advisory Policy Board (APB). <br />4.00 Security Violations. <br />Docusign Envelope ID: D040EFAB-2D80-498F-8058-E854C6400347