The URL can be used to link to this page

Home My Public Portal About2016-11-17 Clets Security Point Of Contact Delineation And Agreement CD STATE OF CALIFORNIA DEPARTMENT OF JUSTICE HDC 0011 PAGE 1 of 2 (Ong.02/2009;Rev.03/2010) CLETS SECURITY POINT OF CONTACT DELINEATION AND AGREEMENT A Security Point of Contact (SPOC) is the person designated to serve as the security coordinator with the California Department of Justice (CA DOJ) on security matters pertaining to the use of the California Law Enforcement Telecommunications System (CLETS), the National Crime Information Center(NCIC), the National Law Enforcement Telecommunication System (NLETS), CA DOJ criminal justice databases, and the administrative network the CLETS supports. If a consultant is to perform any of these duties, an agency representative must review and approve all proposed actions. The SPOC shall coordinate with the Agency CLETS Coordinator(ACC) on all routine or non- emergency actions or matters pertaining to the CLETS, the NCIC, the NLETS, CA DOJ criminal justice databases, and the administrative network that the CLETS supports. When feasible, the SPOC shall coordinate with the ACC on all exceptional or emergency actions in matters pertaining to the CLETS, the NCIC, the NLETS, CA DOJ criminal justice databases, and the administrative network the CLETS supports. Requirements • Be familiar with all security aspects of the agency's CLETS, CA DOJ criminal justice databases, NCIC, and NLETS connected devices and infrastructure. • Possess a strong technical foundation and be able to coordinate and perform security-related activities as required. • Be authorized and have access to all technical components and documentation related to the agency's segment of the CLETS infrastructure. • Ensure emergency critical changes or modifications, etc., to the agency's CLETS infrastructure, as directed by the CA DOJ, are performed with little or no advanced notice. • Have access to security and system audit logs that either directly or indirectly support CLETS infrastructure. This shall not include access to the CLETS journal information or data. Roles and Responsibilities Administration • Coordinate with the ACC to establish procedures ensuring only authorized users have access to the CLETS and its related hardware or software. • Coordinate or respond to the CA DOJ security-related correspondence. • Ensure that a backup SPOC is designated. If the primary SPOC cannot be located or contacted, the backup SPOC shall assume all SPOC responsibilities. • Retain all documentation and notify the agency head if the individual no longer serves as the SPOC. Audits/InspectionsNalidations • Coordinate with the ACC to ensure the continued availability, confidentiality, and integrity of the CLETS infrastructure residing in the agency's systems or networks. • Coordinate with the ACC to recommend proactive or corrective actions necessary to validate or verify the agency's compliance with the CLETS Policies, Practices, and Procedures (PPP). • Coordinate with the ACC to recommend actions necessary to ensure compliance with all state or federal auditing requirements as described in the CLETS PPP. • Coordinate the agency's CLETS security inspections by the CA DOJ network information security or field liaison staff, as required or requested by the CA DOJ. t,,:,.,r,,'"<r STATE OF CALIFORNIA DEPARTMENT OF JUSTICE �` HDC 0011 �`'s (Ong.02/2009;Rev.03/2010) PAGE 2 of 2 I `i is CLETS SECURITY POINT OF CONTACT ' w.r,° DELINEATION AND AGREEMENT Policy • Recommend to the ACC actions necessary to ensure compliance with all applicable CA DOJ, CLETS, NCIC, or NLETS security practices, policies, statutes, or regulations. • Recommend to the ACC the actions necessary to ensure the CLETS terminals, equipment, or messages are secure from unauthorized access. • Recommend to the Agency Head the actions necessary to establish a security incident response for the agency to discover, investigate, document, or report incidents that endanger the security or integrity of the CA DOJ systems or networks. • Recommend to the Agency Head a security incident response (defined above), reporting procedures. System • Have a current system diagram available. • Have a list of all the CLETS terminal locations within the agency available, identifying the terminal as fixed, mobile, behind a Local Area Network, Wide Area Network, etc. • Have a list of all the CLETS terminal mnemonics (static or pooled) available. • Review the CLETS applications for new, upgraded, or changing services for compliance with security requirements. • Retain or have access to all records of changes or problems associated with CLETS hardware or software. Training • Coordinate with the ACC to ensure security awareness training is provided to all agency CLETS users within the first six months of employment or appointment and every two years thereafter. Signatures indicate you have read, understand, and pledge to abide by this SPOC delineation and agreement. SPOC Acknowledgement: Helen Hall, IT Manager / /- L2.5°-/6 Printed Name Date 1- ` ,,C Jietie Signature Agency Head SPOC Acknowledgement Confirmation: John Siko, Acting Chief of Police l(• 1 1• / c Printed Name Date Signature ?t) THIS ORIGINAL AGREEMENT SHALL BE MAINTAINED BY THE AGENCY