Compilation of Rules and Regulations of the State of Georgia
Department 140 - GEORGIA CRIME INFORMATION CENTER COUNCIL
Chapter 140-2 - PRACTICE AND PROCEDURE
Rule 140-2-.11 - Security Requirements for Criminal Justice Information in a Data Processing Environment
Current through Rules and Regulations filed through March 20, 2024
(1) Computers used to collect, store or disseminate CHRI shall be protected from unauthorized access by means of software or hardware control systems, which log all access attempts. Each individual authorized to store, process and/or transmit CJIS information will use a unique identifier. The unique identification is also required for personnel who administer and maintain the system. The unique identification can take the form of a full name, badge number, serial number or other unique alphanumeric identifier. The identifier shall be authenticated.
(2) CHRI transmitted from one point to another by computer shall be protected from unauthorized access by means of software or hardware control systems. Standards for control systems outlined here must meet FBI CJIS Security Policy requirements.
(3) Computers storing or disseminating CHRI may perform logging activities pursuant to Rule 140-2-.06.
(4) Computers and the agencies operating or administratively responsible for the operation of computers utilized in whole or part for the collection, storage, dissemination or message switching of CHRI shall be subject to GCIC audits pursuant to Rule 140-2-.07.
(5) Physical security standards for these computers shall be maintained pursuant to Rule 140-2-.08.
(6) Personnel security standards for persons employed to operate, program or maintain these computers shall be established pursuant to Rule 140-2-.09 as follows:
(7) Secret data or CHRI contained in a computer system, whether dedicated or shared, shall be kept under maximum-security conditions. Documents containing secret data or CHRI no longer required to support criminal justice operations, must be destroyed in a secure manner that precludes unauthorized access to the information.
(8) The agency administratively responsible for the supervision of persons, computer hardware or software assumes liability for any misuse of secret data or CHRI stored in a shared computer environment.
O.C.G.A. Secs. 35-3-32 to 35-3-35, 35-3-38, 42 U.S.C. 3771, 28 CFR 20.21, FBI Security Policy.