Current through Register 1531, September 27, 2024
(1)
DCJIS is the FBI CSA for Massachusetts. In this
capacity, DCJIS shall be responsible for the administration and management of
FBI CJIS on behalf of the FBI, and shall be responsible for overseeing access
to all FBI systems and information by Massachusetts agencies, as well as for
ensuring system security, training, policy compliance, and auditing.
(2) Each agency head shall be responsible
for:
(a) designating a CJIS representative, a
backup CJIS representative, and a technical representative; the CJIS
representative or backup CJIS representative may also serve as the technical
representative if necessary;
(b)
ensuring that all agency users of CJIS, or the information obtained from it,
have been trained, tested, and certified within six months of hire and every
two years thereafter;
(c)
responding to audit questionnaires, complaints, and any other inquiries from
DCJIS or from the FBI within the time period specified by DCJIS or the
FBI;
(d) providing to DCJIS or the
FBI the results of any investigation into the misuse of CJIS or any other
system or source to which DCJIS provides access;
(e) reporting to DCJIS as soon as possible
any misuse of CJIS, including improper access to or improper dissemination of
information contained within or obtained through CJIS;
(f) executing the CJIS User Agreement as
required;
(g) ensuring that the
agency adheres to all CJIS and FBI policies and procedures, including the FBI
CJIS Security Policy;
(h) notifying
DCJIS as soon as practicable of any changes in contact information for the
agency, the agency head, the CJIS representative, the backup CJIS
representative, or the technical representative; and
(i) ensuring compliance with all state and
federal laws, regulations, and policies related to CJIS and/or to any other
system or source to which DCJIS provides access.
(3) The CJIS representative and the backup
CJIS representative shall be responsible for:
(a) training, testing, and certifying agency
users within six months of hire and biennially thereafter;
(b) responding to audit questionnaires,
complaints, and/or any other inquiries from DCJIS or from the FBI within the
time period specified by DCJIS or the FBI;
(c) providing to DCJIS or the FBI the results
of any investigation into the misuse of CJIS or any other system or source to
which DCJIS provides access;
(d)
reporting to DCJIS as soon as possible any misuse of CJIS, including improper
access to or improper dissemination of information contained within or obtained
through CJIS;
(e) executing the
CJIS User Agreement as required;
(f) ensuring that the agency adheres to all
CJIS and FBI policies and procedures, including the FBI CJIS Security
Policy;
(g) notifying DCJIS as soon
as practicable of any changes in contact information for the agency, the agency
head, the CJIS Representative, the backup CJIS Representative, or the technical
representative; and
(h) ensuring
compliance with all state and federal laws, regulations, and policies related
to CJIS and/or to any other system or source to which DCJIS provides
access.
(4) The CJIS
technical representative shall be responsible for:
(a) maintaining and coordinating the agency's
technical access to public safety information systems, including
CJIS;
(b) maintaining CJIS system
security requirements, including those described in the FBI CJIS Security
Policy and any applicable CJIS User Agreement;
(c) reporting to the agency head, CJIS
representative, or backup CJIS representative as soon as possible any misuse of
CJIS, including improper access to or improper dissemination of information
contained within or obtained through CJIS; and
(d) complying with all state and federal
laws, regulations, and policies related to CJIS and/ or to any other system or
source to which DCJIS provides access.
(5) Every CJIS user shall be responsible for:
(a) using CJIS only for authorized criminal
justice purposes;
(b) successfully
completing all required training;
(c) reporting to the agency head, CJIS
representative, or backup CJIS representative as soon as possible any misuse of
CJIS, including improper access to or improper dissemination of information
contained within or obtained through CJIS;
(d) complying with all state and federal
laws, regulations, and policies related to CJIS and/ r to any other system or
source to which DCJIS provides; and
(e) complying with all state and federal
laws, regulations, and policies related to the use of computers.
(6) Every CJIS user and every
person who uses information obtained from CJIS or any other system or source to
which DCJIS provides access shall:
(a)
complete certification training every two years; and
(b) complete additional training as required
by DCJIS for specific applications or information systems, or for understanding
information therefrom.
(7) CJIS shall be accessed only by trained
and certified criminal justice officials for authorized criminal justice
purposes.