System Security

Data stored in computerized central repositories (data files) which are a part of the TIME System must be protected from unauthorized access. Data stored in the Crime Information Bureau TIME Files and the NCIC Files is documented law enforcement information. Therefore, entry and access to all computerized law enforcement information must be restricted to authorized law enforcement agencies. Each TIME terminal agency is responsible for allowing only authorized personnel to operate the TIME terminal and to enforce system security. Also, each TIME terminal agency is responsible for ensuring that the terminal is used to send authorized and official messages only.

All messages sent on the system must deal with authorized law enforcement matters. Agency Administrators must take steps to ensure that system requirements are met and that prohibited messages are not transmitted.

When agencies enter information in the computerized files they utilize the ORI number of the agency requesting the entry. The ORI becomes part of the entered record and the record can only be canceled utilizing the same combination of data from the same entry point.

It is the responsibility of each law enforcement agency to provide physical security for the TIME terminal. Unauthorized or untrained individuals should be restricted from the general area of the location of the terminal.

CIB and FBI record checks by fingerprint identification must be conducted for terminal operators, programmers, and other persons employed or utilized to effectuate access to or initiate transmission of NCIC information.  Fingerprint cards must be sent to both CIB and FBI to determine if any criminal record exists, along with a computer check of NCIC and CIB Warrant/Wanted Person File which might disqualify them from access to NCIC.  Background re-investigations are recommended every 5 years as a good business practice.

Each criminal justice agency authorized to receive NCIC/CIB information must have appropriate written standards for discipline of NCIC/CIB policy violators.

The TIME System has various built-in security measures, but the final responsibility rests with the operation and enforcement of system security at the terminal location level.