Frequently Asked Questions

Links to Faq's for:

Texas Law Enforcement Agencies

   1. How does the agency receive new TLETS satellite access?

New Agency Procedure
The agency will need to fill out an application for satellite access with TLETS first. When a new agency, one that does not currently have TLETS, gets their ORI approved and is looking to connect with TLETS satellite, we will travel to the agency and go over the compliance requirements for their configuration and possible future changes. New agencies are encouraged to contact us after receiving TLETS approval. We do not expect that the Agency will have the satellite equipment in place at this time. This is basically training on the requirements at this point. We will also notify the agency to set up their operator lists through TCIC Training.

The CJIS Security Office will inform IT to have the Satellite install scheduled and to generate the TCR.

In 30 to 60 days after all equipment is installed and running, The CJIS Security Office will return to the agency and audit for compliance. To receive a satellite dish application, please send email requests to

   2. What can the agency expect during the audit process?

Agency Audit Procedure
Prior to the audit at your agency, you will receive notification of the date and time of the audit and who will be doing the audit. You will also be asked to prepare the following prior to the audit:

  • Current Network Diagram
  • The agency’s policies that pertain to CJIS Security
  • The agency’s Incident Response Plan
  • The agency’s Security Alert & Advisories Process
  • Documented Security Awareness Training completed
  • If applicable: Management Control Agreements for Technical Services, Security Addendums, FIPS 140-2 Certificates for Encryption, Memorandum of Understanding & Inter-Agency Agreements
  • If applicable: A list of wireless devices (Example: air card number, carrier phone number, etc)
  • If applicable: Verification that any Wireless Access Points (WAP) connecting to agency’s network meet CJIS requirements
  • If applicable: Service contracts/warranties covering network components (routers/switches) which may be at or near end-of-life per the manufacturer/vendor

Following the audit, the agency will receive an email from DPS explaining the results. One of the following three possible emails will be sent:

If an agency is found to be compliant, they will receive an email stating that they were found to be compliant.

If an agency is non-compliant but fixes any issues during the audit, they will receive a compliant email outlining any issues corrected while the auditor was on site. This documents the non-compliance issues that were corrected and the agency is compliant.

If an agency is non-compliant, they will receive a non-compliant email. This email will describe any problems and give the policy reference for the requirement. Agencies that receive a non-compliant email must reply to the CJIS Security Office with the actions they intend to take to correct any problems and provide the date when this corrective action will be completed. The CJIS Security Office will review the agency’s response.  If compliant, the agency will receive a compliant email. If still non-compliant, the agency remains in a non-compliant state until achieving compliance and receiving a compliance email.

   3. What is the process to add new MDTs, Omnixx connections or change vendors?

Agency Configuration Changes
When an agency wants to add something - workstations, MDT’s, CAD system interfaced with the TLETS system, the CJIS Security Office will apply the rules in the CJIS Security Policy. If it’s a major change, we will visit the agency first and then inform IT that the changes are authorized. If it is a minor change, the CJIS Security Office will review the additional issues caused by the change with the agency and then inform IT that the changes are authorized. For a major change, we may schedule a follow up visit in the 30 to 60 day time frame following the new equipment implementation. A network diagram may be needed for changes.

   4. What is the process for an agency to add MDTs hosted by another agency?

Non-Satellite Based Computing Device Instructions
The Non-Satellite Based Computing Device Agreement describes the process and paperwork required by DPS to connect an agency behind an interface located at another agency to the DPS TLETS system. The agency with the interface is considered the “hosting” agency. The agency being connected to this interface is considered the “hosted” agency. Both the hosting and hosted agencies have responsibilities and both agencies are required to be fully compliant with the applicable policies as defined in both the CJIS Security Policy and the NCIC Operating Manual.

In some cases a vendor is involved in the process. FBI Security Addendums are required between each agency and the vendor. If an agency has signed a contract with a vendor, a Security Addendum is required. If the contract is between two governmental agencies, then a Security Addendum is not required.

This process should also be supported with a Memorandum of Understanding between the two agencies describing the relationship for using the interface to DPS. It should describe the responsibilities of each agency.

The process with DPS is as follows:

  • Hosted agency completes and signs the Non-Satellite Based Computing Device Agreement (The Agreement) and forwards it to this office (CJIS Security Office).
  • CJIS Security Office conducts a CJIS Security Policy Pre-Audit with the hosted agency.
  • Upon completing the pre-audit, DPS approves The Agreement and sends an email to both the hosting and hosted agencies.
  • CJIS Security Office notifies the TLETS Order Center the hosted agency is approved to receive TLETS via the hosting agency's connection. The hosted agency requests the user IDs from TCIC Training and forwards them to the hosted agency to ensure all operators are assigned an Omnixx user ID.
  • The TLETS Order Center will then contact via email both the hosted and hosting agencies to enable the hosted agency's TLETS connection.
  • The TLETS Order Center updates the TCR and distributes it to all interested parties.
  • The CJIS Security Office audits the hosted agency 60 to 90 days after their connection is enabled and triennially thereafter for compliance.

   5. What steps must the agency do to have a satellite moved?

Agency Moves
Contact the TLETS Order Center to start the move process. The CJIS Security Office will have a conversation with the agency about being compliant in the new building. Following this conversation, the CJIS Security Office will then inform the TLETS Order Center that the move is authorized. TLETS will schedule the Satellite move. The CJIS Security Office will schedule a follow up visit 30 to 60 days after the move is complete.

   6. What process do I need to follow for IT staff and IT vendor finger print based background checks?

Please send all inquiries and/or questions regarding F.A.C.T., F.A.S.T. or the fingerprint process to Fingerprint Service or you may call (512) 424-2365 and select the appropriate option from the menu.

   7. What is the process to report a computer virus outbreak at the agency?

The agency should refer to their Incident Response Plan first. The agency should contact their internal IT support next to determine the extent of the computer virus breakout. The computer should be isolated from other functional computers by disconnecting the network cable, but not unplugged from power. The agency should contact the DPS OIC next to inform us of the computer virus and what steps have been taken so far. Contact the OIC at 1-800-638-5387 (1-800-63-TLETS) so the agency’s traffic can be re-routed while the computer is sanitized. The agency will remain re-routed until a CJIS Technical Auditor approves the reconnection to the TLETS network.

   8. Does Java need to be updated on our TLETS / Omnixx computers?

At this time, please do not update the version of Java if the TLETS / Omnixx system is functional.

TxDPS is working to upgrade to a more current Omnixx version that will utilize a newer version of Java and work better with Windows 7; however, we do not know when it will be available.

In the meantime, this is our stance:

CJIS Security Compliance
DPS will not find an agency to be out of compliance with the CJIS security policy if the cause of the potential violation is out of the control of the agency in question (or out of control of the entity that provides IT related services to that agency).  However, this exception only applies to applications deemed to be mission critical by the CSO.  In the case of Omnixx, the CSO recognizes that computers utilizing JAVA 6 are not compliant with the CJIS security policy, however, since Omnixx is a mission critical application whose technical configuration is outside the control of the agency using it, the agency in question will not be found to be non-compliant because they have JAVA 6 installed in support of Omnixx.

DPS is in the process of upgrading Omnixx so that it will be fully compliant with the CJIS security policy.

JAVA vulnerability
In order to avoid vulnerabilities associated with earlier versions of JAVA, DPS suggests that agencies utilize computers with legacy versions of JAVA only to support Omnixx (if possible) and isolate those computers from the rest of their local network.

Law Enforcement Agency Vendor

   1. What is the CJIS Security Policy and where can I locate a copy?

The CJIS Security Policy provides Criminal Justice Agencies (CJA) and Noncriminal Justice Agencies (NCJA) with a minimum set of security requirements for the access to Federal Bureau of Investigation (FBI) Criminal Justice Information Services (CJIS) Division systems and information and to protect and safeguard Criminal Justice Information (CJI). This minimum standard of security requirements ensures continuity of information protection. The essential premise of the CJIS Security Policy is to provide the appropriate controls to protect CJI, from creation through dissemination; whether at rest or in transit.

The CJIS Security Policy is available on our website and the FBI CJIS website.

   2. What other CJIS related documents does my company need to know about working with law enforcement agencies in Texas?

Contracting personnel will need to complete the CJIS Security Addendum, pass and clear a finger print based background check and be made aware of these regulating codes.

   3. Does my company need to have Security Awareness Training for the CJI access we receive?

Yes, personnel that have access to equipment that stores, processes or transmits CJI data must meet Security Awareness Training requirements. The training should be documented and repeated every two years.

   4. Do company employees need to have fingerprints cleared for each Security Addendum at each law enforcement agency?

Not within Texas. One set of good, cleared fingerprint results is only needed for the contracted agencies within Texas. If prints are rejected, then another set of prints will need to be done. The submitting law enforcement agency that the company has a signed contract with will receive the results. An FBI Certification page is required for each person per each signed Security Addendum with the individual law enforcement agency.

Return to Top