Texas Law Enforcement Agencies
New Agency Procedure
The agency will need to fill out an application for satellite access with TLETS first. When a new agency, one that does not currently have TLETS, gets their ORI approved and is looking to connect with TLETS satellite, we will travel to the agency and go over the compliance requirements for their configuration and possible future changes. New agencies are encouraged to contact us after receiving TLETS approval. We do not expect that the Agency will have the satellite equipment in place at this time. This is basically training on the requirements at this point. We will also notify the agency to set up their operator lists through TCIC Training.
The CJIS Security Office will inform IT to have the Satellite install scheduled and to generate the TCR.
In 30 to 60 days after all equipment is installed and running, The CJIS Security Office will return to the agency and audit for compliance. To receive a satellite dish application, please send email requests to email@example.com.
Agency Audit Procedure
Prior to the audit at your agency, you will receive notification of the date and time of the audit and who will be doing the audit. You will receive a link for an online audit which must be completed. You will also be asked to prepare or submit the following prior to the audit:
Following the online audit, the agency will receive an email from DPS scheduling the site visit and follow up. Upon completion, one of the following three possible emails will be sent:
If an agency is found to be compliant, they will receive an email stating that they were found to be compliant.
If an agency is non-compliant but fixes any issues during the audit, they will receive a compliant email outlining any issues corrected while the auditor was on site. This documents the non-compliance issues that were corrected and the agency is compliant.
If an agency is non-compliant, they will receive a non-compliant email. This email will describe any problems and give the policy reference for the requirement. Agencies that receive a non-compliant email must reply to the CJIS Security Office with the actions they intend to take to correct any problems and provide the date when this corrective action will be completed. The CJIS Security Office will review the agency’s response. If compliant, the agency will receive a compliant email. If still non-compliant, the agency remains in a non-compliant state until achieving compliance and receiving a compliance email.
Agency Configuration Changes
When an agency wants to add something - workstations, MDT’s, CAD system interfaced with the TLETS system, the CJIS Security Office will apply the rules in the CJIS Security Policy. This includes changes to incorporate cloud services or adding connections such as Livescan or other devices which may process CJI. If it’s a major change, we will visit the agency first and then inform IT that the changes are authorized. If it is a minor change, the CJIS Security Office will review the additional issues caused by the change with the agency and then inform IT that the changes are authorized. For a major change, we may schedule a follow up visit in the 30 to 60 day time frame following the new equipment implementation. A network diagram may be needed for changes.
Non-Satellite Based Computing Device Instructions
The Non-Satellite Based Computing Device Agreement describes the process and paperwork required by DPS to connect an agency behind an interface located at another agency to the DPS TLETS system. The agency with the interface is considered the “hosting” agency. The agency being connected to this interface is considered the “hosted” agency. Both the hosting and hosted agencies have responsibilities and both agencies are required to be fully compliant with the applicable policies as defined in both the CJIS Security Policy and the NCIC Operating Manual.
In some cases a vendor is involved in the process. FBI Security Addendums are required between each agency and the vendor. If an agency has signed a contract with a vendor, a Security Addendum is required. If the contract is between two governmental agencies, then a Security Addendum is not required.
This process should also be supported with a Memorandum of Understanding between the two agencies describing the relationship for using the interface to DPS. It should describe the responsibilities of each agency.
The process with DPS is as follows:
Contact the TLETS Order Center to start the move process. The CJIS Security Office will have a conversation with the agency about being compliant in the new building. Following this conversation, the CJIS Security Office will then inform the TLETS Order Center that the move is authorized. TLETS will schedule the Satellite move. The CJIS Security Office will schedule a follow up visit 30 to 60 days after the move is complete.
Please send all inquiries and/or questions regarding F.A.C.T., F.A.S.T. or the fingerprint process to Fingerprint Service or you may call (512) 424-2365 and select the appropriate option from the menu.
The agency should refer to their Incident Response Plan first. The agency should contact their internal IT support next to determine the extent of the computer virus breakout. The computer should be isolated from other functional computers by disconnecting the network cable, but not unplugged from power. The agency should contact the DPS OIC next to inform us of the computer virus and what steps have been taken so far. Contact the OIC at 1-800-638-5387 (1-800-63-TLETS) so the agency’s traffic can be re-routed if necessary while the computer is sanitized. The agency will remain re-routed until a CJIS Technical Auditor approves the reconnection to the TLETS network.
Agencies may refer to our documents section here to obtain an Incident Response Form if one is not available locally:
Criminal Justice Information is the abstract term used to refer to all of the FBI CJIS provided data necessary for law enforcement agencies to perform their mission and enforce the laws, including but not limited to: biometric, identity history, person, organization, property (when accompanied by any personally identifiable information), and case/incident history data. In addition, CJI refers to the FBI CJIS-provided data necessary for civil agencies to perform their mission; including, but not limited to data used to make hiring decisions. The following type of data are exempt from the protection levels required for CJI: transaction control type numbers (e.g. ORI, NIC, UCN, etc.) when not accompanied by information that reveals CJI or PII
Law Enforcement Agency Vendor
TheThe CJIS Security Policy provides Criminal Justice Agencies (CJA) and Noncriminal Justice Agencies (NCJA) with a minimum set of security requirements for the access to Federal Bureau of Investigation (FBI) Criminal Justice Information Services (CJIS) Division systems and information and to protect and safeguard Criminal Justice Information (CJI). This minimum standard of security requirements ensures continuity of information protection. The essential premise of the CJIS Security Policy is to provide the appropriate controls to protect CJI, from creation through dissemination; whether at rest or in transit.
The latest CJIS Security Policy is available on our website as listed here and is also available via the FBI CJIS website.
Contracting personnel will need to complete the CJIS Security Addendum, pass and clear a finger print based background check and be made aware of these regulating codes.
Additional guidance and documentation to assist solution providers is available for review here:
Yes, personnel that have access to equipment that stores, processes or transmits CJI data must meet Security Awareness Training requirements. The training should be documented and repeated every two years.
Not within Texas. One set of good, cleared fingerprint results is only needed for the contracted agencies within Texas. If prints are rejected, then another set of prints will need to be done. The submitting law enforcement agency that the company has a signed contract with will receive the results. An FBI Certification page is required for each person per each signed Security Addendum with the individual law enforcement agency.