Criminal Justice Information Services (CJIS) Resource Materials

CJIS Audit Unit (CAU)

(L-R, Amber McDonald, CJIS Auditor, Steve Steiner, Deputy CJIS Systems Officer, Tamitra McClain, CJIS Auditor, and 
Derek Holbert, CJIS ISO)

Welcome! The CAU program oversees the implementation of the NIGC’s external and internal compliance strategies to achieve and demonstrate compliance with the Memorandum of Understanding (MOU) between the Federal Bureau of Investigation and NIGC concerning Noncriminal Justice Fingerprint Submissions.  CAU audit staff deliver training, technical assistance and conduct selective audits/investigations of those tribes with an executed, suspended, or terminated MOU with the NIGC regarding Criminal History Record Information (CHRI).

The CAU can be reached by email: cau@nigc.gov
To request CJIS training, please complete the Training and Technical Assistance Request Form here.

Memorandum of Understanding MOU:

This MOU memorializes the NIGC’s and the TGRA’s understandings and responsibilities regarding the submission of noncriminal justice fingerprints and the transmittal, receipt, storage, use, and dissemination of CJI and CHRI.

• FBI and NIGC Memorandum of Understanding (Effective 01/17/20)
• Dear Tribal Gaming Regulator - Final CHRI MOU for TGRA signature
• Final CHRI MOU
• Dear Tribal Gaming Regulator- CHRI MOU Compliance Update- Fingerprinting TGRA Employees and Commissioners

Compliance with 25 C.F.R. §§ 502, 556 and 558

• Memo to Compliance re: Special Emphasis on Compliance with Parts 502, 556 and 558
• Steps to Ensure Compliance with September 14, 2023, Regulatory Updates to 25 C.F.R. Part 502
• Frequently Asked Questions – 25 C.F.R. §§ 502, 556 and 558

Bulletins:

Bulletins provide program-related guidance to tribes, tribal regulators and gaming operations, for example, fee rates, fingerprint submission and guidance on Agreed Upon Procedures submission. Bulletins may also restate existing policy or procedure to provide further clarification.

• No. 2022-3   Criminal History Record Information (CHRI) Retention
• No. 2020-2   Fingerprint processing - applicant Privacy Act rights and protecting CHRI

Awareness Training (AT) and LASO Training Information:

All users with authorized access to CJI should be made aware of their individual responsibilities and expected behavior when accessing CJI and the systems which process CJI.

• Sample Noncriminal Justice Agency Information Change Form (ex. LASO designation) 
• CJIS Online Training for Security Awareness and LASO’s can be taken here:
  • www.cjisonline.com/
• How to guide for CJIS Online Login

Outsourcing Agreement Resources:

Prior to engaging in outsourcing any noncriminal justice administrative functions with a Contractor, an Authorized Recipient (Tribe/TGRA) must request and receive written permission from the FBI Compact Officer.

• Helpful Outsourcing Information
• Security and Management Control Outsourcing Standard for Non-Channelers
• Outsourcing Standard for Non-Channelers Sample Policy
• Outsourcing Agreement and FBI Permission Aid
• Sample Non-Channeler Request for Permission to Outsource
• Sample CJIS Outsourcing Contract
• Sample 90-Day Audit Checklist for Contractor Access to FBI CHRI

Checklists:

• Initial Steps to CJIS Compliance (Updated 04/17/23)
• Noncriminal Justice Agency (NCJA) Information Technology Security Audit Correspondence Questionnaire
• 2021 CHRI MOU Checklist

CJIS Security Policy (CJISSecPol) Sample Checklists:

The CJISSecPol policy areas focus upon the data and services that the FBI CJIS Division exchanges and provides to the criminal justice community and its partners. Each policy area provides both strategic reasoning and tactical implementation requirements and standards.

These sample checklists are audit tools that Tribes can use to self-assess compliance with the CJISSecPol.

• 2022.5 Sample Audit Checklist CSP 5.1 Version 5.9
• 2023.4 Sample Audit Checklist CJISSECPOL 5.2 Version 5.9.2
• 2022.5 Sample Audit Checklist CSP 5.3 Version 5.9
• 2022.5 Sample Audit Checklist CSP 5.4 Version 5.9
• 2022.5 Sample Audit Checklist CSP 5.5 Version 5.9
• 2022.5 Sample Audit Checklist CSP 5.6 Version 5.9
• 2022.5 Sample Audit Checklist CSP 5.7 Version 5.9
• 2023.4 Sample Audit Checklist CJISSECPOL 5.8 Version 5.9.2
• 2022.5 Sample Audit Checklist CSP 5.9 Version 5.9
• 2022.5 Sample Audit Checklist CSP 5.10 Version 5.9
• 2022.5 Sample Audit Checklist CSP 5.13 Version 5.9
• 2023.4 Sample Audit Checklist CJISSECPOL 5.14 Version 5.9.2
• 2023.4 Sample Audit Checklist CJISSECPOL 5.15 Version 5.9.2

Sample Forms and Policies:

• Notice of Results
• Tribal notification Form for CHRI MOU V.B.13
• Authorized Personnel List
• Acknowledgment Statement
• NCJA Training Form
• Acceptable Use Policy
• CHRI Proper Access, Use, and Dissemination Policy
• Disciplinary Policy
• Disposal of Media Policy and Procedures
• Incident Response Policy
• Media Protection Policy
• Personally Owned Device Policy
• Physical Protection Policy
• Rules of Behavior Policy
• Security Incident Response Form
• User Account – Access Validation Policy
• Applicant’s Privacy Rights Notice (Updated 11/6/19)
• FBI Privacy Act (Updated 03/30/18)

Helpful Resources:

• Job Aid - How to Read an Identity History Summary (IdHS)
• NGI Audit Methodology
• FBI CJIS Security Policy
• FBI Criminal Justice Information Services (CJIS)
• National Crime Prevention and Privacy Compact Council
• FBI Compact Council Sanction Process Information
• Next Generation Identification (NGI) Audit Noncriminal Policy Reference Guide (June 2022)
• NCJITS Audit Methodology