Laserfiche WebLink
WSP Contract No. CRD00021 <br /> WSP recognizes that the FBI CJIS Security Policy is a minimum standard and that <br /> circumstances are encountered that create a need for additional security measures. <br /> These standards are in addition to the current CJIS Security Policy. <br /> a. Livescan devices will comply with the following security requirements: <br /> i. Unauthorized unescorted physical and logical access to Livescan devices will <br /> be restricted. In some environments, it might not be realistic to expect <br /> absolute control over a Livescan device 100% of the time. In these <br /> environments, acceptable risk mitigations will be provided in lieu of 100% <br /> control through escorted access. The WSP reserves the right to object to <br /> equipment security measures and to suspend or withhold service until such <br /> matters are corrected to the reasonable satisfaction of WSP. <br /> ii. Livescan devices will be single purpose workstations. That is, applications <br /> used on the workstation will be used only for functions involving Livescans. <br /> iii. Livescan devices will have restricted internet access (i.e. authorized vendor <br /> support). <br /> iv. Livescan devices will not host email clients that can receive email from the <br /> internet. <br /> v. Livescan devices will not be used to display or edit documents except for <br /> reports produced by the Livescan device (word processing, spreadsheets, <br /> PDF's, etc.), <br /> vi. Livescan devices will not be connected to any external media, except for the <br /> purpose of performing software and application upgrades. The media should <br /> be used only on Livescan devices. If the media is used on a non-Livescan <br /> device, it will be erased and a new image will be placed on the media before <br /> it is used with a Livescan device. <br /> vii. Livescan devices will be protected from workstations that do have general <br /> workstation functions by firewalls that prohibit external access to Livescan <br /> devices. <br /> viii. The Livescan will be located in an area that is physically restricted to the <br /> public or other unauthorized users. When the Livescan is not in use and left <br /> unattended, it must be logged off and password protected. In the cases of <br /> portable Livescans, the Livescan will not be left unattended in a non-secure <br /> area. <br /> b. All security exceptions must be documented in writing and approved by WSP and <br /> WIN. <br /> c. The threat vectors currently addressed are: <br /> i. Physical access issues <br /> ii. Multiple/shared function (due to security issues raised by co-resident <br /> applications) <br /> iii. Unrestricted internet access <br /> iv. Email access <br /> v. Accessing documents that could have been maliciously crafted <br /> vi. External media <br /> vii. Contact with other workstations over the local network segment that are at <br /> higher risk for infection/compromise <br /> viii. Lack of firewall separation/overly permissive firewall configuration <br /> Approved as to Form by the Washington Attorney General <br /> 2018 Livescan to WIN ABIS User Agreement 05/08/2018 <br /> Page 2 of 7 <br />