Jail Management System - Maricopa County
Jail Management System - Maricopa County
Jail Management System - Maricopa County
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Issue #1:<br />
For Information. No response required.<br />
Issue #2:<br />
<strong>Jail</strong> <strong>Management</strong> <strong>System</strong> (JMS)<br />
Sheriff's Office- JMS Report<br />
February 2012<br />
Audit Response - April 25, 2012<br />
MCSO network security controls could be strengthened in four key areas: (1) the<br />
Criminal Justice Network, (2) password parameters, (3) remote access security, and (4)<br />
patch management. Stronger network security controls reduce the likelihood of system<br />
vulnerabilities and breaches. MCSO should strengthen network security controls in<br />
these areas.<br />
Response requested for Agency Memo only. See Agency memo (separate).<br />
Issue #3:<br />
MCSO personnel screening, security awareness training, and account access review<br />
processes could be improved. Incomplete personnel screening and training processes<br />
may leave MeSO vulnerable to potential abuse of sensitive data. Undocumented user<br />
access procedures increase the risk that unauthorized users may inappropriately<br />
access or modify criminal justice information. MCSO should consider strengthening<br />
personnel screening policies, provide user awareness training, and conduct user access<br />
reviews.<br />
Recommendation A: MCSO should consider developing a personnel screening policy<br />
that covers JMS users who do not access ACJIS data.<br />
Response: <strong>Management</strong> accepts the risk of this issue. This recommendation applies to a<br />
very small number of <strong>Maricopa</strong> <strong>County</strong> Office of Public Defender, Office of <strong>Management</strong><br />
and Budget and Department of Finance employees. These users access limited data that<br />
is not criminal history information.<br />
Target Completion Date: N/A<br />
Benefits/Costs: Increased accountability and control.<br />
Recommendation B: MCSO should consider enhancing the security awareness training<br />
program to align with the CJIS Security Policy requirements.<br />
Response: Completed. Security awareness training has been automated by the Arizona<br />
Department of Public Safety. <strong>County</strong> employees will complete the computer-based<br />
Page 1 of 4