Statutes, codes, and regulations
Missouri Administrative Code
Title 11 - DEPARTMENT OF PUBLIC SAFETYDivision 30 - Office of the Director
Chapter 17 - Technical Standards for Criminal Justice Information Sharing
Section 11 CSR 30-17.010 - Definitions and Technical Standards for Information Sharing

Mo. Code Regs. tit. 11 § 30-17.010

Download
PDF
Current through Register Vol. 49, No. 23, December 2, 2024
Section 11 CSR 30-17.010 - Definitions and Technical Standards for Information Sharing

PURPOSE: This rule defines terms and establishes technical standards for any vendor wishing to sell or lease their information sharing system product(s) in Missouri to a criminal justice agency, as well as establishes requirements for any criminal justice agency building an information sharing system.

(1) Definitions.
(A) Central Vendor File (CVF)-The Criminal Justice Information Services (CJIS) Systems Agency (CSA) maintains a Central Vendor File (CVF) that contains vendor information for vendors and vendor staff who have met the latest Federal Bureau of Investigation (FBI) CJIS security policy requirements to handle Criminal Justice Information (CJI) and who the Criminal Records and Justice Information Advisory Committee (CRJIAC) certifies as compliant with the state of Missouri's information standards contained in this rule. The CVF will contain information about CJI sharing systems that have been certified, and versions of said products, that have been certified.
(B) Criminal justice agency means-
1. Courts; and
2. A governmental agency or any subunit thereof that performs the administration of criminal justice pursuant to a statute or executive order, and that allocates a substantial part of its annual budget to the administration of criminal justice. State and federal inspector general offices are included.
(C) Criminal Justice Information (CJI)-All of the FBI CJIS provided data necessary for law enforcement and civil agencies to perform their missions including, but not limited to; biometric, identity history, biographic, property, and case/incident history data, as defined per the FBI's Criminal Justice Information Services (CJIS) Security Policy.
(D) Criminal Justice Information Interface (CJI-I)-System interface used for the electronic sharing of CJI or Missouri court data related to the administration of criminal justice as defined in section 43.500, RSMo, or victim notification responsibilities required by section 595.209, RSMo, from a local entity to another local entity, or to a state agency or program, as well as from a state agency or program to a federal agency or program, as defined per the FBI's Criminal Justice Information Services (CJIS) Security Policy.
(E) Criminal Justice Information Service (CJIS) Criminal Systems Agency (CSA)-An FBI designated agency for the State of Missouri responsible for establishing and administering an information technology security program throughout the CSA's user community, to include the local levels, as defined per the FBI's Criminal Justice Information Services (CJIS) Security Policy.
(F) Criminal Records and Justice Information Advisory Committee (CRJIAC)-Committee established pursuant to section 43.518, RSMo, the purpose of which includes recommend policies and strategies, including standards and technology, for promoting electronic justice information sharing, between authorized agencies and institutions. For purposes of this regulation, CRJIAC includes any subcommittee that has been designated by CRJIAC to act on its behalf.
(G) Director-The director of the Department of Public Safety.
(H) Information Sharing System-An agency-wide system that provides for the storage, retrieval, retention, manipulation, archiving, and viewing of information, records, documents, or files pertaining to a criminal justice agency's administration of criminal justice that uses a Criminal Justice Information Interface.
(I) Missouri Court Data-Data that falls within the rules established by the Missouri Supreme Court for data sharing that apply to state and local courts within Missouri.
(J) Missouri Incident Based Reporting System (MIBRS)-A Missouri program, established pursuant to section 43.505, RSMo that is used by law enforcement to collect and report data on crimes that occur in Missouri for compilation at the state and federal level.
(K) Metadata-Structured information that describes, explains, locates, or otherwise makes it easier to retrieve, use, or manage an information resource. Metadata is commonly referred to as data about data, information about information, or information describing the characteristics of data. Whenever the term "data" is used in this rule, such term includes metadata.
(L) National Incident Based Reporting System (NIBRS)-A national program that is used by law enforcement to collect and report data on crimes to the Federal Bureau of Investigation for compilation at the federal level.
(M) National Identity Exchange Federation (NIEF)-An organization establishing a national standard for securing the sharing of information across diverse organizations and systems.
(N) National Information Exchange Model (NIEM)-A national standard for the efficient sharing of information across diverse organizations and systems.
(O) National Data Exchange (N-DEx)-The unclassified national information sharing system that enables criminal justice agencies to search, link, analyze, and share local, state, tribal, and federal records.
(P) Vendor-Any entity that supplies products or services to a criminal justice agency for a fee.
(2) Technical Standards for Information Sharing.
(A) Vendors seeking to sell or lease, or criminal justice agencies seeking to build, an information sharing system in Missouri shall ensure the information sharing system abides by the standards on file with the CSA for the purposes of contributing to criminal justice information sharing programs, including, but not limited to, MIBRS, NIBRS, and N-DEx.
(B) Any vendor seeking to sell or lease a CJI sharing system to any criminal justice agency located within the state of Missouri, shall provide written notice of this rule within any related marketing materials to such criminal justice agency. Such marketing materials must also state if the information sharing system is listed and approved on the CSA CVF.
(C) Any criminal justice agency contracting with a vendor to develop or operate a CJI interface shall use a vendor on the CSA CVF.
(D) All data associated with an information sharing system shall remain the property of the originating criminal justice agency. Such data shall be returned to the originating criminal justice agency upon the termination of the contract in a format that meets the standards of this rule or as otherwise agreed to in writing by both parties.
(E) No data associated with an information sharing system may be sold, transferred, or shared with a third party without consent from the owner of the data except as otherwise provided by statute. In no event shall any CJI data be transferred to or shared with any entity not eligible to receive such data or metadata pursuant to section 43.500, RSMo, et seq., Code of Federal Regulations (CFR) Title 28 Part 20 Criminal Justice Information Systems, or any other applicable law.
(F) Adoption of standards for CJI interfaces and CJI sharing.
1. In general, CRJIAC may adopt or recommend to the director the existing national standards for CJI interfaces and CJI sharing, unless a national standard does not exist or the existing national standard deviates from a previously approved state standard. In those cases where a national standard does not exist or CRJIAC determines that the national standard is not aligned with the established state standard, providers shall use the NIEF and NIEM standards for the exchange and securing of CJI.
2. CRJIAC may recommend the standards for CJI interfaces related to those purposes described under subsection (2)(A). The director may adopt the recommended standard, and the CSA shall place the recommended standards on file.
(G) The transfer of CJI from a local entity to a state agency or program or from a state agency or program to a federal agency or program shall comply with standards on file with the CSA.
(H) Vendor CJI system shall be reviewed by CRJIAC and recommended for approval by the director. If approved by the director, a vendor CJI system product shall be placed on the CSA CVF.
(I) If a criminal justice agency has an internally developed or operated information sharing system, any CJI interfaces shall comply with standards on file with the CSA.
(J) Any information sharing system using a CJI interface shall comply with the standards on file with the CSA no later than two (2) years following the effective date of this rule.
(K) CRJIAC may recommend that the director implement a compliance transition period following the adoption of or update to a standard.
(L) This rule shall only apply to CJI interfaces that share CJI in an ongoing or recurring manner and shall not apply to one- (1-) time transfers of information.
(M) CRJIAC may recommend strategies regarding appropriate remedies for vendors selling information sharing systems in Missouri that does not comply with these standards.

11 CSR 30-17.010

Adopted by Missouri Register April 1, 2021/Volume 46, Number 07, effective 5/31/2021