Law Enforcement Officer Camera System Data Handling Requirements
[49 Pa.B. 2698]
[Saturday, May 25, 2019]
The State Police, under 18 Pa.C.S. § 5706(b)(4) and (5) (relating to exceptions to prohibitions in possession, sale, distribution, manufacture or advertisement of electronic, mechanical or other devices), publishes this notice of the minimum standards to comply with the Federal Bureau of Investigation (FBI), Criminal Justice Information Service (CJIS), Security Policy, Version 5.6 (CJIS Policy) and 18 Pa.C.S. §§ 9101—9183 (relating to Criminal History Record Information Act) (CHRIA).
Camera systems used by criminal justice agencies in accordance with paragraph (2) of the definition of ''oral communication'' in 18 Pa.C.S. § 5702 (relating to definitions) have a high probability of capturing criminal justice information (CJI) and personally identifiable information. For these reasons, audio or video data, or both, (herein called ''data'') captured by these camera systems are considered CJI and shall be handled in accordance with the CJIS Policy, CHRIA and Commonwealth Law Enforcement Assistance Network (CLEAN) regulations. Reference: CJIS Policy; 18 Pa.C.S. § 9106(b)(3) (relating to information in central repository or automated systems); and the CLEAN regulations, State Police, CLEAN Administrative Section.
Criminal justice agencies shall request approval from the State Police, CLEAN Administrative Section, prior to storing any data onsite or offsite. This approval will ensure compliance with CJIS Policy requirements and CHRIA. In accordance with 18 Pa.C.S. § 5706(b)(5), the following are the minimum requirements that must be met for any storage of an audio recording made in accordance with 18 Pa.C.S. § 5706(b)(4), or any accompanying video recording:
A. Camera system
1. While worn by the officer, a camera system shall be considered a physically secure location.
2. Upon removal from the officer's body, the camera system shall be maintained in a physically secure location in accordance with CJIS Policy standards.
3. If a camera system is located in a criminal justice conveyance, it shall be considered located in a physically secure location. If the camera or hard drive is removed from the criminal justice conveyance, it shall conform with the CJIS Policy. A criminal justice conveyance is any enclosed mobile vehicle used for the purposes of criminal justice activities with the capability to comply, during operational periods. A physically secure location, as stated in section 5.9.1 of the CJIS Policy (relating to physically secure location) is as follows:
A physically secure location is a facility, a criminal justice conveyance, or an area, room or a group of rooms within a facility, with both the physical and personnel security controls sufficient to protect CJI and associated information systems. The physically secure location is subject to criminal justice agency management control, State Identification Bureau control, FBI CJIS security addendum, or a combination thereof, and shall consist of the following:
a. Security perimeter—area that is posted, separated and secured.
b. Physical access authorizations—list of authorized personnel.
c. Physical access control—control all physical access points (AP).
d. Access control for transmission medium—control physical access to information systems, distribution and lines.
e. Access control for display medium—not visible to unauthorized personnel.
f. Monitoring physical access—monitor and respond to security incidents.
g. Visitor control—authenticate and escort visitors.
h. The agency shall authorize and control information system-related items entering and exiting the physically secure location (delivery and removal).
B. Data transfer or downloading the data
1. If accomplished through a wireless connection, agencies shall meet the CJIS Policy requirements, as stated in section 22.214.171.124 (relating to 802.11 wireless protocols).
Note: Wired Equivalent Privacy and Wi-Fi Protected Access cryptographic algorithms, used by all pre-802.11i protocols, do not meet the requirements for Federal Information Processing Standard (FIPS) 140-2 and may not be used.
2. Agencies shall implement the following controls for all agency-managed wireless APs with access to an agency's network that processes unencrypted CJI:
a. Perform validation testing to ensure rogue APs do not exist in the 802.11 wireless local area network and to fully understand the wireless network security posture.
b. Maintain a complete inventory of all APs and 802.11 wireless devices.
c. Place APs in secured areas to prevent unauthorized physical access and user manipulation.
d. Test AP range boundaries to determine the precise extent of the wireless coverage and design the AP wireless coverage to limit the coverage area to only what is needed for operational purposes.
e. Enable user authentication and encryption mechanisms for the management interface of the AP.
f. Ensure that all APs have strong administrative passwords and ensure all passwords are changed in accordance with section 126.96.36.199 of the CJIS Policy (relating to standard authenticators), as follows:
(1) Be a minimum length of eight characters on all systems.
(2) Not be a dictionary word or proper name.
(3) Not be the same as the user ID.
(4) Expire within a maximum of 90 calendar days.
(5) Not be identical to the previous ten passwords.
(6) Not be transmitted in the clear, outside the secure location.
(7) Not be displayed when entered.
g. Ensure the reset function on APs is used only when needed and is only invoked by authorized personnel. Restore the APs to the latest security settings, when the reset functions are used, to ensure the factory default settings are not utilized.
h. Change the default service set identifier (SSID) in the APs. Disable the broadcast SSID feature so that the client SSID must match that of the AP. Validate that the SSID character string does not contain any agency identifiable information (division, department, street, and the like) or services.
i. Enable all security features of the wireless product, including the cryptographic authentication, firewall and other available privacy features.
j. Ensure that encryption key sizes are at least 128-bits and the default shared keys are replaced by unique keys.
k. Ensure that the ad-hoc mode has been disabled.
l. Disable all nonessential management protocols on the APs.
m. Ensure all management access and authentication occurs through FIPS-compliant secure protocols (for example, SFTP, HTTPS, SNMP over TLS, and the like). Disable non-FIPS-compliant secure access to the management interface.
n. Enable logging (if supported) and review the logs on a recurring basis per local policy. At a minimum, logs shall be reviewed monthly.
o. Insulate, virtually (for example, virtual local area network and access control lists) or physically (for example, firewalls), the wireless network from the operational wired infrastructure. Limit access between wireless networks and the wired network to only operational needs.
p. When disposing of APs that will no longer be used by the agency, clear AP configuration to prevent disclosure of network configuration, keys, passwords, and the like.
3. If the data is manually downloaded by an individual or retained outside of a physically secure location, it will need to be encrypted at rest and in transit, per sections 188.8.131.52.1 and 184.108.40.206.2 of the CJIS Policy (relating to encryption for CJI in transit; and encryption for CJI at rest).
C. Storage of the data
Storage of data on location, if considered a physically secure location, shall be treated the same as all CJI at the location. Storage offsite, or in the cloud, shall meet all the requirements of the CJIS Policy for encryption while in transit and at rest, if applicable. If encryption is not used at rest, any person with access to the data or systems storing the data shall be properly vetted with a fingerprint-based background check and Security Awareness Training, and required agreements shall be maintained.
1. As stated in section 220.127.116.11.1 of the CJIS Policy:When CJI is transmitted outside the boundary of the physically secure location, the data shall be immediately protected via encryption. When encryption is employed, the cryptographic module used shall be FIPS 140-2 certified and use a symmetric cipher key strength of at least 128 bit strength to protect CJI.
2. As stated in section 18.104.22.168.2 of the CJIS Policy:When CJI is at rest (i.e. stored digitally) outside the boundary of the physically secure location, the data shall be protected via encryption. When encryption is employed, agencies shall either encrypt CJI in accordance with the standard in Section 22.214.171.124.1 above, or use a symmetric cipher that is FIPS 197 certified (AES) and at least 256 bit strength.
D. Reviewing and release of data
1. Data from the camera system shall only be reviewed by authorized personnel; that is, personnel that have been cleared through a fingerprint-based background check, have received Security Awareness Training and have signed the appropriate agreements, if applicable. If required, the Management Control Agreement for local government IT, or The Security Addendum for private contractors, shall be completed and on file.
2. Prior to the release of data from the camera system, the data shall be reviewed and any areas containing CJI shall be removed or rendered unintelligible. Any data received from CLEAN or the National Crime Information Center in either video or audio format, or both, shall be removed or rendered unintelligible prior to release to any unauthorized or unintended personnel.
E. Retention of data
Data shall be stored for 60 days unless needed for prosecution, courts, litigation, appeals or other operational needs.
F. Destruction of data
The data, or the data storage devices that are to be destroyed, shall be destroyed in compliance with the CJIS Policy, and a written destruction procedure that complies with the CJIS Policy shall be maintained at the agency. As stated in section 5.8.3 of the CJIS Policy (relating to digital media sanitization and disposal):The agency shall sanitize, that is, overwrite at least three times or degauss digital media prior to disposal or release for reuse by unauthorized individuals. Inoperable digital media shall be destroyed (cut up, shredded, etc.). The agency shall maintain written documentation of the steps taken to sanitize or destroy electronic media. Agencies shall ensure the sanitization or destruction is witnessed or carried out by authorized personnel.
LIEUTENANT COLONEL ROBERT EVANCHICK,
[Pa.B. Doc. No. 19-809. Filed for public inspection May 24, 2019, 9:00 a.m.]
No part of the information on this site may be reproduced for profit or sold for profit.
This material has been drawn directly from the official Pennsylvania Bulletin full text database. Due to the limitations of HTML or differences in display capabilities of different browsers, this version may differ slightly from the official printed version.