If your organization is developing an information system and you are not sure whether the system is bound by the requirements of the CJIS Security Policy, these indicators below may help illustrate that for you.
The short, easy answer is: if you received the information from the CBI and/or FBI, it's likely bound by CJIS requirements.
A system contains criminal justice information (CJI) if it contains any personally identifying information (PII) plus any of the following identifiers/numbers:
- MRI/Master Record Index
- CIC/CCIC Record Number
- NIC/NCIC record number
- FBI/FBI Identification Number (now called UCN but may appear as FBI in legacy records)
- SID/State Identification Number (not a driver license number; rather, the fingerprint record index number)
- UCN/Universal Control Number (UCN)
- FPC/Fingerprint Classification
- PCO/Protection Order Conditions
Also included would be entire records from CCIC/NCIC Non-Restricted Files:
- Economic Crime Index
- License Plates
- Missing Persons
- Protection Orders (active)
- Query File (QQ)
- Unidentified Persons
- Vehicle and Boat Parts
- Wanted Persons
While records from the files above are still considered CJI, there can be indicators within a system that a record exists, without that mention being classified as CJI.
However, per CJIS Security Policy, the mere confirmation of the existence of a record within the CCIC/NCIC Restricted Files is considered CJI.
These Restricted Files are:
- Criminal History Record Information (CHRI) maintained by the CBI (or another state's equivalent agency) or FBI
- Gang Files
- Known or Appropriately Suspected Terrorist Files
- Supervised Release Files
- National Sex Offender Registry Files
- Historical Protection Order Files of the NCIC
- Identity Theft Files
- Protective Interest Files
- Person With Information (PWI) data in the Missing Person Files
- Violent Person File
- NICS Denied Transactions File
So if, for example, an operator were to write "an FBI criminal history check shows an assault from Oklahoma", that case report now contains CJI.
This is not an exhaustive list. For any questions, please contact CJIS Compliance Supervisor Donna Keihl at Donna.Keihl@state.co.us