803 CMR, § 7.07

Current through Register 1533, October 25, 2024
Section 7.07 - Roles and Responsibilities
(1)DCJIS is the FBI CSA for Massachusetts. In this capacity, DCJIS shall be responsible for the administration and management of FBI CJIS on behalf of the FBI, and shall be responsible for overseeing access to all FBI systems and information by Massachusetts agencies, as well as for ensuring system security, training, policy compliance, and auditing.
(2) Each agency head shall be responsible for:
(a) designating a CJIS representative, a backup CJIS representative, and a technical representative; the CJIS representative or backup CJIS representative may also serve as the technical representative if necessary;
(b) ensuring that all agency users of CJIS, or the information obtained from it, have been trained, tested, and certified within six months of hire and every two years thereafter;
(c) responding to audit questionnaires, complaints, and any other inquiries from DCJIS or from the FBI within the time period specified by DCJIS or the FBI;
(d) providing to DCJIS or the FBI the results of any investigation into the misuse of CJIS or any other system or source to which DCJIS provides access;
(e) reporting to DCJIS as soon as possible any misuse of CJIS, including improper access to or improper dissemination of information contained within or obtained through CJIS;
(f) executing the CJIS User Agreement as required;
(g) ensuring that the agency adheres to all CJIS and FBI policies and procedures, including the FBI CJIS Security Policy;
(h) notifying DCJIS as soon as practicable of any changes in contact information for the agency, the agency head, the CJIS representative, the backup CJIS representative, or the technical representative; and
(i) ensuring compliance with all state and federal laws, regulations, and policies related to CJIS and/or to any other system or source to which DCJIS provides access.
(3) The CJIS representative and the backup CJIS representative shall be responsible for:
(a) training, testing, and certifying agency users within six months of hire and biennially thereafter;
(b) responding to audit questionnaires, complaints, and/or any other inquiries from DCJIS or from the FBI within the time period specified by DCJIS or the FBI;
(c) providing to DCJIS or the FBI the results of any investigation into the misuse of CJIS or any other system or source to which DCJIS provides access;
(d) reporting to DCJIS as soon as possible any misuse of CJIS, including improper access to or improper dissemination of information contained within or obtained through CJIS;
(e) executing the CJIS User Agreement as required;
(f) ensuring that the agency adheres to all CJIS and FBI policies and procedures, including the FBI CJIS Security Policy;
(g) notifying DCJIS as soon as practicable of any changes in contact information for the agency, the agency head, the CJIS Representative, the backup CJIS Representative, or the technical representative; and
(h) ensuring compliance with all state and federal laws, regulations, and policies related to CJIS and/or to any other system or source to which DCJIS provides access.
(4) The CJIS technical representative shall be responsible for:
(a) maintaining and coordinating the agency's technical access to public safety information systems, including CJIS;
(b) maintaining CJIS system security requirements, including those described in the FBI CJIS Security Policy and any applicable CJIS User Agreement;
(c) reporting to the agency head, CJIS representative, or backup CJIS representative as soon as possible any misuse of CJIS, including improper access to or improper dissemination of information contained within or obtained through CJIS; and
(d) complying with all state and federal laws, regulations, and policies related to CJIS and/ or to any other system or source to which DCJIS provides access.
(5) Every CJIS user shall be responsible for:
(a) using CJIS only for authorized criminal justice purposes;
(b) successfully completing all required training;
(c) reporting to the agency head, CJIS representative, or backup CJIS representative as soon as possible any misuse of CJIS, including improper access to or improper dissemination of information contained within or obtained through CJIS;
(d) complying with all state and federal laws, regulations, and policies related to CJIS and/ r to any other system or source to which DCJIS provides; and
(e) complying with all state and federal laws, regulations, and policies related to the use of computers.
(6) Every CJIS user and every person who uses information obtained from CJIS or any other system or source to which DCJIS provides access shall:
(a) complete certification training every two years; and
(b) complete additional training as required by DCJIS for specific applications or information systems, or for understanding information therefrom.
(7) CJIS shall be accessed only by trained and certified criminal justice officials for authorized criminal justice purposes.

803 CMR, § 7.07

Amended by Mass Register Issue 1333, eff. 2/24/2017.
Amended by Mass Register Issue 1445, eff. 6/11/2021.