CJIS Audit Unit (CAU)
(L-R, Amber McDonald, CJIS Auditor, Steve Steiner, Deputy CJIS Systems Officer, Tamitra McClain, CJIS Auditor, and
Derek Holbert, CJIS Auditor)
Welcome! The CAU program oversees the implementation of the NIGC’s external and internal compliance strategies to achieve and demonstrate compliance with the Memorandum of Understanding (MOU) between the Federal Bureau of Investigation and NIGC concerning Noncriminal Justice Fingerprint Submissions. CAU audit staff deliver training, technical assistance and conduct selective audits/investigations of those tribes with an executed, suspended, or terminated MOU with the NIGC regarding Criminal History Record Information.
The CAU can be reached by email: cau@nigc.gov
Memorandum of Understanding MOU:
This MOU memorializes the NIGC’s and the TGRA’s understandings and responsibilities regarding the submission of noncriminal justice fingerprints and the transmittal, receipt, storage, use, and dissemination of CJI and CHRI.
- FBI and NIGC Memorandum of Understanding (Effective 01/17/20)
- Dear Tribal Gaming Regulator - Final CHRI MOU for TGRA signature
- Final CHRI MOU
Security Awareness Training (SAT) and LASO Training Information:
All users with authorized access to CJI should be made aware of their individual responsibilities and expected behavior when accessing CJI and the systems which process CJI.
- Sample Noncriminal Justice Agency Information Change Form (ex. LASO designation)
- CJIS Online Training for Security Awareness and LASO’s can be taken here:
- How to guide for CJIS Online Login
Outsourcing Agreement Resources:
Prior to engaging in outsourcing any noncriminal justice administrative functions with a Contractor, an Authorized Recipient (Tribe/TGRA) must request and receive written permission from the FBI Compact Officer.
- Helpful Outsourcing Information
- Security and Management Control Outsourcing Standard for Non-Channelers
- Outsourcing Agreement Job Aid
- Sample Non- Channeler request for Approval to Contract
- Sample Non- Channeler request for Approval to Contract Tribal IT Support
- Sample CJIS Outsourcing Contract
- Sample 90 Day Audit Checklist for Contractor Access to FBI CHRI
Checklists:
- Initial Steps to CJIS Compliance (Updated 02/07/20)
- Key Employee and Primary Management Official Checklist (Issued 11/20/20)
- Noncriminal Justice Agency (NCJA) Information Technology Security Audit Correspondence Questionnaire
- CJIS IT Audit Checklist
- 2021 CHRI MOU Checklist
CJIS Security Policy (CSP) Sample Checklists:
The CSP policy areas focus upon the data and services that the FBI CJIS Division exchanges and provides to the criminal justice community and its partners. Each policy area provides both strategic reasoning and tactical implementation requirements and standards.
These sample checklists are audit tools that Tribes can use to self-assess compliance with the CSP.
- 2022.5 Sample Audit Checklist CSP 5.1 Version 5.9
- 2022.5 Sample Audit Checklist CSP 5.2 Version 5.9
- 2022.5 Sample Audit Checklist CSP 5.3 Version 5.9
- 2022.5 Sample Audit Checklist CSP 5.4 Version 5.9
- 2022.5 Sample Audit Checklist CSP 5.5 Version 5.9
- 2022.5 Sample Audit Checklist CSP 5.6 Version 5.9
- 2022.5 Sample Audit Checklist CSP 5.7 Version 5.9
- 2022.5 Sample Audit Checklist CSP 5.8 Version 5.9
- 2022.5 Sample Audit Checklist CSP 5.9 Version 5.9
- 2022.5 Sample Audit Checklist CSP 5.10 Version 5.9
- 2022.5 Sample Audit Checklist CSP 5.12 Version 5.9
- 2022.5 Sample Audit Checklist CSP 5.13 Version 5.9
Sample Forms and Policies:
- Notice of Results
- Tribal notification Form for CHRI MOU V.B.13
- Authorized Personnel List
- Acknowledgment Statement
- Acceptable Use Policy
- CHRI Proper Access, Use, and Dissemination Policy
- Disciplinary Policy
- Disposal of Media Policy and Procedures
- Incident Response Policy
- Media Protection Policy
- Personally Owned Device Policy
- Physical Protection Policy
- Rules of Behavior Policy
- Security Incident Response Form
- User Account – Access Validation Policy
- Applicant’s Privacy Rights Notice (Updated 11/6/19)
- FBI Privacy Act (Updated 03/30/18)