Difference between revisions of "User:Shawndouglas/sandbox/sublevel17"

From LIMSWiki
Jump to navigationJump to search
(Created page with "<div class="nonumtoc">__TOC__</div> {{ombox | type = notice | style = width: 960px; | text = This is sublevel17 of my sandbox, where I play with features and tes...")
 
Line 108: Line 108:
   | style="padding:5px; width:500px;" |[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.4.7]
   | style="padding:5px; width:500px;" |[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.4.7]
   | style="background-color:white;" |'''20.8''' The system shall be able to record all National Crime Information Center (NCIC) and Interstate Identification Index (III) data transactions, clearly identifying the operator and authorized receiving agency or organization. III records shall also identify requester and recipient using a unique identifier.
   | style="background-color:white;" |'''20.8''' The system shall be able to record all National Crime Information Center (NCIC) and Interstate Identification Index (III) data transactions, clearly identifying the operator and authorized receiving agency or organization. III records shall also identify requester and recipient using a unique identifier.
|-
  | style="padding:5px; width:500px;" |[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.5.6]
  | style="background-color:white;" |'''20.9''' If the system provides remote access to authorized users over authorized devices, the remote access shall be monitored, controlled and documented, particularly for privileged functions. If remote access to privileged functions is allowed, virtual escorting that meets CJIS Security Policy 5.5.6 conditions will be required.
|-
  | style="padding:5px; width:500px;" |[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.6.2.1.1.1–2]<br />[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.6.2.1.2–3]
  | style="background-color:white;" |'''20.10''' The system shall be capable of putting into place, in their entirety, either the "basic password standards" or "advanced password standards" described in CJIS Security Policy 5.6.2.1.1.1 and 5.6.2.1.1.2. If PIN and/or one-time password is also used, the attributes in 5.6.2.1.2 and 5.6.2.1.3 shall also be required.
|-
  | style="padding:5px; width:500px;" |[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.6.2.2]
  | style="background-color:white;" |'''20.11''' If the system supports user-based certificates for authentication, the system shall be configurable enough to require them to be 1. user-specific, not device-specific, 2. used only by one user at any given time, and 3. activated for each use by, e.g., a passphrase or PIN.
|-
  | style="padding:5px; width:500px;" |[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.10.1.2.1–2]<br />[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy Appendix G.6]
  | style="background-color:white;" |'''20.12''' The system shall allow "encryption in transit" and "encryption at rest" of criminal justice information (CJI) that meets or exceeds the requirements of CJIS Security Policy 5.10.1.2.1 and 5.10.1.2.2.
|-
  | style="padding:5px; width:500px;" |[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.10.1.5]
  | style="background-color:white;" |'''20.13''' If the system is cloud-based, the vendor shall ensure that CJI is stored in databases located within the physical boundaries of APB-member countries and within the legal authority of APB-member agencies. Additionally, the vendor shall agree to not use any metadata derived from unencrypted CJI for commercial, advertising, or other purposes, unless specifically permitted for limited within the service agreement.
|-
  | style="padding:5px; width:500px;" |[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.11.1–2]
  | style="background-color:white;" |'''20.14''' If the system is cloud-based, the vendor should agree to FBI and CSA compliance and security audits of CJI.
|-
  | style="padding:5px; width:500px;" |[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.10.3.2]<br />[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy Appendix G.1]
  | style="background-color:white;" |'''20.15''' If the system is capable of being run in a virtual environment, it shall meet the virtualization requirements set forth in CJIS Security Policy 5.10.3.2 and best practices set forth in CJIS Security Policy Appendix G.1.
|-
  | style="padding:5px; width:500px;" |[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy Appendix G.5]
  | style="background-color:white;" |'''20.16''' The system should provide separate processing domains in order to allow for more granular allocation of user privileges.
  |-  
  |-  
|}
|}
|}
|}

Revision as of 18:11, 15 September 2019

This is sublevel17 of my sandbox, where I play with features and test MediaWiki code. If you wish to leave a comment for me, please see my discussion page instead.

Sandbox begins below

18. Agriculture and Food Data Management

Regulation, Specification, or Guidance Requirement
FDA eLEXNET Data Exchange Program 18.1 The system should be able to create or convert an XML or XLS file to eLEXNET template specifications, including the use of eLEXNET terminology.
USDA Sampling Procedures for PDP 5.3
USDA Sampling Procedures for PDP 6.2 		18.2 The system shall allow for the assignment of the "regulatory sample collection" role and be able to produce a list of individuals in said role, including information such as name, locations assigned, part- or full-time role, and full-time equivalents (if any) used to meet any regulatory requirements.
USDA Sampling Procedures for PDP 5.4 18.3 The system shall allow for the documentation of sampling sites used for normal and regulatory sampling and be able to produce a complete list of such sites on-demand. The documentation should allow for details such as the addition of a unique, never-before-used site code; a region code; demographics; date added to or removed from the system; facility type; sample substrates or commodities available at the site; and relative volume information.
USDA Sampling Procedures for PDP 5.4.12 and 5.4.14 18.4 The system shall allow a site that is no longer active for sampling purposes be designated as inactive, yet be allowed to remain on any generated master list. Additionally, such inactive site shall maintain its unique site number in the event the site becomes reinstated as active.

19. Environmental Data Management

Regulation, Specification, or Guidance Requirement
EPA Metadata Technical Specification 19.1 The system should support metadata requirements set forth by ISO 19115 and the EPA Metadata Technical Specification for reporting and data publishing purposes.
EPA ERLN Laboratory Requirements 3.3 19.2 The system should support the manual entry or electronic transfer of EPA analytical service requests (ASRs), along with all the required fields of the ASR, including project identifier, project demographics, sample specifics, sample hazards, reporting requirements, and special requirements.
EPA SEDD Specification and Data Element Dictionary v5.2 19.3 The system should support the creation and transfer of Staged Electronic Data Deliverable (SEDD) files.

40 CFR Part 3.10
40 CFR Part 60 (throughout)
40 CFR Part 62 (throughout)
40 CFR Part 63 (throughout)

19.4 The system shall support generating electronic environmental reports (e.g., stationary source emissions tests) in either the EPA's Electronic Reporting Tool (ERT) special spreadsheet format or in an XML file format that complies with EPA-approved XML schema.

20. Forensic Case and Data Management

Regulation, Specification, or Guidance Requirement

ASCLD/LAB Supp. Reqs. for the Accreditation of Forensic Science Testing Laboratories 5.8.4.3 ASTM E1188-11 3.2.3
ASTM E1188-11 3.4.1
ASTM E1459-13 2.1
ASTM E1459-13 4.1.1–2
ASTM E1459-13 4.1.4.2
ASTM E1459-13 4.2.2–3
ASTM E1492-11 4.1.1
ASTM E1492-11 4.1.5

20.1 The system shall be able to assign each piece of collected evidence and each scene a unique identifier using methodologies such as an ID with an incrementing integer (for sequential evidence numbers) or a user-defined naming format for meeting regulatory requirements.
ASCLD/LAB Supp. Reqs. for the Accreditation of Forensic Science Testing Laboratories 4.13.2.6–10
ASTM E1492-11 4.1.1
 20.2 The system shall be able to assign each case a unique case identifier that, in addition to an electronic signature, is able to be automatically placed on, at a maximum, each page of the case's associated examination and administration records.

ASTM E1492-11 4.1.1.1–2
ASTM E1492-11 4.1.4–5
ASTM E1492-11 4.2.2–3
ASTM E1492-11 4.5.1.1

20.3 In addition to a unique case number, the system shall provide a means to add additional information to a case file, including, but not limited to, submitting agency, agency case number, date of case receipt, name of recipient, shipping and receipt details, items associated with the case and their unique designators, notes, test data, related reports, and other documentation.
ASTM E1188-11 (throughout)
ASTM E1459-13 (throughout)
ASTM E1492-11 4.4.3 and 4.5.1 		20.4 The system should be able to document evidence using an ASTM-compliant evidence log, including, but not limited to, unique identifiers, investigator and custodian names, key dates and times, evidence conditions, and storage location.
ASTM E1492-11 4.3.1.1 20.5 The system should be able to prevent a piece of evidence from being scheduled for destructive testing until an appropriate authorization for such analysis is acquired and documented.
ASCLD/LAB Supp. Reqs. for the Accreditation of Forensic Science Testing Laboratories 5.8.1.1.1
ASTM E1492-11 4.1.2 		20.6 The system shall be able to record and maintain chain of custody of evidence that is subdivided in the laboratory in the same way that original evidence items are tracked.
CJIS Security Policy 5.1.3 20.7 The system shall be capable of recording the secondary dissemination to an authorized agency or organization of criminal history record information (CHRI) sourced from U.S. Criminal Justice Information Services (CJIS).
CJIS Security Policy 5.4.7 20.8 The system shall be able to record all National Crime Information Center (NCIC) and Interstate Identification Index (III) data transactions, clearly identifying the operator and authorized receiving agency or organization. III records shall also identify requester and recipient using a unique identifier.
CJIS Security Policy 5.5.6 20.9 If the system provides remote access to authorized users over authorized devices, the remote access shall be monitored, controlled and documented, particularly for privileged functions. If remote access to privileged functions is allowed, virtual escorting that meets CJIS Security Policy 5.5.6 conditions will be required.
CJIS Security Policy 5.6.2.1.1.1–2
CJIS Security Policy 5.6.2.1.2–3 		20.10 The system shall be capable of putting into place, in their entirety, either the "basic password standards" or "advanced password standards" described in CJIS Security Policy 5.6.2.1.1.1 and 5.6.2.1.1.2. If PIN and/or one-time password is also used, the attributes in 5.6.2.1.2 and 5.6.2.1.3 shall also be required.
CJIS Security Policy 5.6.2.2 20.11 If the system supports user-based certificates for authentication, the system shall be configurable enough to require them to be 1. user-specific, not device-specific, 2. used only by one user at any given time, and 3. activated for each use by, e.g., a passphrase or PIN.
CJIS Security Policy 5.10.1.2.1–2
CJIS Security Policy Appendix G.6 		20.12 The system shall allow "encryption in transit" and "encryption at rest" of criminal justice information (CJI) that meets or exceeds the requirements of CJIS Security Policy 5.10.1.2.1 and 5.10.1.2.2.
CJIS Security Policy 5.10.1.5 20.13 If the system is cloud-based, the vendor shall ensure that CJI is stored in databases located within the physical boundaries of APB-member countries and within the legal authority of APB-member agencies. Additionally, the vendor shall agree to not use any metadata derived from unencrypted CJI for commercial, advertising, or other purposes, unless specifically permitted for limited within the service agreement.
CJIS Security Policy 5.11.1–2 20.14 If the system is cloud-based, the vendor should agree to FBI and CSA compliance and security audits of CJI.
CJIS Security Policy 5.10.3.2
CJIS Security Policy Appendix G.1 		20.15 If the system is capable of being run in a virtual environment, it shall meet the virtualization requirements set forth in CJIS Security Policy 5.10.3.2 and best practices set forth in CJIS Security Policy Appendix G.1.
CJIS Security Policy Appendix G.5 20.16 The system should provide separate processing domains in order to allow for more granular allocation of user privileges.
Retrieved from "https://www.limswiki.org/index.php?title=User:Shawndouglas/sandbox/sublevel17&oldid=36229"