Global Standards Package Grant Condition
The Global Standards Council (GSC) was created to support the work of DOJ's Global working groups and related bodies by coordinating the establishment of a common, consistent, and standards-based approach to implementing justice information sharing solutions. To further this goal, the GSC developed the Global Standards Package (GSP) which describes a full information sharing technology standards implementation suite that addresses data standardization, messaging architecture, security, and privacy requirements. In order to promote consistency and interoperability of systems across the justice and public safety community, OJP requires grantee compliance to the GSP and all components thereof. In addition to offering a common mechanism to share information across agencies, the GSP also promotes the use of open, consensus-based standards to avoid proprietary or restrictive approaches to system integration and interface development. This approach enables adopters to fully realize the cost savings and operational efficiencies that have been demonstrated by those who have already implemented elements of the GSP.
Compliance to the GSP requires conformance to all components of the GSP whenever applicable. If the grantee is planning to exchange information across agencies or systems using a common data format, such format is required to be conformant to the National Information Exchange Model (NIEM). If the grantee is planning to adopt a service-oriented approach to sharing information, it must leverage the Global Reference Architecture (GRA), and so on. The primary components of the GSP are as follows:
- National Information Exchange Model (NIEM)
- Global Reference Architecture (GRA)
- Global Federated Identity and Privilege Management (GFIPM)
In addition, certain GSP components enable the development of national, or "reference," specifications that further promote reuse for enhanced interoperability. Whenever applicable, these reference specifications should be used as a foundation for implementation of complementary business processes. If the grantee wishes to use an alternate format for which a reference specification already exists, specific justification must be included in the grant application narrative.
National Information Exchange Model (NIEM)—the NIEM data model and tools are supported by a robust governance process and program management office. NIEM conformance is defined explicitly across a number of dimensions, including data modeling, XML representation, exchange development, and implementation. Detailed guidance on NIEM conformance for grantees can be found at https://www.niem.gov/aboutniem/grant-funding/Pages/implementation-guide.aspx. NIEM also maintains a repository of reusable exchange specifications that can be found at https://bja.ojp.gov/program/it/policy-implementation/clearinghouse.
Global Reference Architecture (GRA)—the GRA provides both a reference architecture to speed agency adoption of Service-Oriented Architecture (SOA)-based approaches to information sharing, as well as a standard methodology for developing particular service specifications that align with specific business functions. Conformance to the GRA generally relies on adherence to the GRA Framework for the former and to the GRA Service Specification Guidelines for the latter. Detailed guidance on GRA implementation for grantees can be found at https://bja.ojp.gov/program/it/national-initiatives/gra. On the same page can be found a listing of reference service specification packages (SSPs) that should be reused whenever applicable.
Global Federated Identity and Privilege Management (GFIPM)—the GFIPM specifications and guidelines are designed to support secure access to various information systems based on commonly understood and applied protocols for user access and attribute-based access control policies. Rather than serving as a universal approach to securing justice information systems, GFIPM should be used in particular cases where regional, multijurisdictional, or cross-boundary information sharing is occurring and there is a need to create a “federation” of participants who must agree on policy and technical solutions to satisfy interoperability requirements. Conformance to GFIPM primarily relies on use of the GFIPM Metadata standard and adherence to operational policies and procedures. Detailed guidance on GFIPM implementation can be found at https://bja.ojp.gov/program/it/national-initiatives/gfipm.
As stated above, compliance with the GSP is dependent on the grantee conforming to each of the GSP’s normative components above, whenever applicable. For instance, if the grantee is supporting a project to integrate two reporting systems that already operate within the same security environment and there are no new access control provisions required, then conformance to the NIEM and GRA components of the GSP will be sufficient to satisfy the requirement to comply with the GSP. In general, OJP does not require formal certification of software, tools, etc., to verify conformance. However, additional requirements may be imposed by particular funding programs. In cases where software or services are being procured from private sector partners, the grantee should follow procedures such as those recommended by the IJIS Institute to ensure that procured services are in fact conformant. See http://www.ijis.org/?page=PreRFP_Toolkit.
For additional background on DOJ’s Global Justice Information Sharing Initiative and related activities, please visit bja.ojp.gov/program/it or contact the Bureau of Justice Assistance (BJA) Justice Information Sharing (JIS) office via Michael Roosa at (202) 532-0031 or [email protected]; or David Lewis, at (202) 616-7829, or [email protected].