NISS Knowledge Base

The SAVIN Training and Technical Assistance Project Team regularly collects, compiles, and catalogs documents, state statues, policies, sample publications, model training materials, public education templates, and other materials which can be found in the Virtual Library. These materials have been donated by programs across the country.

SAVIN Virtual Library

"Ethical and legal obligations compel every professional in the justice system to protect privacy interests when sharing justice information. Today, increased security needs not only dictate enhanced justice information sharing but also highlight the need to balance privacy protection and justice information access. The ease of digital access now makes analysis of privacy obligations a more complex process. Nonetheless, the underlying foundations for privacy policy exist in our current laws and customs. Constitutions, statutes, regulations, policies, procedures, and common-law requirements still control justice entity collection and sharing of information. What is new is the need for justice practitioners to articulate the rules that control their information gathering and sharing activities in a manner that both supports information sharing and protects constitutional privacy rights."

"Since September 11, 2001, enhanced justice information sharing has been shown to be critical to ensure public safety and homeland security. As agencies pursue the automated exchange of information in the public interest, it is equally as critical that decision makers vigorously strive to protect constitutional privacy rights. To this end, justice and public safety agencies must develop privacy policies to guide information exchange efforts and to clearly identify the rules that control their information sharing activities.

The Privacy Policy Development Guide is a practical, hands-on resource that provides justice practitioners with sensible guidance for developing a privacy policy. It assists agencies in articulating privacy obligations in a manner that protects the justice agency, the individual, and the public and makes it easier to do what is necessary - share critical justice information."

To read more about justice information sharing privacy and to access the above mentioned guide, click on the following URL:

Policy, Guidance and Fact Sheets: https://www.fema.gov/assistance/individual/policy-guidance-and-fact-she…

"The Georgia Tech Research Institute (GTRI) has played a key role in the design and implementation of NIEM since inception. Under a funding partnership with DOJ and DHS, GTRI works with the NIEM Business Architecture Committee (NBAC) and the NIEM Technical Architecture Committee (NTAC) to implement and refine the NIEM standards and data components to meet the cross domain information sharing needs of federal, state, local, and tribal stakeholders. This includes implementation of the latest NIEM 2.0 release and associated tools which can now be downloaded from www.niem.gov.

An SOA separates partner capabilities into distinct units, or services, which are accessible over a network so users can combine and reuse them in producing applications, receiving real-time information, reporting, performing investigations, etc.

A service, in the context of information exchange, is defined as a distinct function [or unit] that allows the consumer of information to locate and access the information being provided by an information provider. Services communicate with each other by passing data from one service to another, or by coordinating an activity between two or more services.

A Service Specification is a formal document describing the capabilities made available through the service: the service model that defines the semantics of the service by representing its behavioral model, information model, and interactions; the policies that constrain the use of the service; and the service interface that provides a means of interaction with the service.

A service specification is analogous to the software documentation of an Application Programming Interface (API). It provides stakeholders with an understanding of the structure and functionality of the service and the applicability to its implementation interface rules (policies). It gives service consumers the information necessary for consuming a particular service, and service providers the information necessary for implementing the service in a consistent and interoperable manner.

The Performance Reference Model (PRM) is a standardized framework to characterize the performance of information technology (IT) initiatives and their contribution to program performance. PRM can help produce enhanced IT performance information to improve strategic and daily decision-making; improve the alignment and contribution of IT to outputs and outcomes, thereby creating a clear "line of sight" to results; and identify performance improvement opportunities across traditional agency boundaries.

The Business Reference Model (BRM) is a function-driven framework for describing the business operations of the federal government independent of the agencies that perform them. BRM provides an organized, hierarchical construct for describing the federal government's day-to-day business operations.

On February 6, 2002, the development of a Federal Enterprise Architecture (FEA) commenced. Led by OMB, the purpose of this effort is to identify opportunities to simplify processes and unify work across the agencies and within the lines of business of the Federal Government. The outcome of this effort will be a more citizen-centered, customer focused government that maximizes technology investments to better achieve mission outcomes.

The FEA is a business-based framework for cross-agency, government-wide improvement. It provides OMB and the Federal agencies with a new way of describing, analyzing, and improving the federal government and its ability to serve the citizen.

A Business Focused Approach …
Drawing from lessons learned through unsuccessful architecture efforts in the past, the FEA is truly business-driven. As such, its foundation is a Business Reference Model
(BRM), which describes the government’s Lines of Business and its services to the citizen independent of the agencies and offices involved. This business-based foundation provides a common reference point and foundation for improvement in a variety of key areas, such as performance measurement, budget allocation, information technology (IT) redundancy elimination, cross-agency collaboration, and e-Government.

Source: http://www.opm.gov/egov/documents/architecture/

The Data and Information Reference Model (DRM) helps to describe the types of interactions and information exchanges that occur between the federal government and its various constituencies. It will categorize the government's information along general content areas specific to BRM sub functions and decompose those content areas into greater levels of detail, ultimately to data components that are common to many business processes or activities. DRM will establish a commonly understood classification for federal data and enable information sharing between agencies. A common data classification model will streamline the processes associated with information exchange, both within the federal government and between the government and its external stakeholders.

The Technical Reference Model (TRM) is a component driven, technical framework used to identify the standards, specifications, and technologies that support and enable the delivery of service components and capabilities. TRM provides a foundation to support the construction, delivery, and exchange of business and application or service components that may be used and leveraged in a Component-based or Service-oriented Architecture.

The Common Alerting Protocol (CAP) is a standard digital format for expressing the essential content of effective warning messages, regardless of the technology by which they'll be delivered. A single CAP message can be used to trigger sirens, the Emergency Alert System, Weather Radios, telephone notification systems and systems for people with special needs such as the deaf and hearing-impaired.

Click Here to read more about the Common Alerting Protocol (CAP).

All components of a Service Specification are compiled in a GRA Service Specification Package (GRA-SSP). The SSP is a portable, self-contained, and self-documented collection of service specification artifacts in .zip format. The SSP is human- and machine-readable and can be used independently or as part of a service registry and/or repository.

A federation member organization that vets individuals, collects attributes about these individuals, and maintains these attributes in an accurate and timely manner. The IDPO operates an Identity Provider (IDP), which is a software service that performs user authentication each time an individual presents himself or herself to the federation and assigns the current attributes about the individual for a given information technology session. These attributes are presented to Service Providers in the federation or on a federation-to-federation basis.

A federation member organization that provides one or more electronic information service(s) to the federation. Service Provider Organizations provide services to the federation via Service Provider, which are trusted software services. These SPs evaluate the set of Identity Provider attributes presented to them in a form that conforms to the GFIPM Web Browser User-to-System Profile [GFIPM U2S PROFILE], to determine what level of access to provide to each end user.

Information that can be used to uniquely identify, contact, or locate a single person or can be used with other sources to uniquely identify a single individual.

A federation member organization that acts on behalf of one or more Identity Provider Organizations (IDPOs), acting as a trust bridge between those IDPOs and the Federation. A TIBO operates a Trusted Identity Broker (TIB), which is a software entity that provides the necessary cryptographic bridge and attribute translation capabilities to allow users from Identity Provider Organizations not in the Federation to access services in the Federation.

The Prescription Drug Monitoring Program (PDMP) Information Exchange (PMIX) establishes a national interoperability architecture, specifications, and a reusable infrastructure for the secure, reliable, and sustainable interstate exchange of state prescription data. PMIX leverages service-oriented architecture (SOA) principles through the Global Reference Architecture (GRA) to minimize custom development and maximize future agility.

PDMPs maintain statewide electronic databases of prescriptions dispensed for controlled substances (i.e., prescription drugs of abuse that are subject to stricter government regulation). Information collected by PDMPs may be used to support access to and legitimate medical use of controlled substances; identify or prevent drug abuse and diversion, facilitate the identification of prescription drug-addicted individuals and enable intervention and treatment, outline drug use and abuse trends to inform public health initiatives, or educate individuals about prescription drug use, abuse, and diversion as well as about PDMPs.

The PMIX Pilot Program is just a start. Infrastructure for the PMIX Pilot was tested in a successful pilot exchange of live data between the Kentucky All Schedules Prescription Electronic Reporting system and the Ohio Automated Rx Reporting System or RxCheck Hub. Under the PMIX approach, all protected health information was encrypted at the message level so that private data was not visible to any intermediary servers outside state boundaries. The supporting technologies used for the Pilot follow:

Data interoperability was enabled through National Information Exchange Model (NIEM) Information Exchange Package Documentation (IEPD).
Messaging interoperability was through a GRA PMIX Service Specification Package, including reliable secure web services capabilities.
A software development kit containing a State Routing Service intermediary and a reference implementation was used to reduce cost and accelerate adoption of the required state-side software.
The RxCheck Hub is the baseline implementation of the PMIX architecture. The hub was developed, with BJA support, to create an operational data sharing hub to implement the PMIX specifications and to deliver a functional, interstate, data-sharing hub. The RxCheck hub was designed with the involvement of the state PDMP practitioner community, private industry, and the Federal government, and began as the PMIX hub during a prototype development phase with data exchanges between Ohio and Kentucky. The hub was subsequently renamed the RxCheck hub to avoid confusion between the architecture and the hub.

Resource:

Prescription Drug Monitoring Program Document

RxCheck Connection Guide (June 2014)

PMIX IEPD

In 2006 the National Governors Association Center for Best Practices organized a Policy Academy which included five states. A grant of $50,000 was used to fund research to encourage justice information sharing using the Global Justice XML Data Model (GJXDM). States included in the Policy Academy were Connecticut, Iowa, Minnesota, New York, and North Carolina. Pilot projects focused on a variety of information exchanges. This report, drafted by the state of Connecticut, documents the CJIS-Meta Data Repository Project (CJIS-MDR), which is the data on the knowledge that is within an organization.

http://www.nga.org/cms/home.html

Participating Organization: Criminal Justice Policy and Planning Division
Contact Organization: Office of Policy and Management
Contact Person: Terry Schnure
[email protected]
Contact Phone: 806-418-6390

In 2006 the National Governors Association Center for Best Practices organized a Policy Academy which included five states. A grant of $50,000 to each state was used to fund research to encourage justice information sharing using the Global Justice XML Data Model (GJXDM). States included in the Policy Academy were Connecticut, Iowa, Minnesota, New York, and North Carolina. Pilot projects focused on a variety of information exchanges. This report, drafted by the state of Iowa, outlines some goals, outcomes, and lessons learned from the exchange of information between the County Attorneys and the Department of Corrections in Iowa.

http://www.nga.org/Files/pdf/07GJXDMIA.PDF

Participating Organization: Division of Criminal and Juvenile Justice Planning

Contact Organization: Iowa Department of Human Rights
Contact Person: David Meyers
[email protected]
Contact Phone: 515-281-6929

In 2006, the National Governors Association Center for Best Practices organized a Policy Academy which included five states. A grant of $50,000 to each state was used to fund research to encourage justice information sharing using the Global Justice XML Data Model (GJXDM). States included in the Policy Academy were Connecticut, Iowa, Minnesota, New York, and North Carolina. Pilot projects focused on a variety of information exchanges. This report, drafted by the state of New York, outlines the need to facilitate integrated justice information systems planning and implementation by enhancing the ability to access and share critical criminal justice information electronically at key decision points throughout the criminal justice process.

http://www.nga.org/Files/pdf/07GJXDMNY.PDF

Contact Organization: NYS Division of Criminal Justice Services
Contact Name: Valerie Shanley
[email protected]
Contact Phone: 518-457-6066

The purpose of this case study is to highlight the successful development of two NIEM 2.0-conformant Information Exchange Package Documents (IEPDs) and electronic data transmission involving the N-DEx subset of Uniform Crime Report (UCR) incident/offense and arrest data and Suspicious Activity Report (SAR) data, through the Alabama Criminal Justice Information Center (ACJIC).

See attached pdf for complete article.

Documents
https://bja.ojp.gov/media/document/30016

The purpose of the External Alarm Interface Exchange IEPD is to provide a standard data exchange for electronically transmitting information between an alarm monitoring company and a Public Safety Answering Point (PSAP). This effort to upgrade the External Alarm Exchange IEPD was sponsored by the Public Safety Data Interoperability (PSDI) Program, funded by the Bureau of Justice Assistance (BJA) and comanaged by the IJIS Institute and the Association of Public-Safety Communications Officials–International (APCO).

See attached pdf for full article.

Documents
https://bja.ojp.gov/media/document/30021

The purpose of this case study is to highlight the results and application of NIEM to the Consortium for the Exchange of Criminal Justice Technology (CONNECT), an interstate criminal justice information sharing initiative led by the Alabama Criminal Justice Information Center (ACJIC).

See attached pdf for full article.

Documents
https://bja.ojp.gov/media/document/30026

The State of Connecticut Department of Motor Vehicles (DMV) contacted the Connecticut Criminal Justice Information System (CJIS) in 2007 to inquire whether it would be possible to use the CJIS Offender Based Tracking System (OBTS) to look for offenders who hold student transportation endorsements. A manual process was developed and implemented using PL/SQL Developer. Since the first data exchange, CJIS has standardized to NIEM 2.0. The process was defined and working, so CJIS decided to use this exchange as the pilot for NIEM 2.0 and the IEPD process.

See attached pdf for full article.

Documents
https://bja.ojp.gov/media/document/30031

In an effort to establish the technology architecture needed across the jurisdictions, the National Capital Region (NCR) created a Data Exchange Hub (DEH) to act as a switching station for providing secure access to communications systems and applications. As a part of this effort, four information exchanges were identified as priorities and documented—NCR Resource Typing, Crisis Incident Management System (CIMS) Data Exchange, Records Management System (RMS) Exchange, and Computer-Aided Dispatch Exchange. These exchanges were developed using the National Information Exchange Model (NIEM), and the resulting Information Exchange Package Documentation (IEPDs) successfully demonstrated the utility of NIEM in the NCR project.

See attached pdf for full article.

Documents
https://bja.ojp.gov/media/document/30036

The purpose of this case study is to highlight the success of the pilot design of an interstate prescription monitoring information exchange (PMIX) program between California and Nevada.

See attached pdf for full article.

Documents
https://bja.ojp.gov/media/document/30041

Two projects in New Jersey are actively using and/or developing the National Information Exchange Model (NIEM) and Global Justice XML Data Model (GJXDM) standards for the sharing and processing of data.

See attached pdf for full article.

Documents
https://bja.ojp.gov/media/document/30046

The purpose of this case study is to highlight the success of the development of a NIEM 2.0-conformant Information Exchange Package Document (IEPD) for the New York State Intra-State Criminal History Report (Rap Sheet) Project.

See attached pdf for full article.

Documents
https://bja.ojp.gov/media/document/30051

To satisfy the need for standards and consistency, New York City decided to build on the success of Global Justice XML Data Model (GJXDM) in the criminal justice domain and adopt NIEM 2.0-conformant data exchanges for ACCESS NYC and the overall Health and Human Services domain.

See attached pdf for full article.

Documents
https://bja.ojp.gov/media/document/30056

As part of the ongoing efforts being made by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) to integrate NIEM into its enterprise, the Specially Designated Nationals (SDN) list data is being converted to a format that uses NIEM data elements. OFAC’s completion of its NIEM-SDN pilot project has revealed the utility of a scalable, universal exchange format, and the hope is that future exchange relationships with other agencies will consume fewer resources and will be completed in shorter periods of time.

See attached pdf for full article.

Documents
https://bja.ojp.gov/media/document/30061

The purpose of this case study is to highlight the successful development of a NIEM 2.0-conformant Information Exchange Package Document (IEPD) for Pennsylvania’s Court Case Event Messages through Pennsylvania’s Justice Network (JNET) and to draw attention to resulting documentation—NIEM Adoption Whitepaper, Performance Measurement Plan, and Lessons-Learned Report—that can guide future NIEM implementation efforts.

See attached pdf for full article.

Documents
https://bja.ojp.gov/media/document/30066

This case study looks at the state of Texas’ adoption of NIEM on the Texas Path to NIEM project.

See attached pdf for full article.

Documents
https://bja.ojp.gov/media/document/30071

This case study highlights the success of E-Verify from a data sharing perspective, between SSA and different systems within DHS.

See attached pdf for full article.

Documents
https://bja.ojp.gov/media/document/30076

The Vermont Judiciary operates with a case management system that is almost 20 years old, and the baseline code has been copied into each county over the years. The Judiciary has a project under way to purchase and convert to a modern, centralized, Web-based case management, document management, and e-filing system to support all courts in the Judiciary.

See attached pdf for full article.

Documents
https://bja.ojp.gov/media/document/30081

The purpose of this case study is to highlight the success of the development of NIEM 2.0-conformant Information Exchange Package Document (IEPD) for Law Enforcement Access to Driver’s License Photos in Washington State.

See attached pdf for full article.

Documents
https://bja.ojp.gov/media/document/30086

The Global Federated Identity and Privilege Management (GFIPM) standards and specifications provide a security framework for securely connecting justice and public safety personnel to interagency applications and data over the Internet.

The GFIPM Governane Guidelines document defines the governance structure for a GFIPM federation, including the parties that play a role in the governance structure (e.g., Board of Directors, Federation Management Organization, Identity Provider Organizations, Service Provider Organizations, Trusted Identity Broker Organizations, etc.) and the decisions to be made by each party.

The GFIPM Web Services Concept of Operations document (section 1.2) provides a brief discussion of the major standards, specifications, and profiles that are used and referenced by the GFIPM-WS standards.

The Global Federated Identity Privilege Management (GFIPM) Security Interoperability Demonstration Project Report, provides a good example of an existing implementation.

The table below addresses roles and responsibilities from a GFIPM organizational standpoint.