{"id":5065,"date":"2017-02-27T13:30:09","date_gmt":"2017-02-27T18:30:09","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/azuregov\/?p=5065"},"modified":"2017-02-27T13:30:09","modified_gmt":"2017-02-27T18:30:09","slug":"a-former-cjis-iso-perspective-microsofts-commitment-to-law-enforcement-from-top-to-bottom","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/azuregov\/a-former-cjis-iso-perspective-microsofts-commitment-to-law-enforcement-from-top-to-bottom\/","title":{"rendered":"A former CJIS ISO perspective: Microsoft&#8217;s commitment to law enforcement from top to bottom"},"content":{"rendered":"<p><em>\u201cI have worked with hundreds of vendors in my twelve years as CJIS ISO in Texas, and never have I found any vendor more committed to law enforcement.\u201d\u00a0 Alan Ferretti, Former CJIS ISO in Texas\u00a0<\/em><\/p>\n<p>Alan Ferretti, former Texas CJIS Information Security Officer (ISO), and I have been working together for nearly five years.\u00a0He recently retired and wanted to provide his perspective on being a former CJIS ISO and working with Microsoft.<\/p>\n<h2>Alan Ferretti<\/h2>\n<p>As a State CJIS ISO, you never know what you\u2019ll be dealing with when the phone rings. Sometimes it might be an auditor with a disabled vehicle up in the Panhandle, or it may be a county judge asking for a reason law enforcement personal computers need antivirus software when others in the county don\u2019t, or even a city manager wanting to know why they can\u2019t have full run of the police department. It\u2019s always something!<\/p>\n<p>So, the phone call I got in the summer of 2012 wasn\u2019t unusual. It was the Chief Information Security Officer (CISO) from the state of Texas. He explained there was an upcoming meeting with many state agencies and Microsoft to talk about this thing called \u201ccloud computing.\u201d He said he would review it for compliance with the Texas Administrative Code (TAC) and would like me to look at it from a CJIS compliance perspective. The plan was to make the Microsoft government cloud services available to all state and local governments in Texas through the state&#8217;s preapproved procurement process.<\/p>\n<p>I drove over to the Microsoft building at the scheduled time. The room was filled with a lot of state and Microsoft people. We listened to the presentations and then moved into the Q&amp;A session. The state CISO asked a couple of clarification questions before pronouncing that it met all the requirements found in the TAC. That\u2019s when I introduced Microsoft to the CJIS Security Policy. I explained what it was and why it exists. We made a small start in looking at the Policy and then the Microsoft team took it with them and we agreed to meet again after their review.<\/p>\n<p>Follow up meetings were held. We did in-person meetings, video conferences, and corresponded about the Policy via email. When finished, we had made it through the entire Policy, section by section. All issues were sorted out and any confusion about what a policy section meant was well understood by Microsoft. Their folks became experts on not just the Policy, but the reason behind each requirement.<\/p>\n<p>We then took the Security Addendum from the policy and added it to the contract available to all state and local agencies. This sounds easy, but keep in mind that this addition triggered state agency lawyer involvement. It is never a quick process. We also had to set up a way to receive, process, and inform Microsoft of the fingerprint screening results of their employees along with getting the signed CJIS Security Addendums on file. Not one problem was encountered. The Microsoft folks and the Texas Department of Public Safety folks were both professional and got the job done.<\/p>\n<p><em>I must say, I have worked with hundreds of vendors in my twelve years as CJIS ISO in Texas, and never have I found any vendor more committed to law enforcement, more knowledgeable about the Policy requirements, and more compliance-aware than all the folks at Microsoft. It starts at the top and flows through their entire organization. The early efforts were well worth it and are paying dividends now for all law enforcement across the country. If you are looking for a vendor partner to support your usage of Cloud Computing, you\u2019ll do no better than Microsoft. \u00a0<\/em><span>\n<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u201cI have worked with hundreds of vendors in my twelve years as CJIS ISO in Texas, and never have I found any vendor more committed to law enforcement.\u201d\u00a0 Alan Ferretti, Former CJIS ISO in Texas\u00a0 Alan Ferretti, former Texas CJIS Information Security Officer (ISO), and I have been working together for nearly five years.\u00a0He recently [&hellip;]<\/p>\n","protected":false},"author":1772,"featured_media":20423,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[2,25,29],"tags":[75,95,165],"class_list":["post-5065","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-announcements","category-portalpreview","category-security","tag-azure","tag-azure-government","tag-cjis"],"acf":[],"blog_post_summary":"<p>\u201cI have worked with hundreds of vendors in my twelve years as CJIS ISO in Texas, and never have I found any vendor more committed to law enforcement.\u201d\u00a0 Alan Ferretti, Former CJIS ISO in Texas\u00a0 Alan Ferretti, former Texas CJIS Information Security Officer (ISO), and I have been working together for nearly five years.\u00a0He recently [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/azuregov\/wp-json\/wp\/v2\/posts\/5065","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/azuregov\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/azuregov\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/azuregov\/wp-json\/wp\/v2\/users\/1772"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/azuregov\/wp-json\/wp\/v2\/comments?post=5065"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/azuregov\/wp-json\/wp\/v2\/posts\/5065\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/azuregov\/wp-json\/wp\/v2\/media\/20423"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/azuregov\/wp-json\/wp\/v2\/media?parent=5065"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/azuregov\/wp-json\/wp\/v2\/categories?post=5065"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/azuregov\/wp-json\/wp\/v2\/tags?post=5065"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}