Foreword

Modern justice agencies rely heavily upon their information technology resources to perform critical tasks and to provide emergency services to the public. Increasingly, justice agencies share information across wide area networks and the Internet. The sensitivity of this information and its related systems infrastructure make it a particularly vulnerable target. The core components of these information technology resources are so critical that disabling any single resource could potentially incapacitate the mutually dependent and interconnected systems. Disruption or intentional corruption of the information justice systems can have a dramatic impact upon our organizations and the society we serve. It must be recognized that justice information technology systems are a vital part of the nation's critical infrastructure, and as such, information technology infrastructure requires comprehensive security architecture. Protecting this critical resource is not just a matter of operational good sense; it is increasingly a matter of national security and public safety.

Security should be a core foundation of any information system and is best implemented during the design of any given system. Security can and should be successfully applied to existing systems as well. Security cannot be ignored.

The purpose of this document is to educate justice executives and managers on good, basic, foundational security practices that they can deploy within their enterprise and between multiple enterprises.

The long-term goal is to enable an environment of electronic trust among law enforcement and justice organizations. Electronic trust will be engendered if each organization can be assured that all parties with access to shared information follow certain minimum practices to safeguard that information. An environment of electronic trust is a minimum requirement for us to begin to fulfill the national priority of sharing information and improving the safety of the country.