Difference between revisions of "Template:LIMSpec/Forensic case and data management"
From LIMSWiki
Jump to navigationJump to searchShawndouglas (talk | contribs) m (21.17 update) |
Shawndouglas (talk | contribs) (Updated for 2022.) |
||
Line 9: | Line 9: | ||
|- | |- | ||
| style="padding:5px; width:500px;" | | | style="padding:5px; width:500px;" | | ||
[ | [https://des.wa.gov/sites/default/files/public/documents/About/1063/RFP/Add7_Item4ASCLD.pdf ASCLD/LAB Supp. Reqs. for the Accreditation of Forensic Science Testing Laboratories 5.8.4.3] | ||
[https://www.astm.org/ | [https://www.astm.org/e1188-11r17.html ASTM E1188-11 3.2.3]<br /> | ||
[https://www.astm.org/ | [https://www.astm.org/e1188-11r17.html ASTM E1188-11 3.4.1]<br /> | ||
[https://www.astm.org/ | [https://www.astm.org/e1188-11r17.html ASTM E1459-13 2.1]<br /> | ||
[https://www.astm.org/ | [https://www.astm.org/e1459-13r18.html ASTM E1459-13 4.1.1–2]<br /> | ||
[https://www.astm.org/ | [https://www.astm.org/e1459-13r18.html ASTM E1459-13 4.1.4.2]<br /> | ||
[https://www.astm.org/ | [https://www.astm.org/e1459-13r18.html ASTM E1459-13 4.2.2–3]<br /> | ||
[https://www.astm.org/ | [https://www.astm.org/e1492-11r17.html ASTM E1492-11 4.1.1]<br /> | ||
[https://www.astm.org/ | [https://www.astm.org/e1492-11r17.html ASTM E1492-11 4.1.5] | ||
| style="background-color:white;" |'''21.1''' The system shall be able to assign each piece of collected evidence and each scene a unique identifier using methodologies such as an ID with an incrementing integer (for sequential evidence numbers) or a user-defined naming format for meeting regulatory requirements. | | style="background-color:white;" |'''21.1''' The system shall be able to assign each piece of collected evidence and each scene a unique identifier using methodologies such as an ID with an incrementing integer (for sequential evidence numbers) or a user-defined naming format for meeting regulatory requirements. | ||
|- | |- | ||
| style="padding:5px; width:500px;" |[ | | style="padding:5px; width:500px;" |[https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.359.5506&rep=rep1&type=pdf A2LA C223 4.13]<br />[https://des.wa.gov/sites/default/files/public/documents/About/1063/RFP/Add7_Item4ASCLD.pdf ASCLD/LAB Supp. Reqs. for the Accreditation of Forensic Science Testing Laboratories 4.13.2.6–10]<br />[https://www.astm.org/e1492-11r17.html ASTM E1492-11 4.1.1]<br /> | ||
| style="background-color:white;" |'''21.2''' The system shall be able to assign each case a unique case identifier that, in addition to an electronic signature, is able to be automatically placed on, at a maximum, each page of the case's associated examination and administration records. | | style="background-color:white;" |'''21.2''' The system shall be able to assign each case a unique case identifier that, in addition to an electronic signature, is able to be automatically placed on, at a maximum, each page of the case's associated examination and administration records. | ||
|- | |- | ||
| style="padding:5px; width:500px;" | | | style="padding:5px; width:500px;" | | ||
[https://www.astm.org/ | [https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.359.5506&rep=rep1&type=pdf A2LA C223 4.13]<br /> | ||
[https://www.astm.org/ | [https://www.astm.org/e1492-11r17.html ASTM E1492-11 4.1.1.1–2]<br /> | ||
[https://www.astm.org/ | [https://www.astm.org/e1492-11r17.html ASTM E1492-11 4.1.4–5]<br /> | ||
[https://www.astm.org/ | [https://www.astm.org/e1492-11r17.html ASTM E1492-11 4.2.2–3]<br /> | ||
[https://www.astm.org/e1492-11r17.html ASTM E1492-11 4.5.1.1] | |||
| style="background-color:white;" |'''21.3''' In addition to a unique case number, the system shall provide a means to add additional information to a case file, including, but not limited to, submitting agency, agency case number, date of case receipt, name of recipient, shipping and receipt details, items associated with the case and their unique designators, notes, test data, related reports, and other documentation. | | style="background-color:white;" |'''21.3''' In addition to a unique case number, the system shall provide a means to add additional information to a case file, including, but not limited to, submitting agency, agency case number, date of case receipt, name of recipient, shipping and receipt details, items associated with the case and their unique designators, notes, test data, related reports, and other documentation. | ||
|- | |- | ||
| style="padding:5px; width:500px;" |[https://www.astm.org/ | | style="padding:5px; width:500px;" |[https://www.astm.org/e1188-11r17.html ASTM E1188-11 (throughout)]<br />[https://www.astm.org/e1459-13r18.html ASTM E1459-13 (throughout)]<br />[https://www.astm.org/e1492-11r17.html ASTM E1492-11 4.4.3 and 4.5.1] | ||
| style="background-color:white;" |'''21.4''' The system should be able to document evidence using an ASTM-compliant evidence log, including, but not limited to, unique identifiers, investigator and custodian names, key dates and times, evidence conditions, and storage location. | | style="background-color:white;" |'''21.4''' The system should be able to document evidence using an ASTM-compliant evidence log, including, but not limited to, unique identifiers, investigator and custodian names, key dates and times, evidence conditions, and storage location. | ||
|- | |- | ||
| style="padding:5px; width:500px;" |[https://www.astm.org/ | | style="padding:5px; width:500px;" |[https://www.astm.org/e1492-11r17.html ASTM E1492-11 4.3.1.1] | ||
| style="background-color:white;" |'''21.5''' The system should be able to prevent a piece of evidence from being scheduled for destructive testing until an appropriate authorization for such analysis is acquired and documented. | | style="background-color:white;" |'''21.5''' The system should be able to prevent a piece of evidence from being scheduled for destructive testing until an appropriate authorization for such analysis is acquired and documented. | ||
|- | |- | ||
| style="padding:5px; width:500px;" |[ | | style="padding:5px; width:500px;" |[https://des.wa.gov/sites/default/files/public/documents/About/1063/RFP/Add7_Item4ASCLD.pdf ASCLD/LAB Supp. Reqs. for the Accreditation of Forensic Science Testing Laboratories 5.8.1.1.1]<br />[https://www.astm.org/e1492-11r17.html ASTM E1492-11 4.1.2] | ||
| style="background-color:white;" |'''21.6''' The system shall be able to record and maintain chain of custody of evidence that is subdivided in the laboratory in the same way that original evidence items are tracked. | | style="background-color:white;" |'''21.6''' The system shall be able to record and maintain chain of custody of evidence that is subdivided in the laboratory in the same way that original evidence items are tracked. | ||
|- | |- | ||
Line 45: | Line 46: | ||
| style="background-color:white;" |'''21.8''' The system shall be able to record all National Crime Information Center (NCIC) and Interstate Identification Index (III) data transactions, clearly identifying the operator and authorized receiving agency or organization. III records shall also identify requester and recipient using a unique identifier. | | style="background-color:white;" |'''21.8''' The system shall be able to record all National Crime Information Center (NCIC) and Interstate Identification Index (III) data transactions, clearly identifying the operator and authorized receiving agency or organization. III records shall also identify requester and recipient using a unique identifier. | ||
|- | |- | ||
| style="padding:5px; width:500px;" |[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.5.6]<br />[https:// | | style="padding:5px; width:500px;" |[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.5.6]<br />[https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST 800-53, Rev. 5, AC-17(1) ]<br /> | ||
| style="background-color:white;" |'''21.9''' If the system provides remote access to authorized users over authorized devices, the remote access shall be monitored, controlled and documented, particularly for privileged functions. If remote access to privileged functions is allowed, virtual escorting that meets CJIS Security Policy 5.5.6 conditions will be required. | | style="background-color:white;" |'''21.9''' If the system provides remote access to authorized users over authorized devices, the remote access shall be monitored, controlled and documented, particularly for privileged functions. If remote access to privileged functions is allowed, virtual escorting that meets CJIS Security Policy 5.5.6 conditions will be required. | ||
|- | |- | ||
| style="padding:5px; width:500px;" |[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.6.2.1.1.1–2]<br />[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.6.2.1.2–3]<br />[https:// | | style="padding:5px; width:500px;" |[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.6.2.1.1.1–2]<br />[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.6.2.1.2–3]<br />[https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST 800-53, Rev. 5, IA-5(1) ]<br /> | ||
| style="background-color:white;" |'''21.10''' The system shall be capable of putting into place, in their entirety, either the "basic password standards" or "advanced password standards" described in CJIS Security Policy 5.6.2.1.1.1 and 5.6.2.1.1.2. If PIN and/or one-time password is also used, the attributes in 5.6.2.1.2 and 5.6.2.1.3 shall also be required. | | style="background-color:white;" |'''21.10''' The system shall be capable of putting into place, in their entirety, either the "basic password standards" or "advanced password standards" described in CJIS Security Policy 5.6.2.1.1.1 and 5.6.2.1.1.2. If PIN and/or one-time password is also used, the attributes in 5.6.2.1.2 and 5.6.2.1.3 shall also be required. | ||
|- | |- | ||
Line 56: | Line 57: | ||
| style="padding:5px; width:500px;" |[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.10.1.2.1–2]<br /> | | style="padding:5px; width:500px;" |[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.10.1.2.1–2]<br /> | ||
[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy Appendix G.6]<br /> | [https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy Appendix G.6]<br /> | ||
[https:// | [https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST 800-53, Rev. 5, AC-17(2) ]<br /> | ||
[https:// | [https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST 800-53, Rev. 5, SC-13, SC-28, and SC-28(1)]<br /> | ||
| style="background-color:white;" |'''21.12''' The system shall allow "encryption in transit" and "encryption at rest" of criminal justice information (CJI) that meets or exceeds the requirements of CJIS Security Policy 5.10.1.2.1 and 5.10.1.2.2. | | style="background-color:white;" |'''21.12''' The system shall allow "encryption in transit" and "encryption at rest" of criminal justice information (CJI) that meets or exceeds the requirements of CJIS Security Policy 5.10.1.2.1 and 5.10.1.2.2. | ||
|- | |- | ||
Line 69: | Line 70: | ||
| style="background-color:white;" |'''21.15''' If the system is capable of being run in a virtual environment, it shall meet the virtualization requirements set forth in CJIS Security Policy 5.10.3.2 and best practices set forth in CJIS Security Policy Appendix G.1. | | style="background-color:white;" |'''21.15''' If the system is capable of being run in a virtual environment, it shall meet the virtualization requirements set forth in CJIS Security Policy 5.10.3.2 and best practices set forth in CJIS Security Policy Appendix G.1. | ||
|- | |- | ||
| style="padding:5px; width:500px;" |[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy Appendix G.5]<br />[https:// | | style="padding:5px; width:500px;" |[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy Appendix G.5]<br />[https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST 800-53, Rev. 5, AC-6(4)]<br /> | ||
[https:// | [https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST 800-53, Rev. 5, SC-39]<br /> | ||
| style="background-color:white;" |'''21.16''' The system should provide separate processing domains in order to not only allow for more granular allocation of user privileges, but also to prevent one process from modifying the executing code of another process. | | style="background-color:white;" |'''21.16''' The system should provide separate processing domains in order to not only allow for more granular allocation of user privileges, but also to prevent one process from modifying the executing code of another process. | ||
|- | |- | ||
| style="padding:5px; width:500px;" |[https:// | | style="padding:5px; width:500px;" |[https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST 800-53, Rev. 5, IA-2(1–2), IA-2(12), and IA-8(1)] | ||
| style="background-color:white;" |'''21.17''' The system should support the use of personal identity verification—a U.S. Federal government-wide credential system—and other forms of hardware-based (i.e., public key infrastructure or PKI) token authentication, while electronically verifying those credentials and any configured token quality requirements. | | style="background-color:white;" |'''21.17''' The system should support the use of personal identity verification—a U.S. Federal government-wide credential system—and other forms of hardware-based (i.e., public key infrastructure or PKI) token authentication, while electronically verifying those credentials and any configured token quality requirements. | ||
|- | |||
| style="padding:5px; width:500px;" |[https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.359.5506&rep=rep1&type=pdf A2LA C223 5.4] | |||
| style="background-color:white;" |'''21.18''' The system should support the identification and tagging of infrequently performed forensic tests or analyses in order to alert the analyst and other stakeholders that additional competency verification or method validation is required before performing the test or analysis. | |||
|- | |||
| style="padding:5px; width:500px;" |[https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.359.5506&rep=rep1&type=pdf A2LA C223 5.9] | |||
| style="background-color:white;" |'''21.19''' The system should allow case records to be scheduled for periodic administrative and technical review by individuals not connected with the case. The conducted review should indicate details such as who conducted the review, what the results were, and when the review was completed. If non-conforming results were discovered, records of determination and resolution should be appended to the case record. | |||
|- | |||
| style="padding:5px; width:500px;" |[https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.359.5506&rep=rep1&type=pdf A2LA C223 5.9] | |||
| style="background-color:white;" |'''21.20''' The system should be able to document examiner testimony and allow such testimony to be scheduled for periodic evaluation. The conducted evaluation should indicate details such as who conducted the evaluation, what the results were, and when the review was completed. If non-conforming results were discovered, related records of determination and resolution should be maintained in the system. | |||
|- | |- | ||
|} | |} | ||
|} | |} |
Revision as of 20:37, 5 May 2022
|