Chicago Police DepartmentGeneral Order G09-01-02
Computer Systems Security
Issue Date:17 October 2017Effective Date:17 October 2017
Rescinds:11 September 1998 Version
Index Category:Information Management
I.Purpose
This directive:
  • A. institutes and identifies standards for the security and integrity of software, reports, data and files.
  • B.satisfies CALEA Law Enforcement standards in Chapter 82.
II.Security
  • A.Department members will:
    • 1.not share their log-on credentials including but not limited to passwords, tokens, and /or One Time Password (OTP) authentication codes and will be responsible for the security and integrity of these codes.
    • 2.not circumvent user authentication or security of any host, network, or account.
    • 3.review Cyber Security Awareness provided by the Information Services Division as directed by a message on the Administrative Message Center (AMC).
    • 4.promptly notify their unit commanding officer when they suspect or know that their log-on credentials have been compromised.
    • 5.promptly notify 4DATA when they suspect or know that their log-on credentials have been compromised.
    • 6.not tamper with any computer system for log-on credentials or gaining/attempting to gain unauthorized access into any Department computer system or outside system. Computer tampering will not be tolerated and members who engage in such conduct are subject to disciplinary action and criminal prosecution.
    • 7.promptly inform supervisors when they discover conditions that may compromise security or data, such as any unauthorized access to information, virus infection or conditions which affect the system's security.
    • 8.ensure they have exited and logged off the computer system completely.
    • 9.not make unauthorized copies or reproductions of commercially developed computer software packages or Department developed applications.
    • 10.not install or use any unauthorized computer hardware equipment and/or software in Department computers as enumerated in the Department directive entitled "Audio/Visual Equipment and Reading Materials."
    • 11.not access the Chicago Police network with personally owned devices, bring your own device (BYOD) mobile phones, tablets etc. Any and all devices accessing CPD Information Technology resources becomes subject to all policies of the Chicago Police Department.
    • 12.NEVER open any files or macros attached to an email from an unknown, suspicious, or untrustworthy source. Delete these emails immediately, then empty your email Trash folder.
    • 13.not knowingly enter any false data into any official Departmental record, file or report. This does not apply to department systems used primarily for training purposes such as but not limited to AIRA Train, CHRIS Train or CLEAR Train.
    • 14.not remove any data from any Departmental record, file or report, without authorization.
    • 15.not misuse Department equipment and supplies, or tamper with computers or computerized information. Members are further prohibited from accessing, servicing, altering, damaging, erasing, copying, corrupting, and/or inserting programs that may damage or destroy information or cause destruction of any computer, files, or equipment as enumerated in the Illinois Compiled Statutes, 720 ILCS 16D, known as the "Computer Crime Prevention Law" (computer tampering). Members who engage in such conduct may be subject to disciplinary action and criminal prosecution.
  • B.Information Services Division (ISD) will ensure that:
    • 1.computer equipment is placed in a secured location that reduces the risk of water damage, electric power surge, excessive temperature fluctuation, high humidity, excessive cold or heat conditions and protection from dirt and dust.
    • 2.Department computer systems are located in areas readily accessible to unit members.
      NOTE:
      Printers shared on the Local Area Network (LAN) will be available at all times to all members.
    • 3.each computer system is evaluated for proper system security protection.
    • 4.the designated district member or designated member in other units will:
      • a.confirm that proper safeguards, as outlined in this directive, are being complied with when sensitive data, (Arrest Report information, daily activity reports, Juvenile information, etc.) is placed in a computer system.
    • 5.contingency plans, in case of damage to data or equipment, are developed with the assistance of ISD.
    • 6.printed documentation, reports, data, and statistics are clearly labeled with accurate and complete identification of their contents, unit and date.
    • 7.if possible, the integrity of data contained in all reports or information of a sensitive or strategic nature, generated for Department use or for dissemination outside the Department, is verified.
    • 8.a complaint register (CR) number is obtained and investigation initiated, if necessary, for any violation of this directive.
  • C.The Information Services Division is responsible for:
    • 1.being knowledgeable of current security technology, trends and software.
    • 2.developing procedures to ensure the security of hardware and the integrity of software.
    • 3.conducting annual password audits to ensure that computerized information systems conform with:
      • a.user initiated requests;
      • b.standards established by this and related directives;
      • c.Department software specifications.
    • 4.assisting unit commanders/commanding officers in ensuring that computerized information systems conform with Department directives relative to First Amendment Rights.
    • 5.ensuring:
      • a.that duplication of efforts are minimized.
      • b.the integrity of the equipment inventory of computer items in each police facility.
Items indicated by italics/double underline were revised.
Eddie T. Johnson
Superintendent of Police
17-029 AMR