[{"@context":"https:\/\/schema.org\/","@type":"BlogPosting","@id":"https:\/\/univista.com\/posts\/the-ping-breaking-down-compliance\/#BlogPosting","mainEntityOfPage":"https:\/\/univista.com\/posts\/the-ping-breaking-down-compliance\/","headline":"The Ping: Breaking Down Compliance","name":"The Ping: Breaking Down Compliance","description":"ShareTweet Criminal Justice Information Services (CJIS) Criminal Justice Information Services, or CJIS, is a division of the FBI that provides criminal justice information needed to perform law enforcement duties. It \u201cserve[s] as the focal point and central repository for criminal justice information services in the FBI.\u201d \u2013 FBI. In Texas this information is disseminated via […]","datePublished":"2018-12-17","dateModified":"2018-12-17","author":{"@type":"Person","@id":"https:\/\/univista.com\/posts\/author\/corie-bogan\/#Person","name":"Corie Bogan","url":"https:\/\/univista.com\/posts\/author\/corie-bogan\/","identifier":5,"image":{"@type":"ImageObject","@id":"https:\/\/secure.gravatar.com\/avatar\/1cc33ae534ef31a23f9281fa0d638eb45e31ff2282dc8fabaf8cec72af5f1961?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/1cc33ae534ef31a23f9281fa0d638eb45e31ff2282dc8fabaf8cec72af5f1961?s=96&d=mm&r=g","height":96,"width":96}},"publisher":{"@type":"Organization","name":"UniVista","logo":{"@type":"ImageObject","@id":"https:\/\/univista.com\/wp-content\/uploads\/2018\/03\/Univista-Logo-e1522352689794.png","url":"https:\/\/univista.com\/wp-content\/uploads\/2018\/03\/Univista-Logo-e1522352689794.png","width":600,"height":60}},"image":{"@type":"ImageObject","@id":"https:\/\/univista.com\/wp-content\/uploads\/2017\/11\/Ping-Logo-300x126.png","url":"https:\/\/univista.com\/wp-content\/uploads\/2017\/11\/Ping-Logo-300x126.png","height":"126","width":"300"},"url":"https:\/\/univista.com\/posts\/the-ping-breaking-down-compliance\/","about":["BUSINESS CONTINUITY","business management","disaster recovery","hipaa","internet","malware","onboarding","PCI DSS","planning","safety","Security","The Ping","update","virus","vulnerability"],"wordCount":682,"keywords":["cjis","cybersecurity","fdic","ffiec","hipaa","ncua","pci","Security"],"articleBody":"ShareTweet                                        Criminal Justice Information Services (CJIS)Criminal Justice Information Services, or CJIS, is a division of the FBI that provides criminal justice information needed to perform law enforcement duties. It \u201cserve[s] as the focal point and central repository for criminal justice information services in the FBI.\u201d \u2013 FBI. In Texas this information is disseminated via the DPS and includes details such as vehicle registration, criminal history, driver\u2019s license, license plate, firearm, etc. Because this information is highly sensitive and needs to be protected, CJIS provides security compliance requirements and performs audits to ensure these requirements are being met. Below are just a few example requirements of the Security Policy\u2026Security Awareness TrainingPerimeter Intrusion DetectionAdvanced AuthenticationMaintain Log HistoryChange ManagementDevice EncryptionFailing a single audit flags an agency as non-compliant. If compliance is not achieved, the agency can lose access to the information and tools needed to perform their duties.Payment Card Industry (PCI)Any person or company that handles a credit card or credit card number needs to be aware of PCI compliance. Furthermore, businesses that process credit cards need to achieve PCI compliance in an official capacity. \u201cThe PCI Security Standards Council is a global forum for the industry to come together to develop, enhance, disseminate and assist with the understanding of security standards for payment account security. \u2026 The Council was founded in 2006 by American Express, Discover, JCB International, MasterCard and Visa Inc. \u2026 They share equally in governance and execution of the Council’s work. \u2026 The Council maintains, evolves, and promotes the Payment Card Industry Security Standards. \u2026 It also provides critical tools needed for implementation of the standards such as assessment and scanning qualifications, self-assessment questionnaires, training and education, and product certification programs. \u2026 Note that enforcement of compliance with the PCI DSS and determination of any non-compliance penalties are carried out by the individual payment brands and not by the Council.\u201d \u2013 PCI Security Standards websitePCI compliance requirements include many of the same criteria as CJIS and more. Determining who owns responsibility for protecting sensitive credit card data can be confusing as it depends on your methods, software, hardware, and practices. However, you are ultimately responsible for figuring that out and making sure compliance is being met.Federal Financial Institutions Examination Council (FFIEC)The FFIEC, or Federal Financial Institutions Examination Council, covers a myriad of banking regulators, including the FDIC and the NCUA. Financial institutions must comply with the “Guidelines Establishing Standards for Safeguarding Customer Information” (guidelines) as issued pursuant to the Gramm-Leach-Bliley Act (GLBA). The guidelines were published in the Federal Register on February 1, 2001, and were effective on July 1, 2001.The guideline requirements include physically and procedurally securing customer information. The guidelines also require a plan for how to handle and report any type of breach. This is a law, not a recommendation; not complying can result in fines and other legal ramifications.Healthcare Insurance Portability and Accountability Act (HIPAA)\u201cTo improve the efficiency and effectiveness of the health care system, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191, included Administrative Simplification provisions that required HHS to adopt national standards for electronic health care transactions and code sets, unique health identifiers, and security. At the same time, Congress recognized that advances in electronic technology could erode the privacy of health information. Consequently, Congress incorporated into HIPAA provisions that mandated the adoption of Federal privacy protections for individually identifiable health information.\u201d \u2013 HHS.govNames or part of namesAny other unique identifying characteristicGeographical identifiersDates directly related to an individualPhone numbersFax numbersEmail addressesSocial Security numbersMedical record numbersHealth insurance beneficiary numbersAccount numbersCertificate or license numbersVehicle license plate numbersDevice identifiers and serial numbersWeb URLsIP addressesFingerprints, retinal and voice printsFull face or any comparable photographic imagesThe U.S. Department of Health & Human Services (HHS) may impose civil money penalties on a covered entity of $100 per failure to comply with a Privacy Rule requirement. These are criminal penalties. Any person who knowingly obtains or discloses individually identifiable health information in violation of HIPAA will face a fine of $50,000 and up to one-year imprisonment.Your UniVista Team*Celebrating 20 Years of Customer Satisfaction*ShareTweet                                        "},{"@context":"https:\/\/schema.org\/","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Posts","item":"https:\/\/univista.com\/posts\/#breadcrumbitem"},{"@type":"ListItem","position":2,"name":"The Ping: Breaking Down Compliance","item":"https:\/\/univista.com\/posts\/the-ping-breaking-down-compliance\/#breadcrumbitem"}]}]