Florida Department of Transportation Achieves CJIS Compliance with Imprivata OneSign®

THE BUSINESS CHALLENGE

The Motor Carrier Compliance (MCC) program in the Florida Department of Transportation is responsible for enforcing safety and weight regulations for commercial vehicles in the state of Florida. To meet this mission, more than500 sworn law enforcement officers and regulatory weight inspectors work on the highways and in weigh stations throughout the state.

As with any law enforcement agency, the Motor Carrier Compliance group within the DOT must comply with the FBI’s regulations for applications connecting with its Criminal Justice Information Services (CJIS) systems. These include:

• 1 (In 2010): Enforce unique IDs and strong passwords

• 2: Use advanced authentication’ methods like fingerprint biometrics, smart cards or proximity cards to secure authentication

Law enforcement agencies have until September 2013 to implement advanced authentication unless they are making significant changes or upgrades to the systems that access the CJIS databases, in which case strong authentication must be implemented prior to the upgrade.

The MCC agency was facing two major changes to its law enforcement applications:

• MCC had to move its data center to a primary state data center by mid-2012, as part of a broad data center consolidation initiative in the state of Florida.

• The group was rolling out new computer-aided dispatch software (SmartCAD) from CTS systems.

Either of these initiatives trigger the accelerated CJIS deadline for advanced authentication.

THE IMPRIVATA ONESIGN SOLUTION

MMC felt finger biometries was the best option for their agency, so they began to investigate solutions that would meet the following requirements:

• Support for fingerprint biometrics

• Single sign-on with complex passwords (phase 1 CJIS compliance)

• No changes required to Active Directory

Although many solutions were available, most required significant changes to Active Directory. Says Tom Trunda, District IS Manager for the Law Enforcement Office of the MCC group, “Keeping our directory in tact without changing it was very important to us. Imprivata OneSign let us meet the CJIS authentication requirements without modifying our Active Directory.”

COMPANY

• Florida Department of Transportation: Motor Carrier Compliance

• 500 employees distributed throughout state

APPLICATIONS

• CTS computer-aided dispatch (SmartCAD)

CHALLENGES

• Employee frustration with multiple logins

• Needed to comply with CJIS ‘Advanced Authentication’ requirements

• Widely distributed workforce

RESULTS

• CJIS compliant authentication

• Single sign-on to multiple applications

• Fast user switching on shared workstations

• Rapid statewide deployment

MKT-SS-FLDOT-Ver1-03-2011

Lawenforcement

agencieswillfind

that2013comes

aroundveryquickly

—andthereal

deadlineissooner

ifyou’reupgrading

systems.We’re

aheadofthegame

withImprivata

OneSign,andnow

Idon’thaveto

worryaboutCJIS

authentication

requirementsaswe

moveoursystems

tothestateprimary

datacenter.”

TomTrunda

DistrictISManager

FloridaDOT

BEFORE IMPRIVATA ONESIGN USING IMPRIVATA ONESIGN

Multiple logins created frustration among inspectors and officersSingle sign-on eliminates frustration with managing multiple accounts

Complex password requirement created hardship, potential security exposure

Fingerprint biometric authentication meets CJIS advanced authentication requirements while simplifying login

Lack of visibility into user activity on networks Audit and access reporting

1 877 ONESIGN | 1 781 674 2700 | www.imprivata.com

Copyright © 2010 Imprivata, Inc. All rights reserved. Imprivata and OneSign are registered trademarks of Imprivata, Inc. in the U.S. and other countries.

The Application Profile Generator and OneSign Agent are trademarks of Imprivata, Inc. All other trademarks are the property of their respective owners.

RESULTS: RAPID STATE-WIDE DEPLOYMENT

The IT team spent approximately seven weeks at the end of 2010 deploying Imprivata OneSign and fingerprint biometrics and enrolling its users’ fingerprints throughout the state. Because of the distributed nature of the MCC staff, the team traveled through the state, training sergeants in field offices. Those sergeants then traveled to the weigh stations to enroll the weight inspectors and other staff with the fingerprint technology.

As part of the Imprivata OneSign roll-out, the IT team provisioned each user with a unique login, and each kiosk with a fingerprint reader. The users can now switch between accounts on the shared computer using a single touch of the fingerprint reader, increasing security and application access speed.

Although the MCC division implemented OneSign primarily for CJIS compliance reasons, the combination of strong authentication and single sign-on has delivered several benefits to the MCC staff.

Eliminating password frustration: The complaints from staff about managing multiple different accounts have disappeared. Says Trunda, “Imprivata OneSign has clearly eliminated a major frustration for our officers and inspectors.”

Better visibility: Using single sign-on with fast user switching on the shared kiosks has given the department better visibility into individual network access and behavior, and eliminated the potential exposure of the shared login. Imprivata OneSign provides an instant audit log of who is accessing which applications at what time, which is important for ongoing governance.

The biggest benefit has been the department’s full compliance with CJIS advanced authentication regulations today. Says Trunda, “ Law enforcement agencies will find that 2013 comes around very quickly—and the real deadline is sooner if you’re upgrading systems. We’re ahead of the game with Imprivata OneSign, and now I don’t have to worry about CJIS authentication requirements as we move our systems to the state primary data center.”