TIES Software Vendors
In order to become an approved TIES software vendor on the Tennessee information Enforcement system (TIES) Network, the following criteria must be met:
- Submit a Vendor Profile Form and letter of request to access the TIES network. This form must also include all pertinent information regarding the company and its products, a list of all states that the company currently has contracts with, and a list of all Tennessee agencies that are current customers.
- Must pass transaction tests (Mobile / CAD, Query-only, and/or Full Access).
- Transaction response times must meet NCIC specifications.
- Helpdesk staff available: Query only must be available during normal business hours and Full access must be available 24 hours a day, 7 days a week.
- Must agree to test with TBI (in the test environment) all required modifications to specific transactions and once approved, distribute to all devices running the vendor’s software, within the specified time frame established by TBI based on statutes or FBI regulations. TBI will contact the vendor regarding updates using the information provided by the vendor on the Vendor Profile form.
- Must have a completed TBI Vendor User Agreement and CJIS Security Addendum on file with TBI.
- A signed Security Addendum Certification Form for each employee must be on file with TBI.
- Employees must have fingerprint background checks successfully completed and on file with TBI with no prohibitors found.
- Employees must have successfully completed security awareness training and testing via CJIS Online (www.cjisonline.com). Additionally, this training and testing must be completed every two years thereafter.
- For mobile and query-only access, the capability to view images must be available. For full access, the capability to enter and view images must be available.
- Data must be encrypted while in transit and at rest. Encryption shall be a minimum of 128 bit and certified to meet FIPS 140-2 standards. A list of the certified encryption implementations along with the NIST certificate numbers must be provided to TBI.
- Software used to access CJI shall follow the secure password attributes below to authenticate an individual’s unique ID. Passwords shall:
- Be a minimum length of eight (8) characters on all systems
- Not be a dictionary word or proper name
- Not be the same as the User ID
- Expire within a maximum of 90 calendar days
- Not be identical to the previous ten (10) passwords
- Not be transmitted in the clear outside the secure location
- Not be displayed when entered
- Advanced Authentication must be available as mandated by the CJIS Security Policy, which currently states, “Advanced Authentication will be required for all law enforcement personnel accessing NCIC criminal justice information outside of a secure location.”
- Provide Administrator, Domain Manager and user settings to allow for administrators to audit and administer users.
- Provide detailed logging, to allow user transaction auditing.
- Ensure that automatic software updates are provided to users.
- Provide reliable, real-time access to NCIC, Nlets & the state CJIS systems.
Please be advised that notification of any changes for a vendor point of contact and/or personnel having direct responsibility to configure and maintain computer systems, software, and networks with direct access to criminal justice information (CJI) must be submitted to TBI in a timely manner.
Questions concerning the vendor approval program may be directed to Katie Chestnut at (615) 744-4072 or Katie.Chestnut@tn.gov.
The following links are part of the TIES vendor approval program: