Questions and Answers 2012
Questions and Answers
The Law Enforcement National Data Exchange (N-DEx) system has been developed by the Federal Bureau of Investigation, Criminal Justice Information Services (CJIS) Division. The CJIS Division also operates the OneDOJ system. These systems are key components of the Department of Justice (DOJ) Law Enforcement Information Sharing Program (LEISP). The phased integration approach of OneDOJ into the N-DEx system began in July 2009 with the LEISP Exchange Specifications Search and Retrieve (LEXS SR) interface between the two systems. Integration efforts will be ongoing throughout the year. Together these systems will provide a nationally scaling system that will leverage the advantages of a data repository and will have the capability and characteristics of a federated system. The integration of N-DEx and OneDOJ will provide the criminal justice community a mechanism for data retrieval and exchange and provide a national information sharing solution for fighting crime and terrorism.
For additional information, contact the N-DEx Program Office at (304) 625-4242 or via e-mail at firstname.lastname@example.org.
- What is N-DEx?
- Does N-DEx have any affiliation with the four major law enforcement associations? If so, how?
- What is the relationship between the N-DEx system and the OneDOJ system?
- What services and capabilities does N-DEx provide? How is N-DEx being implemented?
- What is a federated search?
- What types of data will be shared through N-DEx?
- Is N-DEx an intelligence system?
- Who owns and maintains the data submitted to N-DEx?
- How current is the data in N-DEx?
- Is N-DEx a 24/7 system?
- Is there a help desk number for N-DEx?
- How can an individual learn more about N-DEx?
- Why should an agency participate in N-DEx?
- Can an agency still participate in N-DEx if it does not have a records management system?
- What steps does an agency need to take to participate with N-DEx?
- What hardware or software is required to access N-DEx?
- How many users can an agency have?
- Who is responsible for auditing N-DEx?
- Can an employee background check be administered using N-DEx?
- Can an individual access N-DEx even if their agency does not contribute data?
- Does a user need a LEO account to access N-DEx?
- How does an individual get an N-DEx account via LEO?
- What if a LEO account has expired or is unknown?
- Is N-DEx training available?
- What computer-based training modules are available?
- Who should take the N-DEx computer-based training modules?
- What is the role of the CSO in N-DEx?
- What is the role of the N-DEx CJA user administrator?
- What is the role of the N-DEx CJA source data administrator?
- What is the role of the N-DEx CJA analytical reporter?
- What is the role of the N-DEx auditor/security administrator?
- What is the role of the automated processing manager?
- What is the penalty for misusing N-DEx?
- Can I access N-DEx directly from my agency’s system?
- Can I leverage NCIC and/or III data from N-DEx?
- How can I update my N-DEx/LEO user profile?
- What skills are required to access N-DEx?
Data Mapping Questions
- What is the relationship between LEXS, NIEM, and N-DEx?
- What standard does N-DEx support?
- Does an agency need to map to the N-DEx IEPD? How can I get a copy?
- Are there FBI-accredited vendors available to assist LEAs in mapping their data to the N-DEx IEPD?
- What is the N-DEx ConTesA Tool?
Data Submission Questions
- Does an agency have to be part of a regional or state data sharing system to submit data to N-DEx?
- Does each agency maintain control of the records it submits to N-DEx?
- How does N-DEx handle sensitive data?
- How does an agency submit data to N-DEx?
- How does an agency establish connectivity with N-DEx for data submission?
- How often will N-DEx accept data submissions? Is there a minimum?
- Will N-DEx alter an agency’s data once it’s submitted?
- Will N-DEx check that the data is complete and accurate upon submission?
- Does N-DEx store an agency’s data? If yes, for how long?
- Can N-DEx store images?
- Can an CJA delete a record?
System Cost Questions
- What precautions are being taken to follow relevant local policy regulations/laws related to sharing criminal and/or victim information?
- How have privacy issues/concerns been addressed for N-DEx?
- What is the N-DEx PIA? How can I get a copy?
- What is the N-DEx SORN? How can I get a copy?
- How does N-DEx accommodate state laws regarding record retention?
- How does N-DEx handle juvenile records?
- How are FOIA requests handled for N-DEx?
The Law Enforcement National Data Exchange (N-DEx) is an FBI CJIS Division system that provides criminal justice agencies (CJAs) with a powerful investigative tool to search, link, analyze, and share criminal justice data such as incident/case and arrest data; booking, holding, and incarceration data; probation/parole data; and expanded access to Department of Justice (DOJ) data sources on a national basis to a degree never before possible. N-DEx allows participating CJAs to detect relationships between people, places, things, and crime activities and link information across jurisdictions. N-DEx has been developed in collaboration with the criminal justice community and is accessible to authorized criminal justice users.
Yes. As a part of the DOJ Law Enforcement Information Sharing Program (LEISP) strategy, the N-DEx Program Office staff is working in partnership with the Information Sharing (INSH) Subcommittee of the CJIS Advisory Policy Board. The INSH Subcommittee is comprised of representatives from local, county, state, tribal, and federal LEAs, including representation from the International Association of Chiefs of Police, Major Cities Chiefs Association, National Sheriffs’ Association, Major County Sheriffs’ Association, the DOJ, and the Department of Homeland Security. The N-DEx Program Office staff has identified over 40 individuals as subject matter experts from the law enforcement community, including members from the four major law enforcement associations, to assist in the development, planning, and deployment of the N-DEx system.
Currently, the N-DEx and OneDOJ systems and processes are being tightly integrated by the N-DEx Program Office. The final phases of integration are underway. The N-DEx and OneDOJ systems’ full integration will provide a national information sharing solution, virtual regional capability, and link existing regional/state/agency systems.
N-DEx empowers CJAs with tools to manage and share their agency data with other CJAs on a national scale. N-DEx provides the capability for users to perform sophisticated searches, which includes assisting the user in detecting relationships between people, places, things, and criminal activities and linking information across jurisdictions without information overload. N-DEx also ensures that all data sharing takes place in a secure environment which is only available to authorized users in the criminal justice community. N-DEx implemented the following services and capabilities in three increments:
- In March 2008, N-DEx Increment 1 was deployed. N-DEx provided the capability for law enforcement agencies (LEAs) to share and manage incident/case report and arrest data and open and closed investigative case data with other LEAs, using data sharing policies and role-based access controls. N-DEx also provided a secure forum for users to search, perform entity correlation and entity resolution, graphically visualize data scenarios, use analytical reporting tools, leverage other data sources such as the National Crime Information Center (NCIC) and the Interstate Identification Index (III), and access online training, while supporting 50,000 users.
- In July 2009, N-DEx Increment 2 was deployed, beginning the integration of the OneDOJ system and N-DEx. N-DEx expanded capabilities to include sharing and managing of booking and incarceration data, federated searches, automated processing, collaboration, notification, subscription tools, personalized settings, web services, the N-DEx Web Portal, and supporting 100,000 users.
- In April 2011, N-DEx Increment 3 was deployed. N-DEx expanded capabilities even further, to include sharing and managing of probation and parole data, enhancing data collaboration tools, enhancing notification, enhancing subscription tools, and supporting 200,000-plus users.
A federated search capability allows users to search multiple data sources with a single query from a single user interface. These data sources are independently managed systems that allow partial and controlled sharing of data without affecting existing applications. A federated search consists of a query that is sent out to multiple data sources or databases using the appropriate syntax. Once the search is completed, the results are merged into a unified format via a portal or aggregation point.
N-DEx brings together data from criminal justice agencies throughout the United States, including:
- Incident and case reports
- Arrest reports
- Missing person reports
- Service calls
- Booking reports
- Holding reports
- Pre-sentence investigation reports
- Pre-trial reports
- Supervised release reports
- Warrant investigations
No. Although N-DEx does not contain intelligence data, it will provide value to the intelligence community.
The data/record owning agency will retain ownership of all data submitted to N-DEx and will maintain the submitted data to ensure accuracy, completeness, and timeliness of such data.
The information in N-DEx is as current as the data submitted and/or updated by agencies. CJAs have the option to submit data as close to real-time as possible. Agencies also have the option of submitting up to five years of historical data at the time of the initial data submission. Note: Agencies shall execute record updates or changes at least monthly.
Yes. N-DEx is operational 24/7.
Yes. The CJIS help desk number is (304) 625-HELP (4357) and is operational 24/7.
To learn more about the N-DEx system and the OneDOJ system, visit the N-DEx Program Office website at: http://www.fbi.gov/about-us/cjis/n-dex/ndex_overview, submit an e-mail to the N-DEx Program Office at email@example.com, or contact the N-DEx Program Office at (304) 625-4242.
N-DEx brings together data from criminal justice agencies throughout the United States. N-DEx automatically correlates and resolves data from open and closed reports to detect relationships between people, vehicles/property, locations, and/or crime characteristics. N-DEx “connects the dots” between data that is seemingly unrelated. N-DEx supports multijurisdictional task forces—enhancing national information sharing, linking regional and state records management systems, and enabling virtual regional information sharing. N-DEx provides no-fee access to national data in real time, with results returned in a matter of seconds, based upon the user’s Internet connection.
Yes. CJAs can submit data and access N-DEx if their state and/or area does not have a records management system (RMS) through coordination with the state CJIS Systems Officer (CSO).
Contact an N-DEx liaison specialist to discuss strategy and implementation. Liaison specialists can be reached from 7:30 a.mm – 4:30 p.m. Monday – Friday EST at (304) 625-4242.
- Map agency data to the current N-DEx Information Exchange Package Documentation (IEPD). (See link under Data Mapping Questions).
- Establish a method with the N-DEx Program Office to routinely submit new and updated records to N-DEx (see Data Connectivity and Submission Guide).
No special hardware/software is required to access the N-DEx portal. However, to access the N-DEx portal, the user must have a system with Internet access and adhere to end-user policies and procedures governing access to LEO and N-DEx, e.g., no public citizen access, CJAs only.
There are no restrictions on the number of N-DEx users an agency can have; however, N-DEx access shall be coordinated through the state CSO/POC or federal CSO/POC.
The FBI CJIS Audit Unit will implement and manage the N-DEx audit. Upon completion of the N-DEx audit of an agency, the FBI CJIS Audit Unit will compile a report that documents the audit findings and provide a draft report to the N-DEx Program Office and the state CSO for review and response. Note: CSA also has audit responsibilities; see CJIS Security Policy.
No. N-DEx is an investigative tool for criminal justice investigative purposes only.
Yes. N-DEx users can access N-DEx through a secure webpage portal to search CJA data and utilize investigative tools that assist in detecting relationships between people, places, things, and criminal activities and link information across jurisdictions even if their agency chooses not to submit data to the N-DEx system. Additionally, there are other options to access the data. Contact an N-DEx liaison specialist to discuss strategy and implementation. Liaison specialists can be reached from 7:30 a.m. – 4:30 p.m. Monday – Friday EST at (304) 625-4242.
Users can access N-DEx by obtaining a LEO account and then an N-DEx account free of charge. There are additional ways to access the system without a LEO account and with coordination of the CSA/CSO. Please contact a liaison specialist at (304) 625-4242 to discuss these alternative access methods.
As of June 20, 2011, new users must access the LEO website at www.leo.gov and establish a LEO account to request membership in the N-DEx Special Interest Group (SIG) to obtain N-DEx system access.
The LEO application is located below the LEO login box.
Upon approval of a LEO account, you will complete the following steps to access N-DEx.
1. At www.leo.gov, enter your username and password provided to you by LEO to display the LEO homepage.
2. Click on the SIGs tab located on the central toolbar to display the LEO SIG page.
3. Click on the Unrestricted tab to display the Unrestricted SIG page.
4. Locate and click the NDEx SIG icon to display the NDEx SIG page.
5. Click your respective state, federal, or tribal link located to the right of the N-DEx logo. Dependent upon which link is selected, a list of state, federal, or tribal sub-SIGs displays.
6. Locate your correct sub-SIG agency by selecting the beginning letter of the state, federal, or tribal name from the alphabetical listing or by scrolling down the page to your state, federal, or tribal icon. Once the icon is located, click the Request Access link to display the Request Access to N-DEx Page.
7. Read through the Membership Requirements and click either “I Meet the Criteria” or “I Do Not Meet the Criteria.” If the “I Meet the Criteria” link is selected, the SIG Access Request screen displays (continue to Step 8). If the “I Do Not Meet the Criteria” link is selected, the state or agency sub-SIG homepage displays. You should review the Membership Requirements. If you meet the requirements, select “I Meet the Criteria.” If you do not meet the requirements, you will not be permitted membership in this SIG.
8. On the SIG Access Request screen in the text field, it is mandatory for you to enter your supervisor’s name and phone number and your agency’s active NCIC Originating Agency Identifier (ORI) as issued by the FBI. After entering the mandatory information, click the Submit button to forward your request to the sub-SIG moderator. Upon review by the moderator, you will receive an e-mail containing further instructions for accessing the N-DEx system.
To obtain information on an expired or unknown LEO account, individuals can call the LEO Support Center at (888) 334-4LEO (4536) or TTY (304) 625-3963.
Yes. The approach for N-DEx training is three-fold: computer-based training (CBT), N-DEx user training, and train-the-trainer. Please contact CSA/CSO for specified training method.
- N-DEx CBT modules are the foundation of the N-DEx education. The CBT modules will allow users to go through examples, practice system functions, and perform exercises. Access to the N-DEx CBT modules is provided through LEO at www.leo.gov and on the N-DEx system by clicking on the training button. CJA representatives can also receive the CBT modules on compact diskettes by submitting an e-mail with name, title, agency name, mailing address, e-mail address, and telephone number to the N-DEx Program Office at firstname.lastname@example.org.
- N-DEx user training is available if an agency has a specific need. This training may be requested by contacting an N-DEx liaison specialist. Ability to meet user requests is solely dependent on resource availability and the training schedule.
- Train-the-trainer sessions (N-DEx classroom training) are provided to agencies’ training coordinators and/or selected representatives. They will receive training materials, including lesson plans, to use in training agency personnel within their jurisdiction.
There are currently nine N-DEx CBT modules available (requiring approximately 30 minutes per module to complete) and are designed to be taken by users according to their anticipated use of N-DEx. However, if a user wishes to complete all nine CBT’s modules, he/she may do so.
- N-DEx Overview: This module introduces system capabilities and basic navigation, provides a brief guided tour of N-DEx, and reviews system functionality included in N-DEx.
- Search: This module introduces the user to the search capabilities of the system, as well as how results are generated from user searches.
- Administrative Roles: This module provides instruction to administer sharing policies, modify user access, provide for the production of reports, audit the usage/dissemination of agency data and records, and configure automatic processing of notifications/alerts.
- Initiating System Policies: This module introduces the concept of sharing LEA record data with other LEAs through N-DEx; explains how to mark records for sharing; and guides the N-DEx LEA source data administrator in the application of their LEA policies through the use of tools provided by N-DEx.
- Collaboration: This module provides instruction on using the collaboration function of the N-DEx system. Users will learn how N-DEx provides the capability to join cooperative efforts through the sharing of information with other N-DEx users.
- Data Sharing: This module provides instruction to those who have been designated as N-DEx LEA source data administrators on how to manage the data sharing rules on submitted records.
- Visualization: This module shows how people, items, locations, and other identifying information present in N-DEx records are graphically represented to analyze and assist in discovering connections and relationships in the data.
- Subscription and Notification: This module provides instruction on using the subscription and notification function of the N-DEx system. Users will learn how N-DEx works through subscription requests to continually and automatically match search criteria to future submissions and alert users to the results.
- N-DEx Data Management: This module teaches users to manage source data in N-DEx, retrieve data, and produce reports.
N-DEx CBT modules are designed to be taken by all users according to their anticipated use of N-DEx and in coordination with your CSA/CSO.
Training Modules Available by Group:
Agency Executive Management (Chiefs, Sheriffs, Lieutenants)
- User Overview (30 minutes)
- Initiating System Policies (30 minutes)
Agency Investigator/Analyst (Investigative Specialists, Detectives, Deputies, Patrol Officers)
- User Overview (30 minutes)
- Search (30 minutes)
- Visualization (30 minutes)
- Subscription and Notification (30 minutes)
- Collaboration (30 minutes)
Agency Source Data Admin, User Admin, Automated Processing Admin, NIBRS Admin, and Training Admin (Record Management System Personnel, Local Data Administrators)
- User Overview (30 minutes)
- Data Management (30 minutes)
- Administrative Roles (30 minutes)
- Data Sharing (30 minutes)
The CSO is the POC for questions and issues related to CJIS system operation and policy. The CSO is responsible for monitoring N-DEx, NCIC, and III systems usage; enforcing system discipline; and assuring the CJIS Division operating procedures are followed by all users. The CSO should have operational and technical expertise with CJIS services and authority to represent state interests. The CSO will also be responsible for granting permissions for N-DEx users in their CJA to access NCIC and III data through the N-DEx system.
Each CJA will designate at least two N-DEx CJA user administrators (one primary and one alternate) within their agency to administer user permissions for their agency’s ORI (originating agency identifier). These individuals must have knowledge of their agency’s personnel and what privileges each N-DEx user should have.
The N-DEx CJA user administrators should take the Administrative Roles CBT prior to having their roles established within N-DEx and submit their certificate of completion to their training coordinator, keeping in mind that the CBT certificate is auditable. The N-DEx Program Office staff will then establish the N-DEx CJA user administrator role within the N-DEx system.
Note: One individual may perform all administrative roles or the roles may be assigned to several individuals.
N-DEx CJA user administrator responsibilities include:
- Administering user permissions within the originating agency identifier (ORI).
- Assigning pre-defined roles (search, N-DEx CJA source data administrator, N-DEx CJA analytical auditor/security administrator, N-DEx automated processing manager, and N-DEx CJA analytical reporter)
- Assigning data source rights (NCIC, III, and OneDOJ access) to users who are within the ORI and have created a user account within N-DEx via LEO. Additionally the user administrator is responsible for maintaining NCIC certification/expiration dates.
- Reviewing and keeping up to date N-DEx users’ information within their agency ORI, or on behalf of the ORIs within their regional initiative role, administrator role, and groups.
If submitting data, each CJA will designate at least two N-DEx CJA source data administrators (one primary and one alternate) within their agency to administer data and manage data sharing policies for their agency ORI or on behalf of the ORIs within their regional initiative. These individuals will also manage sharing groups.
The N-DEx CJA source data administrators are also required to take the Data Management and Data Sharing CBTs prior to having their roles established within N-DEx and submit their certificates of completion to their training coordinator, keeping in mind that these CBT certificates are auditable. The N-DEx Program Office staff will then establish the N-DEx CJA source data administrator roles within the N-DEx system.
N-DEx LEA source data administrator roles and responsibilities include:
- Submitting CJA source data to N-DEx for their agency ORI or on behalf of the ORIs within their regional initiative.
- Managing data sharing policies for the data submitted.
- Maintaining data submitted to N-DEx (view/modify/delete).
- Establishing sharing groups to enable access to their CJAs otherwise restricted data (i.e., yellow and red records).
- Managing sharing groups (create/update/delete) and their access to their CJA sharing permissions (i.e. yellow and red data).
- If applicable, managing the agency’s National Incident-Based Reporting System (NIBRS) extract.
- Generating analytical reports on CJA usage and N-DEx usage and growth.
- Reviewing the CJA Data Submission Summary Report. After the CJA’s data is ingested into the N-DEx system, a report (the CJA Data Submission Summary Report) will be generated detailing the total number of successful submissions as well as the number of failed submissions the CJA had for the time period in which the report was created (the N-DEx regional coordinator will send this report to the N-DEx CJA source data administrator on a weekly basis. It is the responsibility of the N-DEx CJA source data administrator to review the report and make necessary fixes to correct the noted failed data submissions.
The N-DEx Program Office staff recommends CJAs designate a minimum of two analytical reporters (one primary and one alternate). The N-DEx CJA analytical reporter roles are granted to N-DEx users by their agency N-DEx CJA user administrator. These individuals will generate N-DEx system reports with the CJA data for their agency ORI or on behalf of the ORIs within their regional initiative. This role also allows an N-DEx user to support its CJA in the production, sharing, and distribution of system and investigative reports.
The auditor/security administrator has the ability to perform all audit modification procedures through the N-DEx portal, such as adding, removing, replacing, or delegating audit authority. The roles include the data auditor and user auditor who have the ability to generate, download, rename, and delete audit reports.
N-DEx auditor/security administrator and roles and responsibilities include:
- Security Administrator—performs all audit modification procedures through the N-DEx portal such as viewing auditor roles (user and data auditors), removing roles, and replacing roles.
- Data Auditor—authorized to audit the dissemination of data and records within the agency and to other CJAs. The data auditor can generate, download, rename, and delete audit reports. The data auditor requests audit reports that are based on data, but is not allowed to request audits of a user’s actions.
- User Auditor—authorized to audit the actions of all users within the agency, such as searches performed, collaboration postings/retrievals completed, logon/off attempts, and reports created. The user auditor can generate, download, rename, and delete audit reports. The user auditor requests audit reports on user action, but is not allowed to request audits based solely on data.
The automated processing manager will manage the automated processing notifications. This person will provide the user with the capability to receive N-DEx automated reports and across agencies. The N-DEx Program Office enables the automated processing manager capabilities within the system.
N-DEx automated processing manager roles and responsibilities include:
- Managing the agency’s automated processing notifications.
- Providing the user with an N-DEx automated service that requires no subscription to the service.
In accordance with the CJIS Security Policy, each participating agency shall employ a formal sanctions process for personnel failing to comply with established information security policies and procedures.
Upon any discovery of misuse by any users or agencies granted access to the N-DEx system, notification to their CSA must take place immediately. Sanctions for misuse of N-DEx shall be established by the CJIS Advisory Policy Board.
Yes. Access to N-DEx is available through web-based services depending on CSA/CSO implementation strategy. For more information, please contact an N-DEx liaison specialist at 304-625-4242.
Yes, this feature is available to N-DEx portal users. N-DEx searches have the capability to leverage other data sources, but must be performed in conjunction with an N-DEx search. NCIC/III permissions need to be coordinated through the agency N-DEx CJA user administrators. The agency CSO and local agency authority must have also granted specific permission to access NCIC/III through N-DEx. This feature is only allowable if an N-DEx user is also a certified user of NCIC/III.
Your N-DEx user profile is updated through the LEO website. To update your LEO user profile, log in to LEO. Click the Member Services link, and then click View/Edit Your Member Profile. It takes up to 24 hours for the profile information to be updated on N-DEx. For assistance in updating your LEO profile, contact the LEO Support Center at (888) 334-4536.
Basic computer skills are recommended for users to successfully utilize N-DEx.
Data Mapping Questions
The N-DEx Information Exchange Package Documentation (IEPD) conforms to the Logical Entity eXchange Specification (LEXS) and the National Information Exchange Model (NIEM). N-DEx is a system that uses LEXS and NIEM within its IEPD to create its schema and ensure the ability to share information.
N-DEx supports the LEXS data standard with an additional structured payload compliant with the N-DEx IEPDs.
Agencies wishing to submit data to N-DEx electronically must map their data to the most current version of the N-DEx IEPD to maximize the data sharing opportunities offered by N-DEx. Submitted data must conform to and be consistent with the line of business articulated within the N-DEx IEPD, i.e., incident/arrest, booking/incarceration, and probation/parole. For agencies wishing to manually enter data into the N-DEx portal, mapping to an IEPD is not required.
To obtain a copy of the N-DEx IEPD, go to www.it.ojp.gov. In the toolbar on the left hand side of the screen, select Justice Standards Clearinghouse option, then select Law Enforcement under the Communities Tab. The IEPDs are listed by title and in alphabetical order. The IEPDs will be listed as Law Enforcement National Data Exchange (N-DEx). Various versions of IEPD’s for the Law Enforcement National Data Exchange are listed; choose the IEPD appropriate for your needs. After you select the document, go to the notes section of the page. Read the instructions carefully. We recommend downloading the attached .zip file, then extracting it to the desired location. The catalog.html file contains hyperlinks to all IEPD artifacts.
No. The FBI will not provide accreditation to any vendors. However, the N-DEx Program Office staff utilizes a tool to assist agencies in validating their mapped data to the N-DEx system called Conformance Testing Assistance (ConTesA).
The N-DEx Program Office staff utilizes a tool called ConTesA to assist agencies in validating their mapped data for the N-DEx system to ensure compliance with the N-DEx IEPD. The N-DEx ConTesA tool will also reduce the turnaround period for the verification review process. The use of the N-DEx ConTesA tool is not required but is highly recommended.
The ConTestA Tool is located at https://contesa.ittl.gtri.org/contesa. You will be able to create an account at this site.
1. Log in to ConTesA: https://contesa.ittl.gtri.org/contesa
2. Browse to find the sample XML document to be validated
3. Select Upload
4. Select Begin Validation
5. After validation has completed, select View Results
6. Click on the + to expand Submission (Total Message Count: 1)
7. Click on the (Details) link for the package (a package will be equivalent to an incident. You can have multiple packages in a single submission)
8. Click on the LEXS Detailed View button to view the data provided in the package
9. You will see an overview of all “entities” contained in the package. You can expand/collapse each to see the details, or select the Expand All button to view details for all of them.
Data Submission Questions
No. Although it is possible for a single agency to submit data to N-DEx directly, it is recommended that agencies submit their data to N-DEx through a regional or state data sharing system. CJAs must coordinate N-DEx participation with their respective CSA/CSO.
Yes. Ownership of data shared in N-DEx will remain with the contributing agency.
N-DEx supplies controls to allow an agency to decide what data to share, who can access it and under what circumstances, and allows agencies to participate in accordance with applicable laws and policies governing dissemination and privacy.
N-DEx uses the colors green, yellow, and red to indicate the sharing levels that can be used by data owners to control access to and dissemination of their data within N-DEx. This capability allows agencies to protect the privacy of specific investigative reports and to conform to their dissemination requirements in accordance with applicable laws, statutes, ordinances, and policies.
GREEN Data: Access to this data is unrestricted to all N-DEx users with search privileges. Within the system, all information is, by default, labeled GREEN unless otherwise marked. The data is visible to all users. An agency can choose to submit ONLY GREEN (unrestricted) data to the N-DEx, in which case there is no requirement to define and administer a sharing policy. Marking data GREEN benefits all users by increasing the potential for data correlations and search results. Agencies may need to use yellow and/or red levels due to the nature of the data. However, agencies are encouraged to designate the majority of their data as GREEN.
YELLOW Data: Access to this data is pointer-based. N-DEx users that retrieve a record marked YELLOW will not be able to see the data; rather, N-DEx users will be given a POC that must be contacted in order to gain access to the information. Agencies should mark data as YELLOW only if LEAs wish to share the data on a case-by-case basis. N-DEx users that are members of a specified sharing group may be authorized to view the record data. Agencies should be judicious when selecting POCs and marking their agency data as YELLOW.
RED Data: Access to the data is restricted. Within N-DEx, the RED data items are not visible to others except those in specified sharing group(s). Any correlations/matches made by an N-DEx user to restricted data will receive a No Results message unless he/she is a designated member of a sharing group established by the submitting N-DEx LEA’s Source Data Administrator.
There are four methods that can be used to submit data to N-DEx: Secure File Transfer Protocol (SFTP), web services, web portal submission (manually entering data online), and manual submission (mailed media).
- SFTP: This method is preferred by agencies that are performing periodic extracts, such as nightly or weekly, from their records system as bulk XML uploads to N-DEx in an accepted IEPD format.
- Web services: For those submitting agencies that wish to have their system send single documents to N-DEx on a more frequent basis. In order to submit data in this fashion, the partnering agency will have to create a web service client and invoke the N-DEx ingest web service.
- Web portal submission (manually entering data online): Only the agency N-DEx LEA data administrators can manually create a record within N-DEx. This option is good for infrequent N-DEx submissions or those agencies without the capabilities to submit electronically.
- Manual submission (mailed media): An agency can send their data on an external media device (CD, DVD, external hard drive, or thumb drive). This method is also used for the initial legacy data submissions.
N-DEx data submission services are available on the Internet without the need to setup a specialized connection. Contact an N-DEx liaison specialist to discuss strategy and implementation.
N-DEx is always available to accept data submissions and updates. Each record-owning agency can submit data, including any updates or changes to the original submission, as often they deem necessary. N-DEx would prefer to have updates at least weekly to monthly, but more frequently is perfectly acceptable.
No. Agencies submitting data to N-DEx will retain ownership of all data submitted and are responsible to keep the submitted data up to date and accurate.
No. N-DEx will validate that the data has been submitted by an agency and provide a report back to the agency containing information on records received and structural errors that need to be corrected.
Yes. N-DEx has the capability to store binary images.
Yes. In addition to being able to add, update, and modify records, the N-DEx CJAs source data administrators can delete individual records.
System Cost Questions
The FBI will not assess a fee for participation in N-DEx. However, agencies are likely to incur costs associated with mapping their current data standard to the N-DEx IEPD or with upgrades to hardware and software.
One of the major considerations of the N-DEx implementation is the cost for agencies to participate in N-DEx. N-DEx was also designed to utilize nationally developed standards and existing systems and networks. Some costs are being reduced by using existing connections. The N-DEx program staff is also assisting agencies by providing implementation support, tools, and training.
The policy for N-DEx is that ownership of the data is maintained by each contributing agency, and the agency will abide by their own state laws, statutes, and regulations and contribute the data accordingly. N-DEx supplies controls to allow an agency to decide what data to share, who can access it, and under what circumstances.
The N-DEx Program Office works very closely with the FBI’s Privacy and Civil Liberties Unit (PCLU) to internally assess N-DEx goals and objectives, particularly the execution of those objectives from a privacy perspective. The N-DEx Program Office has also taken a very proactive approach to privacy by engaging external privacy groups. This “privacy advocacy group” has assisted the N-DEx Program Office in discussing and identifying potential areas of concern relative to privacy in the N-DEx concept development. The following groups have been engaged as a part of the process: the American Civil Liberties Union, the Innocence Project, and the National Congress of Indian Affairs. By addressing privacy issues with the privacy advocacy group in the development phase, issues were identified and resolved prior to the system build. This process has also aided in relieving the CJIS Advisory Policy Board of privacy concerns.
In addition, tools have been developed within N-DEx to protect sensitive and personally identifiable information. These tools address the collection, dissemination, and use of all personally identifiable information. The N-DEx information sharing rules exist on the server and are applied when data is received. The N-DEx CJA source data administrators can configure these sharing rules and only require one configuration. Sharing rules will be applied automatically to all records matching the N-DEx CJA source data administrators’ sharing requests.
The collection, use, maintenance, and dissemination of personally identifiable information by the FBI requires a thorough analysis of policy, legal, and privacy issues. The N-DEx Privacy Impact Assessment (PIA) process provides a means to assure compliance with applicable laws, regulations, and policies governing individual privacy and provides agency officials with a systematic assessment of a new system’s impact on privacy prior to implementation of the system. Section 208 of the E-Government Act of 2002 requires that government agencies conduct PIAs before procuring or developing information technology systems that collect, maintain, or disseminate identifiable information about members of the public or when agencies initiate a new electronic collection of identifiable information about members of the public. The N-DEx PIA can be accessed at http://foia.fbi.gov/piandex040607.htm.
The Privacy Act of 1974 dictates any new information sharing initiative that maintains records containing personally identifiable information has to complete a System of Records Notice (SORN). The Privacy Act of 1974 also requires that the public be given 30 days in which to comment on any new or amended uses of information in a system of records. In addition, the Office of Management and Budget (OMB), which has oversight responsibilities under the Act, and Congress must be given 40 days in which to review major changes to Privacy Act systems. Pursuant to the Privacy Act of 1974 (5 U.S.C. 552a) and OMB Circular A-130, the N-DEx SORN provided a notice to the DOJ and the FBI. The notice proposed to establish a new system of records entitled N-DEx. This allowed the public to make comments regarding the N-DEx system prior to implementation. The N-DEx SORN can be accessed at http://foia.fbi.gov/privacy_systems/72fr56793.htm.
Per N-DEx policy, the ownership of the data is maintained by each contributing agency; the agency will abide by their own state laws, statutes, and regulations and contribute and maintain the data accordingly.
CJAs are responsible for handling all juvenile records according to their contributing agency’s state/local laws and by utilizing N-DEx data sharing policies to abide by their state/local laws. The agency submitting the record is the owner of that record. N-DEx provides templates and/or tags that enable the N-DEx CJA source data administrators to mark submitted data as GREEN, YELLOW, or RED. This capability allows agencies to submit information for sharing but controls the dissemination of sensitive information to protect the privacy of specific investigative data and to conform to the information dissemination policies of their CJA.
The FBI does not have the responsibility of servicing Freedom of Information Act (FOIA) requests for records contributed to N-DEx by outside agencies. Requesters seeking information should direct their inquiry to the CJA believed to own the record(s) relevant to their request.