Questions and Answers
Questions and Answers
The Law Enforcement National Data Exchange (N-DEx) system is being developed by the Federal Bureau of Investigation, Criminal Justice Information Services (CJIS) Division. The CJIS Division also operates the OneDOJ system. These systems are key components of the Department of Justice (DOJ) Law Enforcement Information Sharing Program (LEISP). The phased integration approach of OneDOJ into the N-DEx system began in July 2009 with the LEISP Exchange Specifications Search and Retrieve (LEXS SR) interface between the two systems. Integration efforts will be ongoing throughout the year. Together these systems will provide a nationally scaling system that will leverage the advantages of a data repository, and will have the capability and characteristics of a federated system. The integration of N-DEx and OneDOJ will provide the law enforcement community a mechanism for data retrieval and exchange, and provide a national information sharing solution for fighting crime and terrorism.
For additional information submit an e-mail to the N-DEx Program Office (PO) at firstname.lastname@example.org or contact the N-DEx Program Office at (304) 625-4242.
- What is N-DEx?
- What is OneDOJ?
- Does N-DEx have any affiliation with the four major law enforcement associations? If so, how?
- What is the relationship between the N-DEx system and the OneDOJ system?
- What services and capabilities does N-DEx provide? How is N-DEx being implemented?
- What services and capabilities does OneDOJ provide?
- What is a federated search?
- What types of data will be shared through N-DEx?
- What types of data are shared through OneDOJ?
- Are N-DEx and OneDOJ intelligence systems?
- Who owns and maintains the data submitted to N-DEx?
- How current is the data in N-DEx?
- Is N-DEx a 24/7 system?
- Is there a help desk number for N-DEx?
- Is there a help desk number for OneDOJ?
- How can an individual learn more about N-DEx and OneDOJ?
- Why should an agency participate in N-DEx?
- Can an agency still participate in N-DEx if it does not have an Records Management System?
- What steps does an agency need to take to participate with N-DEx?
- What hardware or software is required to access N-DEx?
- How many users can an agency have?
- Who is responsible for auditing N-DEx?
- Can an employee background check be administered in N-DEx?
- Can an individual access N-DEx even if their agency does not contribute data?
- Can a local, county, state, tribal, or other federal agency access OneDOJ data?
- Does a user need a LEO account to access N-DEx?
- Does a user need a LEO account to access OneDOJ?
- How does an individual get an N-DEx/OneDOJ/LEO account(s)?
- What if a LEO account has expired or is unknown?
- Is a full social security number necessary on the N-DEx/OneDOJ/LEO Access Request Form?
- What should be filled in for the ORI on the N-DEx/OneDOJ/LEO Access Request Form?
- What approval signatures are needed on the N-DEx/OneDOJ/LEO Access forms?
- Is personal information protected during the N-DEx/OneDOJ/LEO application process?
- Is N-DEx training available?
- Who should take the N-DEx Computer Based Training Modules?
- What CBT modules are available?
- What is the role of the CSO in N-DEx?
- What is the role of the N-DEx LEA User Administrator?
- What is the role of the N-DEx LEA Source Data Administrator?
- What is the role of the N-DEx LEA Analytical Reporter?
- What is the role of the N-DEx Auditor/Security Administrator?
- What is the role of the Automated Processing Manager?
- What is the penalty for misusing N-DEx?
- Can I access N-DEx directly from my agency's system?
- Can I leverage NCIC and/or III data from N-DEx?
- Can I search N-DEx from NCIC and/or III?
- How should I update my N-DEx user profile?
- What skills are required to access N-DEx?
- What is the relationship between LEXS, NIEM, and N-DEx?
- Does an agency need to map to the N-DEx IEPD? How can I get a copy?
- Can an agency submit data to N-DEx using LEXS?
- Are there FBI-accredited vendors available to assist LEAs in mapping their data to the N-DEx IEPD?
- What is the N-DEx ConTesA Tool?
- Does an agency have to be part of a regional or state data sharing system to submit data to N-DEx?
- Does each agency maintain control of the records it submits to N-DEx?
- How does N-DEx handle sensitive data?
- How does an agency submit data to N-DEx?
- How does an agency establish connectivity with N-DEx?
- Can a local, county, state, tribal, or other federal agency submit data to the OneDOJ system?
- Will the data submitted to N-DEx be used for NIBRS reporting?
- Will N-DEx alter an agency’s data once it’s submitted?
- Will N-DEx check that the data is complete and accurate upon submission?
- Does N-DEx store an agency’s data? If yes, for how long?
- Can N-DEx store images?
- Can an LEA delete a record?
- Does each agency maintain control of the records it submits to N-DEx
- Is there a cost to participate in N-DEx?
- Are there grant funds available to participate in N-DEx?
- What is the FBI doing to alleviate funding issues?
- What precautions are being taken to follow relevant local policy regulations/laws related to sharing criminal and/or victim information?
- How have privacy issues/concerns been addressed for N-DEx?
- What is the N-DEx PIA? How can I get a copy?
- What is the N-DEx SORN? How can I get a copy?
- How does N-DEx accommodate state laws regarding record retention?
- How does N-DEx handle juvenile records?
- How are FOIA requests handled for N-DEx?
The Law Enforcement National Data Exchange (N-DEx) is an FBI CJIS Division system that provides law enforcement agencies (LEAs) with a powerful new investigative tool to search, link, analyze, and share criminal justice information such as, incident/case report and arrest data, booking and incarceration data, probation/parole data, and expanded Department of Justice (DOJ) data sources on a national basis to a degree never before possible. N-DEx allows participating LEAs to detect relationships between people, places, things, and crime characteristics, and link information across jurisdictions. N-DEx has been developed in collaboration with the law enforcement community, and is accessible to authorized users within law enforcement and criminal justice communities.
OneDOJ is a system developed by the (DOJ) for two information sharing purposes: first to share data among its law enforcement components and second to provide DOJ data access to regional systems. The OneDOJ system is a repository for only DOJ law enforcement components’ (Bureau of Alcohol, Tobacco, Firearms, and Explosives; Bureau of Prisons; Drug Enforcement Administration; FBI; and United States Marshals Service) data that enables sharing of investigative information within the Department. OneDOJ actively engages regional systems in a cooperative manner to establish connectivity to their systems and to OneDOJ data. The OneDOJ system allows regional data to be searched, accessed and compared with the OneDOJ system’s repository data. Data is not contributed by external partners to the OneDOJ system.
Yes. As a part of the DOJ Law Enforcement Information Sharing Program (LEISP) strategy, the N-DEx Program Office staff is working in partnership with the Information Sharing (INSH) Subcommittee of the CJIS Advisory Policy Board. The INSH Subcommittee is comprised of representatives from local, county, state, tribal, and federal LEAs, including representation from the International Association of Chiefs of Police; Major Cities Chiefs Association; National Sheriffs’ Association; Major County Sheriff’s Association; the DOJ; and the Department of Homeland Security. The N-DEx Program Office staff has identified over 40 individuals as Subject Matter Experts from the law enforcement community, including members from the four major law enforcement associations, to assist in the development, planning, and deployment of the N-DEx system.
Currently, the N-DEx and OneDOJ systems and processes are being tightly integrated by the N-DEx Program Office. The beginning phases of integration are underway. The (LEXS SR interface) connection between N-DEx and OneDOJ has been completed. Full integration of OneDOJ with N-DEx will capitalize on more advanced capabilities of N-DEx while providing access to OneDOJ data. The N-DEx and OneDOJ systems working together will provide the national information sharing solution, virtual regional capability, and link existing regional/state/agency systems.
N-DEx empowers LEAs with tools to manage and share their agency data with other LEAs on a national scale. N-DEx provides the capability for users to perform sophisticated searches, which includes assisting the user in detecting relationships between people, places, things, and crime characteristics, and linking information across jurisdictions without information overload. N-DEx also ensures that all data sharing takes place in a secure environment which is only available to authorized users in the law enforcement and criminal justice community. N-DEx will expand services and capabilities over three increments.
- In March of 2008, N-DEx Increment 1 was deployed. N-DEx provides the capability for LEAs to share and manage incident/case report and arrest data and open and closed investigative case data with other LEAs, using data sharing policies and role-based access controls. N-DEx also provides a secure forum for users to: search; perform entity correlation and entity resolution; graphically visualize data scenarios; use analytical reporting tools; leverage other data sources such as the National Crime Information Center (NCIC) and the Interstate Identification Index (III); access on-line training; and support 50,000 users.
- In the July of 2009, N-DEx Increment 2 was deployed beginning the integration of the OneDOJ System. N-DEx expanded capabilities to include: sharing and managing of booking and incarceration data; federated searches; automated processing; collaboration; notification; subscription; personalized settings; web services; N-DEx Web Portal; and support 100,000 user.
- In Fall 2010, N-DEx Increment 3 will be deployed. N-DEx will expand capabilities even further to include: sharing and managing of probation and parole data; enhancing data collaboration tools; enhancing notification; enhancing subscription tools; and supporting 200,000 plus users.
OneDOJ provides users the ability to search, view, and analyze both OneDOJ data and data of designated partners stored in their own repositories (federated search).
A federated search capability allows users to search multiple data sources with a single query from a single user interface. These data sources are independently managed systems that allow partial and controlled sharing of data without affecting existing applications. A federated search merely consists of a query that is sent out to multiple data sources or databases using the appropriate syntax. Once the search is completed, the results are merged into a unified format via a portal or aggregation point. For example: Currently an N-DEx user can search the N-DEx data repository and federate a search to NCIC, III, and OneDOJ.
- LEAs have the ability to share incident/case report data, arrest data, and booking and incarceration data.
- In Fall 2010, N-DEx will also include probation and parole data.
The DOJ Component Agencies submit a variety of information to OneDOJ in order to assist law enforcement officers with investigations. The FBI submits open and closed case information. The BOP provides federal inmate telephone lists and logs as well as inmate biographical and activity records. The DEA and ATF supply closed case information on subjects of interest. USMS shares data which includes both open and closed cases.
In 2009, OneDOJ will begin receiving Joint Automated Booking System (JABS) data containing over 3.1 million records including 34 million images. JABS data contains information of alleged criminal offenders who have been booked and arrested by federal agencies, as well as come local and state agencies.
No. Although N-DEx and OneDOJ do not contain intelligence data they will provide value to the intelligence community.
Agencies submitting data to N-DEx will retain ownership of all data submitted and are responsible for maintaining the submitted data to ensure accuracy and completeness.
The information in N-DEx is as current as the data submitted and /or updated by agencies. LEAs have the option to submit data as close to real-time as possible. Agencies also have the option of submitting up to five years of historical data at the time of the initial data submission.
Yes. N-DEx is operational 24/7.
Yes. N-DEx help desk number is (304) 625-HELP (4357) and is operational 24/7. Individuals can also send an e-mail to email@example.com.
Yes. OneDOJ help desk number is (304) 625-HELP (4357) and is operational 24/7. Individuals can also send an e-mail to OneDOJhelp@leo.gov.
To learn more about the N-DEx system and the OneDOJ system visit the N-DEx Program Office website at http://www2.fbi.gov/hq/cjisd/ndex/ndex_home.htm ,submit an e-mail to the N-DEx Program Office at firstname.lastname@example.org, or contact the N-DEx Program Office at (304) 625-4242.
The N-DEx system’s services and capabilities allow participating agencies to: detect relationships between people, places, things and crime characteristics; link information across jurisdictions; and “connect the dots” between data that are not apparently related without information overload. N-DEx provides contact information and collaboration tools for LEAs that are working on cases of mutual interest.
Data shared through N-DEx remains the property of the law enforcement agency that submits it. N-DEx supplies controls to allow LEAs to decide what data to share, who can access it, and under what circumstances allowing agencies to participate in accordance with applicable laws and policies governing dissemination and privacy.
Yes. LEAs can submit and use N-DEx if their state and/or area does not have a Records Management System (RMS) through coordination with the state CJIS Systems Officer (CSO).
- Sign an N-DEx Memorandum of Understanding (MOU). The N-DEx MOU can be accessed at www.leo.gov;
- Map agency data to the current N-DEx Information Exchange Package Documentation (IEPD). (See link under Data Mapping Questions.)
- Connect through an existing CJIS Wide Area Network (WAN) connection, an Internet based Virtual Private Network (VPN) connection, and/or send data on an external media device (CD, DVD, external hard drive, or thumb drive).
No special hardware/software is required to access the N-DEx portal. However, to access the N-DEx portal, the user must have a system with Internet access, a valid Law Enforcement Online (LEO) user account, the ability to access the LEO Netlet Tunnels from their workstations, and adhere to end-user policies and procedures governing access to LEO, N-DEx, and OneDOJ, i.e. no public access.
There are no restrictions on the number of N-DEx users an agency can have; however, N-DEx access shall be coordinated through the state CSO/POC or federal CSO>POC.
The FBI CJIS Audit Unit will implement and manage the N-DEx Audit. Upon completion of the N-DEx audit of an agency, the FBI CJIS Audit Unit will compile a report that documents the audit findings and provide a draft report to the N-DEx Program Office and the state CSO for review and response.
No. N-DEx is an investigative tool for criminal justice information purposes only.
Yes. N-DEx users can access N-DEx through LEO using a secure portal. N-DEx users can search LEA data and utilize investigative tools that assist in detecting relationships between people, places, things, and crime characteristics, and link information across jurisdictions even if their agency chooses not to submit data to the N-DEx system.
Yes. OneDOJ permits external partners to access DOJ data through federated searches. Additionally, OneDOJ data can be searched through the N-DEx system
Yes. N-DEx users must have a LEO account to access the N-DEx portal. The N-DEx Program Office will begin piloting web-based services with test agencies in the fall of 2009.
There are two options for obtaining the N-DEx/OneDOJ User Application forms.
1. Go to http://www.leo.gov and scroll to the bottom of the page. Click the "Click here" link under N-DEX/OneDOJ User Application. Print; fill out; and fax the required access request forms to (888) 550-6427.
2. The N-DEx Program Office utilizes a "Fax-on-Demand" service that provides individuals, through electronic dial-up access, the capability to order forms. The “Fax on Demand” number is (877) 854-7596 (proceed to Option #2 on the telephone menu to send these forms to a local fax) and then fill out, sign, and fax the required access request forms to (888) 550-6427. There are three forms available on the “Fax on Demand” service which include: N-DEx/One DOJ User Application (document number 201); N-DEx/ One DOJ Bulk Verification (document number 202); and N-DEx/OneDOJ Cancellation of Services (document number 203).
To obtain information on an expired or unknown LEO account individuals can call the LEO Support Center at (888) 334-4LEO (4536) or TTY (304) 625-3963.
No. For security reasons only the last six digits of a social security number are mandatory for N-DEx/OneDOJ/ access. Zero’s are to be used in the first three digits as place holders (000-xx-xxxx).
Individuals requesting access to N-DEx must obtain their organization's Originating Agency Identifier (ORI) through their CJIS Systems Officer (CSO). Individuals would then "fill in" the nine-character National Crime Information Center (NCIC) or N-DEx ORI assigned to their agency by the CJIS Division staff. ORIs are used to identify the organization in transactions on CJIS Division systems.
Note: For a list of CSOs, contact your agency Terminal Agency Coordinator (TAC).
What approval signatures are needed on the N-DEx/OneDOJ/LEO Access forms?
The access process requires a coordinated effort between an Agency Head and their respective CSO/Designated point of contact (POC). For a list of CSOs, contact your agency TAC.
The N-DEx/OneDOJ User Application is used to grant access to N-DEx and/or OneDOJ.
Applicant must sign Section 3;
- Applicant's Agency Head/Supervisor must sign in section 4; and
- Applicant’s CSO/Designated POC must sign section 5.
The Rules of Behavior form is a general agreement that outlines the acceptable and unacceptable uses of FBI Information Technology and Information systems.
- Applicant must sign.
Note: All applicants need to fill out and sign the N-DEx/OneDOJ User Application and Rules of Behavior form.
The N-DEx/OneDOJ Bulk Verification request form is used at the CSO or local level when it would be cumbersome to sign mass quantities of N-DEx/OneDOJ User Account.
- Must be signed by the Agency Head/Supervisor and the CSO/Designated POC.
The N-DEx/OneDOJ Cancellation of Services form is used to notify the CJIS Division of those individuals that require termination of their N-DEx/OneDOJ User Application
- Must be signed by the Agency Head/Supervisor and the CSO/Designated POC.
All completed forms should be faxed to (888) 550-6427.
Yes. All applications received on the “Fax-on-Demand” fax server are automatically sent and stored electronically on a secure system. A Top Secret Clearance is required by all personnel who process these applications.
Yes. The approach for N-DEx training is three-fold: Train-the-Trainer, N-DEx User Training, and Computer Based Training (CBT).
- N-DEx CBT modules are the foundation of the N-DEx education. The CBT modules will allow users to go through examples, practice system functions, and exercises. Access to the N-DEx CBTmodules is provided through LEO at www.leo.gov., on the N-DEx system by clicking on the training button, or LEA representatives can receive the CBT modules on compact diskettes by submitting an e-mail with name, title, agency name, mailing address, e-mail address, and telephone number to the N-DEx Program Office at email@example.com.
- N-DEx User Training is available if an agency has a specific need. This training may be requested by contacting an N-DEx Regional Coordinator. Ability to meet user requests is solely dependent on resource availability and the training schedule.
- Train-the-Trainer session (N-DEx classroom training) is provided to agencies' training coordinators and/or selected representatives. They will receive training materials, including lesson plans, to use in training agency personnel within their jurisdiction.
N-DEx CBT modules are designed to be taken by all users according to their anticipated use of
Law Enforcement Executives – Management (Chiefs, Sheriffs, Captains, Lieutenants)User Overview
Initiating System Policies
- LEA Investigator/Analyst (Investigative Specialist, Detective, Deputies, Patrol Officers)
- User Overview
- Subscription and Notification
- LEA Source Data and Security Administrators (RMS Personnel, Local Data Administrators)
- User Overview
- Data Management
- User Administrative Roles
- Data Sharing
There are currently nine N-DEx CBT modules available (requiring approximately four hours to complete) and are designed to be taken by users according to their anticipated use of N-DEx. However, if a user wishes to complete all nine CBT's modules he/she may do so.
- N-DEx Overview – this module introduces system capabilities and basic navigation, provides a brief guided tour of N-DEx, and reviews system functionality included in N-DEx;
- Search – this module introduces the user to the search capabilities of the system, as well as how results are generated from user searches;
- Administrative Roles – this module provides instruction to administer sharing policies, modify user access, provide for the production of reports, audit the usage/dissemination of agency data and records, and configure automatic processing of notifications/alerts;
- Initiating System Policies – this module introduces the concept of sharing LEA record data with other LEAs through N-DEx; explains how to mark records for sharing; and also guides the N-DEx LEA Source Data Administrator in the application of their LEA policies through the use of tools provided by N-DEx;
- Collaboration – this module provides instruction on using the Collaboration function of the N-DEx system. Users will learn how N-DEx provides the capability to join cooperative efforts through the sharing of information with other N-DEx users;
- Data Sharing– this module provides instruction to those who have been designated as N-DEx LEA Source Data Administrators on how to manage the data sharing rules on submitted records;
- Visualization – this module shows how people, items, locations, and other identifying information present in N-DEx records are graphically represented to analyze and assist in discovering connections and relationships in the data;
- Subscription and Notification – this module provides instruction on using the Subscription and Notification function of the N-DEx system. Users will learn how N-DEx works, through subscription requests, to continually and automatically match search criteria to future submissions and alert users to the results; and,
- N-DEx Data Management – this module teaches users to manage source data in N-DEx, retrieve data and produce reports.
The CSO is the POC for questions and issues related to the CJIS Division. The CSO is responsible for monitoring N-DEx, NCIC, and III systems usage, enforcing system discipline, and assuring that the CJIS Division operating procedures are followed by all users. The CSO should have operational and technical expertise with the CJIS Division systems and authority to represent state interests. The CSO, as well as the local agency authority and N-DEx LEA User Administrators, will also be responsible for granting permissions for N-DEx users in their LEA to access NCIC and III data through the N-DEx system.
Each LEA will designate at least two N-DEx LEA User Administrators (one primary and one alternate) within their agency to administer user permissions for their agency ORI or on behalf of the ORIs within their regional initiative. These individuals should have knowledge of their agency’s personnel and what privileges each N-DEx user should have.
The N-DEx LEA User Administrators are required to take the “Administrative Roles” CBT prior to having their roles established within N-DEx, and submit their certificate of completion to their training coordinator, keeping in mind the CBT certificate is auditable. The N-DEx Program Office staff will then establish the N-DEx LEA User Administrator role within the N-DEx system.
Note: The N-DEx LEA User Administrators and the N-DEx LEA Source Data Administrators cannot be the same people.
- N-DEx LEA User Administrator Roles and Responsibilities include:
- Establishing user accounts (manage/modify-add/remove) within the Originating Agency Identifier (ORI).
- Assigning pre-defined roles (Search, N-DEx LEA Source Data Administrator, N-DEx LEA Analytical Auditor/Security Administrator, N-DEx Automated Processing Manager, and N-DEx LEA Analytical Reporter)
- Assigns data source rights (NCIC, III and OneDOJ access) to users who are within the ORI and have created a user account within N-DEx via LEO. Additionally the User Administrator is responsible for maintaining NCIC Certification/Expiration dates.
- Review and keep up to date N-DEx users’ information within their agency ORI, or on behalf of the ORIs within their regional initiative, administrator roles, and groups.
Note: To search NCIC/III from N-DEx, users must be given permission by their state CSO and local agency authority AND users must also be certified users for NCIC/III. The N-DEx LEA User Administrators can then activate N-DEx user’s permissions to search NCIC/III data in conjunction with an N-DEx search.
Each LEA will designate at least two N-DEx LEA Source Data Administrators (one primary and one alternate) within their agency to administer data and manage data sharing policies for their agency ORI or on behalf of the ORIs within their regional initiative. These individuals will also manage sharing groups.
The N-DEx LEA Source Data Administrators are also required to take the “Data Management” and “Data Sharing” CBTs prior to having their roles established within N-DEx, and submit their certificates of completion to their training coordinator, keeping in mind these CBT certificates are auditable. The N-DEx Program Office staff will then establish the N-DEx LEA Source Data Administrator roles within the N-DEx system.
Note: The N-DEx LEA Source Data Administrators and the N-DEx LEA User Administrators cannot be the same people.
N-DEx LEA Source Data Administrator Roles and Responsibilities include:
- Submit LEA source data to N-DEx for their agency ORI or on behalf of the ORIs within their regional initiative.
- Manage data sharing policies for the data submitted.
- Maintain data submitted to N-DEx (view/modify/delete).
- Establish sharing groups to enable access to their LEAs otherwise restricted data (i.e., Yellow and Red records).
- Manage sharing groups (create/update/delete) and their access to their LEA sharing permissions (i.e. Yellow and Red data).
- If applicable, manage the agency’s National Incident-Based Reporting System (NIBRS) extract.
- Generate Analytical Reports on LEA Usage and N-DEx Usage and Growth.
- Reviewing the LEA Data Submission Summary Report. After the LEA’s data is ingested into the N-DEx system a report, the LEA Data Submission Summary Report, will be generated detailing the total number of successful submissions, as well as, the number of failed submissions the LEA had for the time period in which the report was created (the N-DEx Regional Coordinator will send this report to the N-DEx LEA Source Data Administrator on a weekly basis. It is the responsibility of the N-DEx LEA Source Data Administrator to review the report and make necessary fixes to correct the noted failed data submissions
The N-DEx Program Office staff recommends LEAs designate a minimum of two Analytical Reporters (one primary and one alternate). The N-DEx LEA Analytical Reporter roles are granted to N-DEx users by their agency N-DEx LEA User Administrator. These individuals will generate N-DEx system reports with the LEA data for their agency ORI or on behalf of the ORIs within their regional initiative. This role also allows an N-DEx user to support its LEA in the production, sharing, and distribution of system and investigative reports.
The Auditor/Security Administrator has the ability to perform all audit modification procedures through the N-DEx portal such as adding, removing, replacing or delegating audit authority. The roles include the Data Auditor and User Auditor who have the ability to generate, download, rename and delete audit reports.
N-DEx Auditor/Security Administrator Roles and Responsibilities include:
- Security Administrator – performs all audit modification procedures through the N-DEx portal such as viewing auditor roles (User and Data Auditors), removing roles, and replacing roles,
- Data Auditor – authorized to audit the dissemination of data and records within your agency and to other LEAs. The Data Auditor can generate, download, rename and delete audit reports. The Data Auditor requests audit reports that are based on data, but not allowed to request audits of a user’s actions, and
- User Auditor – authorized to audit the actions of all users within your agency, such as searches performed, collaboration postings/retrievals completed, log-on/off attempts and reports created. The User Auditor can generate, download, rename and delete audit reports. The User Auditor requests audit reports on user action, but not allowed to request audits based solely on data.
The Automated Processing Manager will manage the automated processing notifications. This person will provide the user with the capability to receive N-DEx automated reports and across agencies. The N-DEx Program Office enables the Automated Processing Manager capabilities within the system.
N-DEx N-DEx Automated Processing Manager roles and responsibilities include:
- Manages the agency’s automated processing notifications.
- Provides the user with an N-DEx automated service that requires no subscription to the service.
The N-DEx program office is currently working in conjunction with the CJIS Audit Unit, and is defining an audit process. Willful misuse of N-DEx will result in revocation of system access and may result in being prosecuted by law.
No. Access to N-DEx is granted via LEO. N-DEx users must be able to login to LEO to access the N-DEx portal; however, the N-DEx Program Office will begin piloting web based services with test agencies in the fall of 2009.
Yes. N-DEx searches have the capability to leverage other data sources (i.e., NCIC/III and OneDOJ information), but must be performed in conjunction with an N-DEx search. NCIC/III permissions need to be coordinated through the agency N-DEx LEA User Administrators. The agency CSO and local agency authority must have also granted specific permission to access NCIC/III through N-DEx. This feature is only allowable if an N-DEx user is also a certified user of NCIC/III.
No. Users cannot access the N-DEx portal from their NCIC or III connection.
Your N-DEx user profile is updated through the LEO website. To update your LEO user profile, log in to LEO. Click the “Member Services” link, and then click “View/Edit Your Member Profile”. It takes up to 24 hours for the profile information to be updated on N-DEx. For assistance in updating your LEO profile, contact the LEO Support Center at (888) 334-4536.
Basic computer skills are recommended for users to successfully utilize N-DEx resources.
Data Mapping Questions
The N-DEx Information Exchange Package Documentation (IEPD) conforms to the Logical Entity eXchange Specification (LEXS) and the National Information Exchange Model (NIEM). N-DEx is a system that uses LEXS and NIEM within its IEPD to create its schema and ensure the ability to share information.
Agencies wishing to submit data to N-DEx must map their data to the most current version of the N-DEx IEPD to maximize the data sharing opportunities offered by N-DEx. Submitted data must conform to and be consistent with the line of business articulated within the N-DEx IEPD, i.e., incident/arrest, booking/incarceration, and probation/parole.
To obtain a copy of the N-DEx IEPD go to www.it.ojp.gov In the toolbar on the left hand side of the screen select Justice Standards Clearinghouse option, select the Technology Standards option Select Law Enforcement under the Communities Tab. The IEPD’s are listed by title and in alphabetical order. The IEPD’s will be listed as Law Enforcement National Data Exchange (N-DEx). Various versions of IEPD’s for the Law Enforcement National Data Exchange are listed; choose the IEPD appropriate for your needs. After you select the document go to the notes section of the page. Read the instructions carefully. We recommend downloading the attached .zip file, then extracting it to the desired location. The catalog.html file contains hyperlinks to all IEPD artifacts.
Yes. Beginning with N-DEx Increment 2, data submissions utilizing only LEXS version 3.1 and later, but containing an otherwise specified structured payload, can be successfully submitted to N-DEx with degraded analytic expectations.
No. The FBI will not provide accreditation to any vendors. However, the N-DEx Program Office staff utilizes a tool to assist agencies in validating their mapped data to the N-DEx system called Conformance Testing Assistance (ConTesA).
The N-DEx Program Office staff utilizes a tool called ConTesA to assist agencies in validating their mapped data for the N-DEx system to ensure compliance with the N-DEx IEPD. The N-DEx ConTesA tool will also reduce the turn around period for the verification review process. The use of the N-DEx ConTesA tool is not required but is highly recommended.
The ConTestA Tool is located at https://contesa.ittl.gtri.org/contesa, you will be able to create an account at this site.
1. Log in to ConTesA. https://contesa.ittl.gtri.org/contesa
2. Browse to find the sample xml document to be validated
3. Select Upload
4. Select Begin Validation
5. After validation has completed, select View Results
6. Click on the + to expand Submission (Total Message Count: 1)
7. Click on the (Details) link for the package (a package will be equivalent to an incident. You can have multiple packages in a single submission)
8. Click on the LEXS Detailed View button to view the data provided in the package
9. You will see an overview of all “entities” contained in the package. You can expand/collapse each to see the details, or select the Expand All button to view details for all of them.
No. Although it is possible for a single agency to submit data to N-DEx directly, the CJIS Advisory Policy Board (APB) recommends agencies submit their data to N-DEx through a regional or state data sharing system.
Yes. Ownership of data shared in N-DEx will remain with the contributing agency.
N-DEx supplies controls to allow an agency to decide what data to share, who can access it, and under what circumstances, and allows agencies to participate in accordance with applicable laws and policies governing dissemination and privacy.
The agency submitting the record is the owner of that record. N-DEx provides templates and/or tags that enable the agency N-DEx LEA Source Data Administrators to mark submitted data as GREEN, YELLOW, or RED. This capability allows agencies to submit information for sharing while controlling the dissemination of sensitive information. This tool allows the LEA to protect the privacy of specific investigative data while conforming to their internal policies for information dissemination.
GREEN Data: Access to this data is unrestricted to all N-DEx users with “search” privileges. Within the system all information is, by default, labeled GREEN unless otherwise marked. The data is visible to all users. An agency can choose to submit ONLY GREEN (unrestricted) data to the N-DEx, in which case there is no requirement to define and administer a sharing policy. Marking data GREEN benefits all users by increasing the potential for data correlations and search results. Agencies may need to use Yellow and/or Red levels due to the nature of the data. However, agencies are encouraged to designate the majority of their data as GREEN.
YELLOW Data: Access to this data is pointer-based. N-DEx users that retrieve a record marked YELLOW will not be able to see the data; rather, N-DEx users will be given a POC that must be contacted in order to gain access to the information. Agencies should mark data as “YELLOW” only if LEAs wish to share the data on a case by case basis. N-DEx users that are members of a specified sharing group may be authorized to view the record data. Agencies should be judicious when selecting POCs, and marking their agency data as YELLOW.
RED Data: Access to the data is restricted. Within N-DEx, the RED data items are not visible to others except those in specified sharing group(s). Any correlations/matches made by an N-DEx user to restricted data will receive a “No Results” message unless he/she is a designated member of a sharing group established by the submitting N-DEx LEA's Source Data Administrator.
There are four methods that can be used to submit data to N-DEx: Secure File Transfer Protocol (SFTP), Manual Entry (manually entering data online), Manual Submission (mailed media) and Web Services.
- SFTP – batch submission refers to the data submission process an agency uses to SFTP. The agency must have connectivity to N-DEx in order to use the batch submission process, and can send multiple records in one file submission to N-DEx.
- Manual Entry (manually entering data online) – only the agency N-DEx LEA Data Administrators can manually create a record within N-DEx. This option is good for infrequent N-DEx submissions or those agencies without the capabilities to submit via SFTP.
- Manual Submission (mailed media) – an agency can send their data on an external media device (CD, DVD, external hard drive, or thumb drive). This method is also used for the initial legacy data submissions.
- Web Services –- for those submitting agencies that wish to have their system send single documents to N-DEx on a more frequent basis. In order to submit data in this fashion the partnering agency will have to create a web service client and invoke the N-DEx ingest web service.
Connectivity to N-DEx can be established through a Virtual Private Network connection over the Internet or via an existing CJIS Wide Area Network circuit. If an agency would like to connect through the CJIS WAN, an established WAN line must already be in place. If an agency does not have a CJIS WAN connection, then a VPN across the Internet is the alternative method for establishing connectivity. Agencies will be responsible for providing equipment capable of producing 3 Data Encryption Standard or Advanced Encryption Standard VPN tunnels.
No. OneDOJ is a repository for only DOJ components’ data.
N-DEx has no minimum requirement for the frequency of data submissions. The agency decides how often it would like to submit data to the N-DEx system. Agencies do have the option of submitting their data as close to real-time as possible.
At the submitting agency’s request, a NIBRS extract can be submitted to the Uniform Crime Reporting Program from their N-DEx submission. This capability will be available in fall of 2009.
No. Agencies submitting data to N-DEx will retain ownership of all data submitted and are responsible to keep the submitted data up to date and accurate.
No. N-DEx will validate that the data has been submitted by an agency and provide a report back to the agency containing information on records received and structural errors that need to be corrected.
Yes. N-DEx has the capability to store digital images that are submitted with an incident report.
Yes. The N-DEx LEAs Source Data Administrators can delete individual records, in addition to being able to add, update, and modify records. They can also entirely delete a record and replace it with a new record, but cannot modify a record that was submitted automatically.
Note: No LEA can change or delete the information of another LEA unless that agency has granted permission for their LEA N-DEx Source Data Administrators to do so.
The FBI will not assess a fee for local, county, state, tribal, and federal agencies to participate in N-DEx. However, agencies are most likely to incur costs associated with connectivity to the N-DEx system. Costs could also be associated with mapping their current data standard to the N-DEx IEPD or with upgrades to hardware and software by agencies currently lacking the technical proficiency to participate in N-DEx.
Community Oriented Policing Services grants are becoming more readily available to aid agencies with funding for participation in N-DEx. Additionally, the N-DEx Program Office staff continues to coordinate efforts with the DOJ Bureau of Justice Assistance (BJA) for continued funding opportunities.
One of the major considerations of the N-DEx implementation is the cost for agencies to participate in N-DEx. In order to advise agencies with costs, a Cost Model database for N-DEx has been developed.
N-DEx was also designed to utilize nationally developed standards and existing systems and networks. Some costs are being reduced by using existing connections. The N-DEx Program staff is also assisting agencies by providing implementation support, tools, and training.
What precautions are being taken to follow relevant local policy regulations/laws related to sharing criminal and/or victim information?
The policy for N-DEx is that ownership of the data is maintained by each contributing agency; the agency will abide by their own state laws, statutes, and regulations and contribute the data accordingly. N-DEx supplies controls to allow an agency to decide what data to share, who can access it, and under what circumstances.
The N-DEx Program office works very closely with the FBI’s Privacy and Civil Liberties Unit (PCLU) to internally assess N-DEx goals and objectives, particularly the execution of those objectives from a privacy perspective. The N-DEx Program Office has also taken a very proactive approach to privacy by engaging external privacy groups. This “privacy advocacy group” has assisted the N-DEx Program Office in discussing and identifying potential areas of concern relative to privacy in the N-DEx concept development. The following groups have been engaged as a part of the process: the American Civil Liberties Union, the Innocence Project, and the National Congress of Indian Affairs. By addressing privacy issues with the privacy advocacy group in the development phase, issues were identified and resolved prior to the system build. This process has also aided in relieving the CJIS APB of privacy concerns.
In addition, tools have been developed within N-DEx to protect sensitive and personally identifiable information. These tools address the collection, dissemination, and use of all personally identifiable information. The N-DEx information sharing rules exist on the server and are applied when data is received. The N-DEx LEA Source Data Administrators can configure these sharing rules and only require one configuration. Sharing rules will be applied automatically to all records matching the N-DEx LEA Source Data Administrators’ sharing request.
The collection, use, maintenance, and dissemination of personally identifiable information by the FBI requires a thorough analysis of policy, legal, and privacy issues. The N-DEx Privacy Impact Assessment (PIA) process provides a means to assure compliance with applicable laws, regulations, and policies governing individual privacy and provides agency officials with a systematic assessment of a new system’s impact on privacy prior to implementation of the system. Section 208 of the E-Government Act of 2002, requires that government agencies conduct PIAs before procuring or developing information technology systems that collect, maintain, or disseminate identifiable information about members of the public or when agencies initiate a new electronic collection of identifiable information about members of the public. The N-DEx PIA can be accessed at http://foia.fbi.gov/piandex040607.htm
The Privacy Act of 1974 dictates any new information sharing initiative that maintains records containing personally identifiable information has to complete a System of Records Notice (SORN). The Privacy Act of 1974 also requires that the public be given 30 days in which to comment on any new or amended uses of information in a system of records. In addition, Office of Management and Budget (OMB), which has oversight responsibilities under the Act, and Congress must be given 40 days in which to review major changes to Privacy Act systems. Pursuant to the Privacy Act of 1974 (5 U.S.C. 552a) and OMB Circular A-130, the N-DEx SORN provided a notice to the DOJ and the FBI. The notice proposed to establish a new system of records entitled "N-DEx". This allowed the public to make comments regarding the N-DEx system prior to implementation. The N-DEx SORN can be accessed at http://foia.fbi.gov/privacy_systems/72fr56793.htm.
Per N-DEx policy the ownership of the data is maintained by each contributing agency; the agency will abide by their own state laws, statutes, and regulations and contribute and maintain the data accordingly.
LEAs are responsible for handling all juvenile records according to their contributing agency’s state/local laws and to utilize N-DEx data sharing policies to abide by their state/local laws. The agency submitting the record is the owner of that record. N-DEx provides templates and/or tags that enable the N-DEx LEA Source Data Administrators to mark submitted data as GREEN, YELLOW, or RED. This capability allows agencies to submit information for sharing but controls the dissemination of sensitive information to protect the privacy of specific investigative data and to conform to the information dissemination policies of their LEA.
The FBI does not have the responsibility of servicing Freedom of Information Act (FOIA) requests for records contributed to N-DEx by other agencies. The requestor should direct their inquiry to the LEA they believe has record(s) relevant to their request.