Privacy Impact Assessment for the National Data Exchange (N-DEx) System

Issued by: Monica E. Ryan, Senior Component Official for Privacy, FBI
Approved by: Erika Brown Lee, Chief Privacy and Civil Liberties Officer, U.S. Department of Justice
Date Approved: May 9, 2014

Section 1: Description of the Information System

This Privacy Impact Assessment (PIA) addresses the final increments of the National Data Exchange (N-DEx) of the Federal Bureau of Investigation (FBI) Criminal Justice Information Services (CJIS) Division.

N-DEx is a major component of the Department of Justice (DOJ) Law Enforcement Information Sharing Program (LEISP) strategy, a principal purpose of which is to ensure that DOJ criminal law enforcement information is available to users at all levels of government so that they can more effectively investigate, disrupt, and deter criminal activity, including terrorism, and protect national security. N-DEx provides a national investigative information sharing system available through a secure Internet site that allows criminal justice agencies to search and analyze data representing the entire criminal justice cycle, including crime incident and investigation records; arrest, booking, and incarceration records; and probation and parole records. As a repository of information from local, state, regional, tribal, and federal criminal justice entities, N-DEx provides these agencies with the capability to make linkages between crime incidents, criminal investigations, and related events to help solve, deter, and prevent crimes.

At its initial deployment N-DEx access was only available to certain federal criminal justice agencies (CJAs)1 and selected state/local criminal justice law enforcement agencies2 in the United States and was primarily used to share and manage incident/case report and arrest data and open and closed investigative case among those users, using data sharing policies and role-based access controls. Since that time, N-DEx has become a valuable information sharing tool that is now being made available to all United States CJAs, and to certain foreign/international CJAs (on a limited basis). There are over 107,000 users and over 170 million searchable records in N-DEx. Not only is access to N-DEx limited to CJAs, but in addition CJAs may only access N-DEx for a criminal justice purpose, which includes adjudication, apprehension, correctional supervision, detection, detention, pre-trial release, post-trial release, prosecution, and rehabilitation of accused persons or criminal offenders. See 28 C.F.R. § 20.3(b). A criminal justice purpose also includes screening criminal justice agency applicants and employees, system user training, and system administration. See 28 C.F.R. § 20.21(b)(1) and .33(a)(1)).

N-DEx contains the personally identifiable information (PII) of suspects, perpetrators, witnesses and victims, and anyone else who may be identified in a law enforcement report concerning a crime incident or criminal investigation. Sharing this information assists the criminal justice community with providing services and protection to those who have been involved in or affected by crime. For system access control and audit purposes, N-DEx also contains biographical and contact data, access-authorization information, and system usage records about employees of the criminal justice agencies who have access to the system.

Much of this information in N-DEx is sensitive, and in the case of victim and witness information, it is highly sensitive and potentially subject to separate protections by law. In recognition of the sensitivity of the information, N-DEx permits each contributing agency to control the records it submits to the system in order to ensure that only necessary and appropriate information is entered into the system and accessed by users with a need to know. Legal or policy restrictions can be engrafted onto the sharing rules for N-DEx information through a configurable set of tools that allow contributing agencies the flexibility to control with whom and how their information is shared and disseminated. As described in the initial N-DEx PIA, information may be shared under three different rule sets: Green Level data is sharable with and viewable by N-DEx users; Yellow Level data is shareable with and viewable by N-DEx users as “pointer-based” data which consists of only record-owning agency point-of-contact information; and Red Level data is not shareable or viewable by designated N-DEx users. Agencies also must obtain advance permission and verification from the record-owning agency prior to any use of information found in N-DEx.

In addition to new users and new records being added since N-DEx was initially deployed, the following changes have been made:

1.  Multiple means of access: Authorized users have a choice in how to access N-DEx.  They may do so through the Internet via a web portal or by a Logical Entity eXchange Specifications (LEXS) Search/Retrieve (SR). Users accessing N-DEx via the LEXS-SR have query-only access to N-DEx and can display N-DEx results on their systems. N-DEx has also enhanced existing functionality and delivered some new features, including a search engine similar to that offered on the Internet. This new search engine improves search response time, provides more precise search results, and improves text and structured search capabilities. Prior to reliance or action upon, or secondary dissemination of N-DEx information, N-DEx users must satisfy the Advanced Permission Requirement (confirming the terms of N-DEx information use) and the Verification Requirement (verifying the completeness, timeliness, accuracy, and relevancy of N-DEx information) through coordination with the record-owning agency.

2.  Additional records: Additional record types, such as arrest, booking, incarceration, probation, and parole reports, are now able to be submitted and searched. An example of these types of records is the booking data from the Joint Automated Booking System (JABS), which is a Department of Justice (DOJ) automated system for collecting and transmitting booking and criminal investigation data.  N-DEx also permits record-owning agencies the option to have National Incident-Based Reporting System (NIBRS) information extracted from their N-DEx submissions and to be sent directly to the Uniform Crime Reporting (UCR) Program Office at CJIS.

3.  Integration of OneDOJ functionality: OneDOJ was an earlier DOJ system established on an interim basis as another part of DOJ’s LEISP strategy. Initially called R-DEx, OneDOJ began as a pilot program for consolidating selected information from certain DOJ components within a single technical interface to facilitate sharing of DOJ information among federal, state, and local members of regional law enforcement information sharing systems. However, the planned development of N-DEx offered greater long-term functionality, including a larger capacity for data retention and sharing, better analytic tools for users, and more precision for submitters to manage and control access to their records, together with enabling continued internal sharing among DOJ components and a virtual regional capability for continued sharing with existing regional/‌state/‌agency systems. Accordingly, in a phased process that has now been completed, N-DEx began separately assimilating the same DOJ data that had resided in OneDOJ. N-DEx now includes the same information that was once in OneDOJ, adding better functionality. OneDOJ has been decommissioned.

4. Automated Processing Capability: N-DEx now has the capability to make correlations between information without queries having to be made by the users. Previously, N-DEx users had to query the system or initiate a search in order for N-DEx to find existing correlations.  Now the Automated Processing Capability searches for correlations between newly-contributed information and information in N-DEx and automatically correlates that information. Correlations are those where the confidence of a match is very high, such as matches between subjects and Social Security numbers or telephone numbers, rather than matches of common names or non-specific crime descriptors (e.g. subject is white male, committed burglary). Agencies may choose to opt in or opt out of the Automated Processing Capability. Any correlation that is returned serves only as an investigative lead.

5. Subscription/Notification Capability: This new functionality enables N-DEx users to set a query to run on a repetitive basis to identify a particular item of interest, such as a particular incident report, and to be notified of any changes or updates to that incident report. The Subscription Capability also permits an N-DEx user to identify anyone else who may be querying N-DEx for the same information. The Notification Capability sends the user information based on the subscriptions. 

6.  Geo-visualization tools: N-DEx users can now set search parameters to restrict queries by geographic area by specifying areas on a map (radius circles or area polygons) or by parameters set in search screens.

7.  Collaboration Area: N-DEx users now have the capability to cooperate and collaborate with other users by forming groups to share information, to establish discussion forums, and to administer and manage group members and permissions.

8.  Criminal Justice Employee Background Investigations: N-DEx users now may search N-DEx for the purpose of conducting criminal justice employment background checks.  N-DEx users accessing N-DEx for this purpose must adhere to specific requirements relating to notice and consent, redress, and audits in order to protect the rights of the criminal justice applicant or employee.

9.  Access to on-line user training: Computer-based training (CBT) modules are the foundation of N-DEx training. The CBT modules will allow users to go through examples, practice system functions, and perform exercises. (CJA representatives can also receive the CBT modules on compact diskettes.) There are currently nine N-DEx CBT modules available (requiring approximately 30 minutes per module to complete) and are designed to be taken by users according to their anticipated use of N-DEx.

10.  Other expanded capabilities: These include sharing and managing of probation and parole data, and capability to support 200,000-plus users.

Section 2:  Information in the System

2.1 Indicate below what information is collected, maintained, or disseminated.

(Check all that apply.)

Identifying numbers

Social Security


Alien Registration


Financial account


Taxpayer ID


Driver’s license


Financial transaction


Employee ID




Patient ID


File/case ID


Credit card




Other identifying numbers (specify): Due to the large number and variety of criminal justice records contained in N-DEx, it is likely that many different personal identifiers, including identifying numbers and general personal data, will be contained in the records.

General personal data



Date of birth


Financial info


Maiden name


Place of birth


Medical information




Home address


Military service




Telephone number


Physical characteristics




Email address


Mother’s maiden name








Other general personal data (specify):

Work-related data



Telephone number




Job title


Email address


Work history


Work address


Business associates




Other work-related data (specify):


Distinguishing features/Biometrics






DNA profiles


Palm prints


Scars, marks, tattoos


Retina/iris scans


  Voice recording/signatures


Vascular scan


Dental profile


Other distinguishing features/biometrics (specify): These biometric images will be retrieved if associated with a relevant biographic record; however, N-DEx is not a biometric system and biometrics contained therein are not independently searchable.  

System admin/audit data

User ID


Date/time of access


ID files accessed


IP address


Queries run


Contents of files


Other system/audit data (specify):



Other information (specify): Explanatory data providing details about the reported events (e.g. crime incidents, investigations, arrests, bookings, incarcerations, probation, parole, etc.) and associated reports, procedures, and actions taken in the administration of criminal justice, as described in Section 1.


2.2 Indicate sources of the information in the system. (Check all that apply.)


 Directly from individual about whom the information pertains

In person


Hard copy:  mail/fax










Other (specify): The criminal justice records contained in N-DEx are submitted by local, state, regional, tribal, and federal (to include the FBI) criminal justice agencies that collected the information. Many of these agencies collect the information directly from the individual (e.g., the suspect or complainant) during the course of their investigations.


Government sources

Within the Component


Other DOJ components


Other federal agencies


Local, State, Tribal






Other (specify):


Non-government sources

Members of the public


Public media, internet


Private sector


Commercial data brokers






Other (specify): Nongovernmental railroad or campus police departments qualifying for access to criminal history record information.


2.3 Analysis:  Now that you have identified the information collected and the sources of the information, please identify and evaluate any potential threats to privacy that exist in light of the information collected or the sources from which the information is collected.  Please describe the choices that the component made with regard to the type or quantity of information collected and the sources providing the information to prevent or mitigate threats to privacy. (For example: If a decision was made to collect less data, include a discussion of this decision; if it is necessary to obtain information from sources other than the individual, explain why.)

Additional data has been added to the N-DEx system in the form of arrest, booking, incarceration, parole, and probation records. A privacy risk may exist due to the enhanced sharing of this data in N-DEx. However, this information has been available to and shareable by the FBI for several years; N-DEx simply provides an automated means to make it available to other law enforcement partners. User access to the information is always subject to CJIS and N-DEx security and policy restrictions which require that users may only access information for a criminal justice purpose and must enter a purpose code and reason for each query, which are subject to audit. In further mitigation, the new categories of data (as with all data in N-DEx) typically are not shared unless the user first makes a query, including an initial query that will prompt the Automated Processing Capability. In addition, submitters of the information can control access to the data that is added to the system. Likewise, the new Automated Processing Capability that makes correlations between incidents, events, and individuals may present a privacy risk in that additional information about individuals may become available automatically. Again, however, the capability only applies to those queries that have already been initiated in the system, and submitters can control how and whether their information is seen as part of this automatic capability. In addition, this is part of the benefit of the functionality; the availability of this information may help resolve crimes and permit criminal justice agencies to uncover potentially exculpatory information more efficiently. This ultimately benefits individuals who can be excluded as potential suspects.

The privacy of criminal justice applicants may be compromised when a criminal justice agency searches N-DEx as part of an employment background check. To mitigate that risk, before searching N-DEx for an employment purpose, the criminal justice agency must provide notice to the applicant and the applicant must return a written consent. The agency also must provide the applicant with an opportunity to challenge and/or correct records if employment is denied based on information obtained from N-DEx. Moreover, to assist with auditing the use of N-DEx for employment purposes, the agency must enter a specific use code that identifies the purpose of its search as employment. The fact of the N-DEx search also must be documented in the applicant’s file. Further, agencies contributing to N-DEx may choose not to permit searching of their records for employment purposes. 

The N-DEx Policy contains the required notice and consent language, the mandated redress process, and the audit requirements. These are additional safeguards that are meant to work in conjunction with the other N-DEx system requirements. 

Information collected for criminal justice purposes may present a privacy risk of “over-collection” because it is often difficult or even impossible to determine what information will be ultimately relevant to an investigation. N-DEx has mitigated this risk by requiring all entities accessing N-DEx, and all information placed in N-DEx, to be in accordance with the N-DEx Policy and Operating Manual (available here: ). N-DEx Policy emphasizes that each criminal justice entity using N-DEx is responsible for compliance with its own rules and authorities.  This means that information contributed to N-DEx should be shared based on legal authority. The Policy also requires data contributors, on a periodic basis, to ensure their records are up to date. When an agency updates records in its own system, it is required to make a corresponding update to the records contributed to N-DEx. N-DEx is able to run reports to show how often an agency modifies or deletes its records and so this functionality is auditable. Finally, before any use occurs of records contained in N-DEx, by N-DEx policy, the record-requesting agency must contact the record-owning agency and verify that the records are complete, timely, accurate, and relevant.

A privacy risk can result from placing sensitive information, which includes PII of victims and witnesses, into a national information sharing system like N-DEx, because this could lead to overly broad access to the information. In mitigation, N-DEx provides participating agencies with configurable tools that enable record-owning agencies control over the dissemination of their more sensitive information. Data contributors may further tailor the levels of sharing according to type of N-DEx user by, e.g., restricting data access to specific groups. As noted above, moreover, even when relevant information is accessed by an N-DEx user, N-DEx Policy requires criminal justice agencies to obtain advance permission from the record-owning agency prior to reliance or taking action upon, or secondary dissemination of the information.

Data shared in N-DEx may present a privacy risk because it could be inaccurate or stale. This risk is mitigated by the fact that N-DEx information must be verified with the record-owning agency, as noted above. This risk is further mitigated by the requirement that record-owning agencies periodically update their records. It is also important to note that it is in the interests of the criminal justice community to keep records as complete, timely, accuracy, and relevant as possible in order to effectively accomplish its mission.

Finally, unauthorized or inappropriate access to N-DEx information could present a privacy risk.  Mitigation of this potential privacy risk relies on system security that ensures that only authorized users have access to N-DEx. N-DEx system access is limited to criminal justice agencies and agencies performing the administration of criminal justice as defined by regulation. Agencies have access to N-DEx only if they have an assigned Originating Agency Identifier (ORI) and agree to adhere to the CJIS Security Policy (available here: ). The CJIS Systems Officer (CSO) for each state signs a CJIS User Agreement that acknowledges the state’s obligations to ensure that N-DEx data is accessed, retained, and disseminated appropriately. Each state CSO, in turn, ensures that all N-DEx users within his/her jurisdiction abide by the security requirements.  Both record-owning agencies and N-DEx users acknowledge they understand sanctions may be applied for intentional misuse of N-DEx. This privacy risk is further mitigated through security awareness training and by periodic audits conducted by each state’s CSO and the FBI to ensure N-DEx searches are necessary and relevant to the user’s official duties. Finally, the privacy risk of unauthorized or inappropriate access to N-DEx information is mitigated by strong system, user, site, and technical security features present in N-DEx described in detail in later sections of this PIA.

Section 3:  Purpose and Use of the System

3.1  Indicate why the information in the system is being collected, maintained, or disseminated.  (Check all that apply.)


For criminal law enforcement activities


For civil enforcement activities


For intelligence activities


For administrative matters


To conduct analysis concerning subjects of investigative or other interest


To promote information sharing initiatives


To conduct analysis to identify previously unknown areas of note, concern, or pattern.


For administering human resources programs


For litigation




Other (specify): 




3.2  Analysis:  Provide an explanation of how the component specifically will use the information to accomplish the checked purpose(s).  Describe why the information that is collected, maintained, or disseminated is necessary to accomplish the checked purpose(s) and to further the component’s and/or the Department’s mission.  

As listed below, the FBI has statutory authority to collect, preserve, and exchange criminal justice and law enforcement related information. N-DEx was created consistent with that authority to establish a secure national criminal justice information sharing capability. N-DEx contains information collected and contributed by criminal justice agencies pursuant to and compliant with all applicable local, state, tribal, and federal laws, and agency regulations, policies, and procedures. N-DEx provides the ability for criminal justice agencies to search and analyze information relevant to their missions. N-DEx enables users to discover information and make associations that promote the enforcement of criminal law and the administration of criminal justice.

3.3  Indicate the legal authorities, policies, or agreements that authorize collection of the information in the system. (Check all that apply and include citation/reference.)





 18 USC 3052, 28 USC 533, 534;

42 USC 3771; 44 USC 3301

Executive Order



Federal Regulation


   28 CFR 0.85, Subpart 20.

Memorandum of Understanding/agreement


   CJIS User Agreement



  CJIS Security Policy, N-DEx Policy


3.4  Indicate how long the information will be retained to accomplish the intended purpose, and how it will be disposed of at the end of the retention period.  (Reference the applicable retention schedule approved by the National Archives and Records Administration [NARA], if available.) 

The National Archives and Records Administration (NARA) has approved the destruction of FBI-contributed data to N-DEx after a period of 25 years. Audit logs must be maintained for 25 years or, in the event of a dissemination of information from the system, the life of the record, whichever is longer. Contributed records in the system are maintained and disposed of in accordance with the record retention schedule(s) applicable to the record owning agency.

3.5  Analysis: Describe any potential threats to privacy as a result of the component’s use of the information, and controls that the component has put into place to ensure that the information is handled, retained, and disposed of appropriately. (For example: mandatory training for system users regarding appropriate handling of information, automatic purging of information in accordance with the retention schedule, etc.)

The privacy risks from use of the information are described in Section 2.3. In mitigation, all users are required to be trained on use of the system and to accept the N-DEx Rules of Behavior. In addition, stringent processes are in place to ensure only authorized users have access to N-DEx and verified through review of audit logs detailing authorized users or agencies’ search and retrieval of N-DEx data. In addition, the CJIS Audit Unit conducts internal and external on-site audits of user agencies to assess and evaluate compliance with CJIS Security Policy and N-DEx Policy. Submitters have an obligation to ensure that the information provided is reasonably accurate, timely, relevant and complete. Records can be purged upon request of the submitter. Although the maximum retention period for N-DEx records is 25 years, it is important to note that the information can be purged before that period elapses, depending on the needs of the submitting record holder.

Section 4:  Information Sharing

4.1  Indicate with whom the component intends to share the information in the system and how the information will be shared, such as on a case-by-case basis, bulk transfer, or direct access.



How information will be shared


Bulk transfer

Direct access

Other (specify)

Within the component




Users have general direct access, but depending on the user category, general access may be limited to certain information types or sources.  Moreover, each record submitter has the ability to further restrict access to the record on a case-by-case basis. 

As limited system participants, foreign agencies do not have access to local, state, and tribal data.

DOJ components




Federal agencies




State, local, tribal gov’t agencies








Private sector




Foreign governments




Foreign agencies




Other (Record Management Systems and non-government railroad/campus police deemed appropriate for sharing):





4.2  Analysis:  Disclosure or sharing of information necessarily increases risks to privacy.  Describe controls that the component has put into place in order to prevent or mitigate threats to privacy in connection with the disclosure of information.  (For example:  measures taken to reduce the risk of unauthorized disclosure, data breach, or receipt by an unauthorized recipient; terms in applicable MOUs, contracts, or agreements that address safeguards to be implemented by the recipient to ensure appropriate use of the information – training, access controls, and security measures; etc.)

N-DEx information is available to DOJ components for criminal justice purposes when there is a need for the information to perform official duties. Some of the internal DOJ components with which the FBI shares information are the DEA, BOP, ATF, and USMS. Information is also available to other qualified criminal justice users who have been given a unique ORI number (as described in section 2.3, above).  Each using entity may only access the types of information for the purposes that have been authorized for its ORI. Such role-based access is strictly controlled and audited by CJIS. 

N-DEx password protection identification features and other system protection methods restrict access to information in N-DEx to enhance security and privacy. Warning banners regarding security and privacy are displayed on N-DEx to remind users about unauthorized disclosure of the information.  Other data security/quality measures include computer rejection of records with errors, automated data inspection prior to ingestion, and manual quality control checks by FBI personnel. In addition, data submitted to N-DEx from the FBI must follow an FBI Corporate Policy Directive that requires a phased security protocol consisting of both automated and manual data review processes to ensure that only appropriate unclassified FBI data is placed in N-DEx.

In addition, all users must comply with applicable security and privacy protocols addressed in the CJIS Security Policy, the CJIS User Agreement, and the N-DEx Policy. In accordance with the CJIS Security Policy, each CSO must sign a User Agreement with CJIS and each recording-owning agency must sign an Information Exchange Agreement with the CSO before exchanging information in N-DEx. CSOs are responsible for ensuring an N-DEx Agency Coordinator (NAC) is designated within each agency that accesses N-DEx, and serves as the POC for the CSO. The CSO and/or NAC responsibilities may include administering user permissions, data and user audits, configuring source data, and training.

All N-DEx users must be trained on N-DEx, especially data use rules, prior to accessing the system. Training tools regarding the requirements of N-DEx access and the appropriate uses of N-DEx data are available for participating agencies to utilize with their staffs and include written instruction manuals, online help, instructor-led training, and multi-media training programs. In addition, all FBI employees and contractor personnel must complete annual information security and privacy training. This required training addresses the roles and responsibilities of the users of FBI systems, and raises awareness of the sensitivity of the information contained therein, and how it must be handled to protect privacy and civil liberties. 

Finally, all users are subject to periodic on-site audits conducted by both a user’s own oversight entity and the CJIS Audit Unit. The audits assess and evaluate users’ compliance with CJIS technical security policies, regulations, laws, and terms in the CJIS Security Policy, the CJIS User Agreement, and the N-DEx Policy.  N-DEx user activity audit logs were built according to FBI CJIS Division standards and display N-DEx user activities including the reason for the user’s query. Deficiencies identified during audits are reported to the appropriate CSO and the CJIS Advisory Policy Board Sanctions Committee.  Participation in the N-DEx system may be terminated for improper access, use, or dissemination of system records. In addition, each Information System Security Officer (ISSO) is responsible for ensuring that operational security is maintained on a day-to-day basis. Adherence to roles and rules is tested as part of the security certification and accreditation process.

Section 5:  Notice, Consent, and Redress

5.1  Indicate whether individuals will be notified if their information is collected, maintained, or disseminated by the system.  (Check all that apply.)

Yes, notice is provided pursuant to a system of records notice published in the Federal Register and discussed in Section 7.



Yes, notice is provided by other means:  Notice is also provided directly to an individual when the system is used for criminal justice employment checks of the individual. 



No, notice is not provided.

Specify why not:  



5.2  Indicate whether and how individuals have the opportunity to decline to provide information.

Yes, individuals have the opportunity to decline to provide information.

Specify how:  


No, individuals do not have the opportunity to decline to provide information.

Specify why not: Contributors to the system are criminal justice entities who have gathered the information for legitimate law enforcement or criminal justice purposes, such as incident, arrest, or parole and probation records.  Because of the manner in which information is contributed to N-DEx, individuals do not have the opportunity to decline to provide it.   



5.3  Indicate whether and how individuals have the opportunity to consent to particular uses of the information.

Yes, individuals have an opportunity to consent to particular uses of the information.

Specify how:  Individuals have the opportunity to consent to use of the system for criminal justice employment checks of the individual.  


No, individuals do not have the opportunity to consent to particular uses of the information.

Specify why not: See 5.1 and 5.2. In most instances, the individual will be the subject of law enforcement action. 




5.4  Analysis: Clear and conspicuous notice and the opportunity to consent to the collection and use of individuals’ information provides transparency and allows individuals to understand how their information will be handled. Describe how notice for the system was crafted with these principles in mind, or if notice is not provided, explain why not. If individuals are not provided the opportunity to consent to collection or use of the information, explain why not.

A general notice of the existence of N-DEx and the types of records contained therein was provided through publication of a System of Records Notice (SORN) in the Federal Register and through the publication of the initial PIA, which further described N-DEx. Additional general notice will be provided by this PIA.  Specific notice and consent are provided when N-DEx is used for criminal justice employment background checks of the individuals. These documents mitigate the risk that individuals may be unaware of how their information could be used if they are involved in or associated with an event related to the collection of law enforcement/criminal justice information. Because of the nature of the law enforcement information in N-DEx, the opportunity for individuals to decline to provide information is not always practicable; nor is there an opportunity for individuals to consent to particular uses of the information.  The N-DEx SORN is published in the Federal Register, 72 Fed. Reg. 56793 (available here: ). The initial N-DEx PIA is published at

Section 6:  Information Security

6.1 Indicate all that apply.

A security risk assessment has been conducted.


Appropriate security controls have been identified and implemented to protect against risks identified in security risk assessment. Specify: The security controls applied to N-DEx are commensurate with the potential impact on the organizational operations, organizational assets, and individuals should there be a loss of confidentiality, integrity, or availability.


Monitoring, testing, or evaluation has been undertaken to safeguard the information and prevent its misuse. Specify: The N-DEx Program Office uses a security test and evaluation plan which validates system compliance with established security requirements and is one of the many security reviews conducted on N-DEx. 


The information is secured in accordance with FISMA requirements. Provide date of most recent Certification and Accreditation: Pursuant to a Certification and Accreditation of N-DEx, the system was granted ATO on March 4, 2008, by the FBI Security Division. N-DEx underwent a Security Assessment and Authorization in March 2012.


Auditing procedures are in place to ensure compliance with security standards. Specify, including any auditing of role-based access and measures to prevent misuse of information: N-DEx user activity audit logs maintain a record of individual use of N-DEx, including the reason for the user’s query.  This facilitates spot audits to gauge compliance with the use of information in accordance with N-DEx and agencies’ specific policies and/or agreements.  These audit logs also are used as part of the overall N-DEx audit, to ensure proper use of information in compliance with FBI CJIS Division policies and agreements. The N-DEx Program Office has also established an N-DEx Auditor/Security Administrator capability which provides the ability to perform all audit modification procedures such as adding, removing, replacing, or delegating audit authority.  In addition, criminal justice agencies are required to have audit and accountability controls in place.  


Contractors that have access to the system are subject to provisions in their contract binding them under the Privacy Act.


Contractors that have access to the system are subject to information security provisions in their contracts required by DOJ policy.


The following training is required for authorized users to access or receive information in the system:



General information security training



Training specific to the system for authorized users within the Department.



Training specific to the system for authorized users outside of the component.



Other (specify):



6.2  Describe how access and security controls were utilized to protect privacy and reduce the risk of unauthorized access and disclosure.

Please see section 4.2 for access and security control descriptions. In addition, the N-DEx system NIST 800-53 security control baseline is at the Medium impact level of assurance. Security controls are continually assessed during the development life cycle for compliance and to ensure appropriate mitigation strategies have been implemented commensurate with the Medium impact level of assurance.

Section 7:  Privacy Act

7.1  Indicate whether a system of records is being created under the Privacy Act, 5 U.S.C. § 552a.  (Check the applicable block below and add the supplementary information requested.) 


Yes, and this system is covered by an existing system of records notice.

Provide the system name and number, as well as the Federal Register citation(s) for the most recent complete notice and any subsequent notices reflecting amendment to the system: 

N-DEx is covered by “Law Enforcement National Data Exchange” (N-DEx) (JUSTICE/FBI-020) (72 Federal Register (FR) 56793, 56795; 73 FR 09947) (available here: ). 

The system user information in N-DEx is covered by “DOJ Computer Systems Activity and Access Records” (DOJ-002) (64 FR 73585) (available here: (  ).


Yes, and a system of records notice is in development.


No, a system of records is not being created.


7.2  Analysis:  Describe how information in the system about United States citizens and/or lawfully admitted permanent resident aliens is or will be retrieved.

All information in N-DEx is retrieved by biographic or other descriptive identifiers, as explained above in Section 1 of this PIA. Information about individuals, regardless of citizenship, is retrieved by searching on key identifiers, such as name or date of birth, as well as by incident type, modus operandi, or other relevant data. When an N-DEx user queries the system and a correlation is made, information that contains names or other personal identifiers may be viewable, but is protected in accordance with NDEX policies, use agreements, audits, and rules of behavior.

End Notes

1 CJAs are the courts, a governmental agency, or any subunit of a governmental agency which performs the administration of criminal justice pursuant to a statute or executive order and which allocates a substantial part of its annual budget to the administration of criminal justice. Examples include criminal justice law enforcement agencies (see next footnote), prosecuting attorney’s offices, pretrial service/pretrial release agencies, correctional institutions, probation and parole offices, courts and magistrates offices, custodial facilities in medical or psychiatric institutions and some medical examiners’ offices which are criminal justice in function, regional dispatch centers that are criminal justice agencies or noncriminal justice governmental agencies performing criminal justice dispatching functions for criminal justice agencies, state and federal inspectors general offices, and local, county, state, or federal agencies that are classified as criminal justice agencies by statute but do not fall into one of the aforementioned categories. CJAs also include nongovernmental railroad or campus police departments qualifying for access to criminal history record information. CJAs may also include certain foreign agencies as limited system participants (local, state, and tribal CJA data is not shared with foreign CJAs).

2 Criminal justice law enforcement agencies are a subcategory of CJAs consisting of governmental agencies or subunits thereof having statutory power of arrest and whose primary function is that of apprehension and detection. Examples include police, sheriff, FBI, DEA, criminal task forces, etc.