I'm planning out a wireless network, and the police want a piece of the action.
I'm also guessing that FIPS compliancy addresses NCIC concerns, and I was wondering if anyone could comment on that being sufficient. I'm also wondering if a dual form of authentication adequately addresses the security issues. From what I can tell, if the police do any of the following things (listed in the URL below), then they have to follow NCIC http://www.fbi.gov/hq/cjisd/ncic.htm A contact of mine who works for the police tells me the following interesting things about NCIC, which I'd love feedback on... --if you use PtP links (e.g. T1 lines) between sites, requirements are very lax --if you don't use PtP links, then you'll likely need two form authentication (not necessarily two on separate bands) --everyone assumes that a police network *will* be in compliance --people often build police networks with compliance, as someone will inevitably put secure stuff on top of it later --the penalty for not being compliant is getting shut down until everything is reviewed --only police departments can ask the DOJ for clarification on what is and isn't compliant (vendors can't ask directly) -------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
