The Law Enforcement National Data Exchange (N-DEx) system is being developed by the FBI’s Criminal Justice Information Services (CJIS) Division in support of the Department of Justice (DOJ) Law Enforcement Information Sharing Program (LEISP). Another LEISP system is the OneDOJ system. The OneDOJ system will be seamlessly integrated into the N-DEx system beginning in the summer of 2009. Together, these systems will provide a nationally scaling system that will leverage the advantages of a data repository and that will have the capability and characteristics of a federated system. This integration will provide the law enforcement community a mechanism for data retrieval and exchange and provide a national information sharing solution for fighting crime and terrorism.
For additional information, please e-mail the N-DEx Program Office at ndex@leo.gov or contact the N DEx Program Office Unit Chief, Timothy S. Reid, at (304) 625-4219.
General Questions
Access Questions
Training Questions
User Questions
System Administrator Questions
Data Mapping Questions
Connectivity Questions
Data Submission Questions
System Cost Questions
What is N DEx?
N-DEx is a new FBI CJIS Division system that provides law enforcement agencies (LEAs) with a powerful new investigative tool to search, link, analyze, and share criminal justice information such as incident/case report and arrest data, booking and incarceration data, probation/parole data, and expanded DOJ data sources on a national basis to a degree never before possible. N DEx allows participating LEAs to detect relationships between people, places, things, and crime characteristics and to link information across jurisdictions. N-DEx has been developed in collaboration with the law enforcement community and is accessible to authorized users within law enforcement and criminal justice communities.
Back to top
What is OneDOJ?
OneDOJ is a repository for only DOJ law enforcement components’ (Bureau of Alcohol, Tobacco, Firearms, and Explosives; Bureau of Prisons; Drug Enforcement Agency; FBI; and United States Marshals Service) data that enables internal sharing of investigative information within the Department. Data is not contributed by external partners to the OneDOJ system.
Back to top
Does N DEx have any affiliation with the four major law enforcement associations? If so how?
Yes. As a part of the DOJ LEISP strategy, the N-DEx Program Office staff is working in partnership with the Information Sharing (INSH) Subcommittee of the CJIS Advisory Policy Board (APB). The INSH Subcommittee is comprised of representatives from local, county, state, tribal, and federal LEAs, including representation from the International Association of Chiefs of Police; the Major Cities Chiefs Association; the National Sheriffs’ Association; the Major County Sheriff’s Association; DOJ; and the Department of Homeland Security (DHS). The N-DEx Program Office staff has identified over 40 individuals as Subject Matter Experts (SMEs) from the law enforcement community, including members from the four major law enforcement associations to assist in the development, planning, and deployment of the N-DEx system.
Back to top
What is the relationship between the N-DEx system and the OneDOJ system?
Currently, N-DEx and OneDOJ are being tightly integrated within the N-DEx Program Office. Full integration of OneDOJ with N-DEx will capitalize on more advanced capabilities of N-DEx while providing access to OneDOJ data.
Back to top
What services and capabilities does N DEx provide? How is N DEx being implemented?
N-DEx empowers LEAs with tools to share and manage their agency data with other LEAs on a national scale. N-DEx provides the capability for users to perform sophisticated searches, which includes assisting the user in detecting relationships between people, places, things, and crime characteristics, and link information across jurisdictions without information overload. N-DEx also ensures that all data sharing takes place in a secure environment which is only available to authorized users in the law enforcement and criminal justice community.
N-DEx will expand services and capabilities over three increments.
- In March 2008, N-DEx Increment 1 was deployed. N-DEx provides the capability for LEAs to share and manage incident/case report and arrest data and open and closed investigated case data with other LEAs, using data sharing policies and role-based access controls. N-DEx also provides a secure forum for users to search; to perform entity correlation and entity resolution; to graphically visualize data scenarios; to use analytical reporting tools; to leverage other data sources such as the National Crime Information Center (NCIC) and the Interstate Identification Index (III) information; to access to on-line training; and to support 50,000 users.
- In the summer of 2009, N-DEx Increment 2 will be deployed with the integration of the OneDOJ system. N-DEx will expand capabilities even further to include sharing and managing of booking and incarceration data; federated searches; automated processing; collaboration; notification; subscription; personalized settings; web services; N-DEx Web Portal; and support 100,000 users.
- In the summer of 2010, N-DEx Increment 3 will be deployed. N-DEx will expand capabilities even further to include dissemination and management of probation and parole data; enhanced data collaboration tools; enhanced notification; enhanced subscription tools; and support to 200,000 plus users.
Back to top
What services and capabilities does OneDOJ provide?
OneDOJ provides users the ability to search, view, and analyze both OneDOJ data and data of designated partners stored in their own repositories (federated access).
Back to top
What is a federated search?
A federated search allows trusted exchange of search data that would have been previously cost prohibitive due to the amount of time and cost for customized integration. Essentially, it allows the host system to offer some or all of their services to external agencies for trusted sharing of the information.
Example: A federated search capability allows users to search multiple data sources with a single query from a single user interface. These data sources are independently managed systems that allow partial and controlled sharing of data without affecting existing applications. A federated search merely consists of a query that is sent out to multiple data sources or databases using the appropriate syntax. Once the search is completed the results are merged into a unified format via a portal or aggregation point.
Back to top
What types of data will be shared through N DEx?
Currently, law enforcement agencies have the ability to share incident/case report data and arrest data and to open and closed investigative case data. In the summer of 2009, N-DEx will expand capabilities to allow these agencies to share booking and incarceration data. In the summer of 2010, N-DEx will expand capabilities to allow agencies to share probation and parole data.
Back to top
What types of data will be shared through OneDOJ?
OneDOJ contains open and closed investigative case data, incarceration data, and arrest/fugitive data from DOJ law enforcement components.
Back to top
Are N DEx and OneDOJ Intelligence systems?
No. Although N-DEx and OneDOJ do not contain intelligence data, they will provide value to the intelligence community.
Back to top
Who owns and maintains the data submitted to N-DEx?
Agencies submitting data to N-DEx will retain ownership of all data submitted and are responsible for maintaining the submitted data to keep it up to date and accurate.
Back to top
How current is the data in N-DEx?
The data in N-DEx is as current as the agencies submitting and/or updating the information. Law enforcement agencies have the option of submitting data as close to real-time as possible. Currently, agencies will also have the capability of submitting up to five years of historical data at the time of the initial data submission.
Back to top
Is N-DEx a 24/7 system?
Yes. N-DEx is operational 24/7. The N-DEx system will be down for maintenance from 5:00 p.m. to 6:00 p.m. Eastern Time, Monday through Friday.
Back to top
Is there a help desk number for N-DEx?
Yes. The N-DEx help desk number is (304) 625-HELP (4357) and is operational 24/7. Individuals can also send an email to ndex@leo.gov.
Back to top
Is there a help desk number for OneDOJ?
Yes. The OneDOJ help desk number is (304) 625-HELP (4357) and is operational 24/7. Individuals can also send an email to rdexhelp@leo.gov.
Back to top
How can an individual learn more about N DEx and OneDOJ?
By visiting the N-DEx Program Office website at http://www.fbi.gov/hq/cjisd/ndex/ndex_home.htm, e-mailing the N-DEx Program Office at ndex@leo.gov, or contacting the N DEx Program Office Unit Chief Timothy S. Reid at (304) 625 4219.
The N-DEx Program Office also produces a monthly stakeholder report. This report contains general information about the development and/or agencies participation in the N-DEx Program. To receive electronic copies, e-mail your name, title, agency name, and telephone number to the N-DEx Program Office at ndex@leo.gov.
Back to top
Access Questions
Can an individual access N-DEx even if their agency does not contribute data?
Yes. N-DEx users can access N-DEx exclusively through Law Enforcement Online (LEO) using a secure portal. N-DEx users can search law enforcement agency data and utilize investigative tools that assist users in detecting relationships between people, places, things, and crime characteristics and linking information across jurisdictions even if their agency chooses not to submit data to the N-DEx system.
Back to top
Can a local, county, state, tribal, or other federal agency access OneDOJ data?
Yes. OneDOJ permits external partners to access DOJ data through federated searches.
Back to top
Does a user need a LEO account to access N-DEx?
Yes. N-DEx users must have a LEO account to access the N-DEx portal for N-DEx Increment 1. For N-DEx Increment 2 users will able to access N-DEx via LEO or basic web services.
Back to top
Does a user need a LEO account to access OneDOJ?
No. OneDOJ users are not required to have a LEO account to access OneDOJ directly via the DOJ Network; however, users will need a LEO account to access OneDOJ via the LEO system.
Back to top
How does an individual get a LEO/N-DEx/OneDOJ account(s)?
There are two options to obtain copies of the CJIS Division Services and Systems Access request forms.
- Go to www.leo.gov and scroll to the bottom of the page. Click the "Click here" link under LEO/N-DEx/OneDOJ Access and print, fill out, and fax the required access request forms to (888) 550-6427.
- The N-DEx Program Office utilizes a "fax-on-demand" service that provides individuals, through electronic dial-up access, the capability of ordering forms without the need for human intervention and potential lengthy waiting periods. The “fax on demand” number is (877) 854 7596. Proceed to Option #2 on the telephone menu to send these forms to a local fax and then fill out and fax the required access request forms to (888) 550-6427. There are four forms available on the “fax on demand” service, including: CJIS Services and Systems Access request (document number 202); FD- 889 Rules of Behavior (document number 201); CJIS Bulk Verification (document number 204); and CJIS Cancellation of Services (document number 203).
Back to top
What if a LEO account has expired or is unknown?
To obtain information on an expired or unknown LEO account, individuals can call the LEO Support Center at (888) 334-4LEO (4536) or TTY (304) 625-3963.
Back to top
Is a full social security number necessary on the LEO/OneDOJ/N-DEx Access request form?
No. For security reasons only the last six digits of a social security number are mandatory for both LEO and N-DEx access. Zeros are to be used in the first three digits as place holders (000-xx-xxxx). However, if you are only applying for a OneDOJ account (direct access to OneDOJ), your date of birth, code word, and social security number are not required.
Back to top
What should be filled in for the ORI on the LEO/N DEx/OneDOJ Access request form?
Individuals requesting access to N-DEx must obtain their organization's Originating Agency Identifier (ORI) through their CJIS Systems Officer (CSO). Individuals would then "fill in" the nine-character NCIC or N-DEx ORI assigned to their agency by the CJIS Division staff. ORIs are used to identify the organization in transactions on CJIS Division systems.
Note: For a list of CSOs contact your agency Terminal Agency Coordinator (TAC).
Back to top
What is the role of the local TAC in N-DEx?
The TAC for each agency is responsible for organizing, coordinating, and overseeing all logistics necessary to maintain and support the end-users within the law enforcement agency. The TAC must be a certified NCIC operator and can be either a sworn or non-sworn employee. The TAC is also responsible for ensuring user adherence to NCIC standards with regards to functionality, certification, proper usage, and credentials.
Back to top
What approval signatures are needed on the LEO/N-DEx/OneDOJ Access forms?
The access process requires a coordinated effort between an Agency Head and their respective CSO/Designated point of contact (POC). For a list of CSOs, contact your agency TAC.
The CJIS Services and Systems Access request form is used to grant access to N-DEx and/or OneDOJ.
- The Applicant must sign Section 3;
- The Applicant's Agency Head/Supervisor must sign in section 4; and
- The Applicant’s CSO/Designated POC must sign section 5.
The Rule of Behavior form is a general agreement that outlines the acceptable and unacceptable uses of FBI Information Technology and Information systems. The applicant must sign.
The CJIS Bulk Verification request form is used at the CSO or local level when it would be cumbersome to sign mass quantities of CJIS Services and Systems Access request forms.
- It must be signed by the Agency Head/Supervisor and the CSO/Designated POC.
- Note: All applicants need to fill out and sign the Rules of Behavior form.
The CJIS Cancellation of Services form is used to notify the CJIS Division of those individuals that require termination of their CJIS Services and Systems Access.
- It must be signed by the Agency Head/Supervisor and the CSO/Designated POC.
All completed forms should be faxed to (888) 550-6427.
Back to top
How long will it take to get system(s) access?
Turnaround time for system(s) access requests will be 48 hours or less with applicants being notified by e-mail by the N-DEx Program Office when access has been granted along with “next steps” information.
Back to top
Is personal information protected during the LEO/N-DEx/OneDOJ application process?
Yes. All applications received on the “fax-on-demand” fax server are automatically sent and stored electronically on a secure system. A Top Secret Clearance is required by all personnel who process these applications.
Back to top
Training Questions
Is N-DEx training available?
Yes. The approach for N-DEx training is two-fold: Train-the-Trainer and Computer Based Training (CBT).
- Train-the Trainer sessions (N-DEx classroom training) is provided to participating agencies' training coordinators and/or selected representatives. These representatives also receive training materials, including lesson plans, to use in training agencies personnel within their jurisdiction.
- N-DEx CBTs are the foundation of the N-DEx education. The CBT modules will allow users to go through examples, practice system functions, and exercises. Access to the N-DEx CBTs for N-DEx Increment 1 will be through LEO and are located on LEO at www.leo.gov. Law enforcement agency representatives can also receive the CBTs on compact diskettes by submitting an e-mail with name, title, agency name, e mail address, and telephone number to the N-DEx Program Office at ndex@leo.gov.
Back to top
Who should take the N-DEx CBTs?
N-DEx CBT's modules are designed to be taken by users according to their anticipated use of N-DEx. These predefined roles provide access to specific capabilities within the N-DEx system and include:
- Search allows users to locate incident report, arrest, vehicle, person, and/or location data entities in N-DEx. In addition, the Search role enables users to generate reports from search results, to visualize entity relationships, and to save and refine searches.
- N-DEx LEA Analytical Reporter supports the user in the production of system and investigative reports and the sharing and distribution of each.
- N-DEx LEA User Administrator provides the capability to manage and modify agencies N-DEx user accounts.
- N-DEx LEA Source Data Administrator provides the capability to administer the data that an agency submits to N-DEx, to implement the agency’s sharing policy; and to manage source data in N-DEx.
Back to top
What CBTs are available?
There are currently six N DEx CBT modules available (requiring approximately three hours to complete) and are designed to be taken by users according to their anticipated use of N-DEx. However, if a user wishes to complete all six CBT's modules he/she may do so.
- N DEx Overview: This module introduces system capabilities and basic navigation, provides a brief guided tour of N-DEx, and reviews system functionality included in N-DEx Increment 1;
- Search: This module introduces the user to the search capabilities of the system as well as to how results are generated from user searches;
- Data Management: This module provides instruction to those who have been designated as N-DEx LEA Source Data Administrators how to manage source data in N-DEx and how to retrieve data and produce reports on data submissions;
- Initiating System Policies: This module introduces the concept of sharing law enforcement agency record data with other agencies through N-DEx; explains how to mark records for sharing; and guides the N-DEx LEA Source Data Administrator in the application of their law enforcement agency policies through the use of tools provided by N-DEx;
- User Administration and Data Sharing: This module provides instruction to those who have been designated as N-DEx Law Enforcement Agency Source Data or N-DEx Law Enforcement Agency User Administrators how to manage the administration of the law enforcement agency users and how to manage the data sharing rules on submitted records; and
- Visualization: This module shows how people, items, locations, and other identifying information present in N-DEx records are graphically represented to analyze and assist in discovering connections and relationships in the data.
Back to top
User Questions
What is the penalty for misusing N-DEx?
Currently, there are no sanctions in place for misusing N-DEx; however, the N-DEx Program Office has formulated an audit task force comprised of N-DEx personnel, CJIS Audit Unit personnel, and SMEs from the user community. The objective of the task force will be to identify policies that need to be developed and ultimately vetted through the CJIS APB process. Willful misuse of N-DEx will result in revocation of system access and may result in being prosecuted by law.
Back to top
Can I access N-DEx directly from my agency's system?
No. Currently, access to N-DEx is granted via LEO. N-DEx users must be able to login to LEO to access the N-DEx portal; however, N-DEx Increment 2 users will able to access N-DEx via LEO or basic web services.
Back to top
Can I leverage NCIC and/or III data from N-DEx?
Yes. N-DEx search or searches have the capability to leverage other data sources (i.e., NCIC/III information), but must be performed in conjunction with an N-DEx search. These permissions need to be coordinated through the agency N-DEx LEA User Administrator. The agency CSO and local agency authority must have also granted specific permission to access NCIC/III through N-DEx. This feature is only allowable if an N DEx user is also a certified user of NCIC/III.
Back to top
Can I search N-DEx from NCIC and/or III?
No. Users cannot access the N-DEx portal from their NCIC or III connection.
Back to top
How should I update my N-DEx user profile?
An N-DEx user profile can be updated through LEO by updating the LEO user profile. N-DEx users’ must first sign into LEO at www.leo.gov , click on “member services,” and then click “view/edit your member profile”. Edits made to the LEO user profile will automatically update the N-DEx user profile information within 24 hours. For assistance in updating your LEO profile, contact the LEO Support Center at (888) 334-4536.
Back to top
System Administrator Questions
Why should an agency participate in N DEx?
N-DEx users will have advanced correlation capabilities and performance that are only feasible when data is brought together in a single system and will provide an information sharing solution for those without an existing regional system and/or a Record Management System (RMS). N-DEx searches can also leverage other data sources such as NCIC and III if permission is granted.
Back to top
Can an agency still participate in N-DEx if it does not have an RMS?
Yes. Law enforcement agencies can submit and use N-DEx even if their state and/or area does not have a RMS with permission from the agency CSO.
Back to top
What steps does an agency need to take to submit data to N-DEx?
- Sign an N-DEx Memorandum of Understanding (MOU). The N-DEx MOU can be accessed at www.leo.gov.
- Map agency data to the current N-DEx Information Exchange Package Documentation (IEPD). To obtain a copy of the N-DEx IEPD, go to www.it.ojp.gov and in the search box located in the top right hand corner of the screen type "N-DEx IEPD."
- Use an existing CJIS Wide Area Network (WAN) connection or an Internet based Virtual Private Network (VPN) connection and/or send data on an external media device (CD, DVD, external hard drive, or thumb drive).
Back to top
What hardware or software is required to access N-DEx?
No special hardware/software is required to access the N-DEx portal. However, to access the N-DEx portal, the user must have a system with Internet access and a valid LEO user account and adhere to end-user policies and procedures governing access to LEO, N-DEx, and OneDOJ i.e. no public access.
Back to top
What skills are required to access N-DEx?
Basic computer skills are recommended for users to successfully utilize N-DEx resources.
Back to top
How many users can an agency have?
Currently, there are no restrictions on the number of N-DEx users an agency can have; however, N-DEx access shall be coordinated through the agency CSO.
Back to top
Who is responsible for auditing N-DEx?
The CSO and the CJIS Division Audit Unit staff.
- The CJIS Division Audit Unit staff will be responsible for auditing N-DEx as currently performed on all the services and systems at the CJIS Division. The objective of the N-DEx audit will be to assess compliance with appropriate laws, policies, and regulations that pertain to the submission, use, dissemination, retention, and security of N DEx information. Searches are audited on N-DEx and contain information on the N-DEx user and why searches were performed. In addition, all N-DEx system access and activity is audited throughout N DEx and reviewed on a regular basis, and in turn, the CJIS Division Audit Unit staff will discuss findings with the agency CSO.
- Each agency should establish its own N DEx auditing policies governing N-DEx usage.
Back to top
Can an employee background check be administered in N-DEx?
No. N-DEx is an investigative tool for criminal justice information purposes only.
Back to top
What is the role of the CSO in N-DEx?
The CSO is the POC for questions and issues related to the CJIS Division. The CSO is responsible for monitoring N-DEx, NCIC, and III systems usage, enforcing system discipline, and assuring that CJIS Division operating procedures are followed by all users. The CSO should have operational and technical expertise with the CJIS Division systems and authority to represent state interests. The CSO, as well as the local agency authority and N-DEx Law Enforcement Agency User Administrators, will also be responsible for granting permissions for N-DEx users in their agency to access NCIC and III data through the N-DEx system.
Back to top
What is the role of the N-DEx Law Enforcement Agency User Administrator?
Each agency will designate at least two N-DEx User Administrators (one primary and one alternate) within their agency to administer user permissions for their agency ORI or on behalf of the ORIs within their regional initiative. These individuals should have knowledge of their agency’s personnel and what privileges each N-DEx user should have.
The N-DEx LEA User Administrators are required to take the “User Administration and Data Sharing” CBT prior to having their roles established within N-DEx and to submit their certificate of completion to their training coordinator, keeping in mind the CBT certificate is auditable. The N-DEx Program Office staff will then establish the N-DEx LEA User Administrators roles within the N-DEx system.
Note: The N-DEx LEA User Administrators and the N DEx LEA Source Data Administrators cannot be the same people.
N-DEx LEA User Administrator Roles and Responsibilities include:
- Assigning predefined roles (Search, N-DEx LEA Source Data Administrator, and N-DEx LEA Analytical Reporter) and data sources rights (NCIC/III Access).
- Review and keep up to date N-DEx users information within their agency ORI or on behalf of the ORIs within their regional initiative, administrator roles, and groups.
Note: To search NCIC/III from N-DEx users must be given permission by their state CSO and local agency authority AND users must also be a certified user for NCIC/III. The N-DEx LEA User Administrators can then activate N-DEx user’s permissions to also search NCIC/III data in conjunction with an N-DEx search.
Back to top
What is the role of the N-DEx LEA Source Data Administrator?
Each LEA will designate at least two N-DEx LEA Source Data Administrators (one primary and one alternate) within their agency to administer data and manage data sharing policies for their agency ORI or on behalf of the ORIs within their regional initiative. These individuals will also manage sharing groups.
The N-DEx LEA Source Data Administrators are also required to take the “Data Management and User Administration” and “Data Sharing” CBTs prior to having their roles established within N-DEx, and submit their certificates of completion to their training coordinator, keeping in mind theses CBT certificates are auditable. The N-DEx Program Office staff will then establish the N-DEx LEA Source Data Administrator roles within the N-DEx system.
Note: The N-DEx LEA Source Data Administrators and the N-DEx LEA User Administrators cannot be the same people.
N-DEx LEA Source Data Administrator Roles and Responsibilities include:
- Submitting LEA source data to N-DEx for their agency ORI or on behalf of the ORIs within their regional initiative;
- Managing data sharing policies for the data submitted;
- Maintaining data submitted to N-DEx (view/modify/delete);
- Establishing sharing groups to enable access to their LEA otherwise restricted data (i.e. Yellow and Red records);
- Managing sharing groups (create, update, and delete) and their access to their LEA sharing permissions (i.e. Yellow and Red data); and
- Generating analytical reports on LEA Usage and N-DEx usage and growth.
Back to top
What is the role of the N-DEx LEA Analytical Reporter?
The N-DEx Program Office staff recommends LEAs designate a minimum of two Analytical Reporters (one primary and one alternate). The N-DEx LEA Analytical Reporter roles are granted to N-DEx users by their agency N-DEx LEA User Administrator. These individuals will generate N-DEx system reports with the LEA data for their agency ORI or on behalf of the ORIs within their regional initiative. This role also allows an N-DEx user to support its LEA in the production, sharing, and distribution of system and investigative reports.
Back to top
What is the role of Search in N-DEx?
The Search role in N-DEx is the default role granted to all N-DEx users. This role allows users to search N-DEx according to user-specified criteria related to:
- Person;
- Crime Characteristics;
- Vehicle/Property;
- Location.
In addition, the Search role enables N-DEx users to generate reports from search results, to visualize entity relationships, and to save and refine searches.
N-DEx search or searches have the capability to leverage other data sources (i.e., NCIC/III information) but must be performed in conjunction with an N-DEx search. These permissions need to be coordinated through the agency N-DEx LEA User Administrator. The agency CSO and local agency authority must have also granted specific permission to access NCIC/III through N-DEx. This feature is only allowable if an N DEx user is also a certified user of NCIC/III.
Back to top
Data Mapping Questions
What is the relationship between LEISP LEXS, NIEM, and N-DEx?
The N-DEx IEPD conforms to the LEISP Exchange Specification (LEXS) and the National Information Exchange Model (NIEM). N-DEx is a system that uses LEXS and NIEM within its IEPD to create its schema and ensure the ability to share information.
Back to top
Does an agency need to map to the N-DEx IEPD? How can I get a copy?
Agencies wishing to submit data to N-DEx must map their data to the most current version of the N-DEx IEPD to maximize the data sharing opportunities offered by N-DEx. Submitted data must conform to and be consistent with the line of business articulated within the N-DEx IEPD, i.e., incident/arrest, booking/incarceration, and probation/parole.
To obtain a copy of the N-DEx IEPD go to www.it.ojp.gov. In the search box located in the top right hand corner of the screen, type "N-DEx IEPD." The search results will contain the link for the most current N-DEx IEPD.
Back to top
Can an agency submit data to N-DEx using LEXS?
Yes. Beginning with N-DEx Increment 2, data submissions utilizing only LEXS version 3.1 and later, but containing an otherwise specified structured payload, can be successfully submitted to N-DEx with degraded analytic expectations.
Back to top
Are there FBI-accredited vendors available to assist LEAs in mapping their data to the N DEx IEPD?
No. The FBI will not provide accreditation to any vendors. However, the N-DEx Program Office staff utilizes a tool to assist agencies in validating their mapped data to the N-DEx system called Conformance Testing Assistance (ConTesA).
Back to top
What is the N-DEx ConTesA Tool?
The N-DEx Program Office staff utilizes a tool called ConTesA to assist agencies in validating their mapped data for the N-DEx system to ensure compliance with the N-DEx IEPD. The N DEx ConTesA tool will also reduce the turn-around period for the verification review process. The use of the N-DEx ConTesA tool is not required but is highly recommended.
Back to top
Connectivity Questions
How does an agency establish connectivity with N-DEx?
Connectivity to N-DEx can be established through a VPN connection over the Internet or via an existing CJIS WAN circuit. If an agency would like to connect through the CJIS WAN, an established WAN line must already be in place. If an agency does not have a CJIS WAN connection, then a VPN across the Internet is the alternative method for establishing connectivity. Agencies will be responsible for providing equipment capable of producing 3 Data Encryption Standard or Advanced Encryption Standard VPN tunnels.
Back to top
Data Submission Questions
Does an agency have to be part of a regional or state data sharing system to submit data to N-DEx?
No. Although it is possible for a single agency to submit data to N-DEx directly, the CJIS APB recommends agencies who are interested submit their data to N-DEx through a regional or state data sharing system.
Back to top
Does each agency maintain control of the records it submits to N-DEx?
Yes. Ownership of data shared in N-DEx will remain with the contributing agency. N-DEx supplies controls to allow an agency to decide what data to share and who can access it and under what circumstances and allows agencies to participate in accordance with applicable laws and policies governing dissemination and privacy.
Back to top
How does N-DEx handle sensitive data?
The agency submitting the record is the owner of that record. N-DEx provides templates and/or tags that enable the agency N-DEx LEA Source Data Administrators to mark submitted data as GREEN, YELLOW, or RED. This capability allows agencies to submit information for sharing while controlling the dissemination of sensitive information. This tool allows the LEA to protect the privacy of specific investigative data while conforming to their internal policies for information dissemination.
GREEN Data: Access to this data is unrestricted to all N-DEx users with “search” privileges. Within the system all information is, by default, labeled GREEN unless otherwise marked. The data is visible to all users. An agency can choose to submit ONLY GREEN (unrestricted) data to the N-DEx, in which case there is no requirement to define and administer a sharing policy. Marking data GREEN benefits all users by increasing the potential for data correlations and search results. Agencies may need to use Yellow and/or Red levels due to the nature of the data. However, agencies are encouraged to mark the majority of their data as GREEN.
YELLOW Data: Access to this data is pointer-based. N-DEx users that retrieve a record marked YELLOW will not be able to see the data; rather N-DEx users will be given a POC that must be contacted in order to gain access to the information. Agencies should mark data as “YELLOW” only if LEAs wishes to share the data on a case by case basis. N-DEx users that are members of a specified sharing group may be authorized to view the record data. Agencies should be judicious when selecting POCs and marking their agency data as YELLOW.
RED Data: Access to the data is restricted. Within N-DEx, the RED data item are not visible to others except those in specified sharing group(s). Any correlations/matches made by an N-DEx user to restricted data will receive a “No Results” message unless he/she is a designated member of a sharing group established by the submitting N-DEx LEA's Source Data Administrator.
Note: “Silent Hit” notifications on RED data, returning notification to the submitting ORI, will be included in a future increment.
Back to top
How does an agency submit data to N-DEx?
For N-DEx Increment 1 there are three methods that can be used to submit data to N-DEx: Secure File Transfer Protocol (SFTP), Manual Entry (manually entering data online), and Manual Submission (mailed media).
- SFTP: Batch submission refers to the data submission process an agency uses to SFTP. The agency must have connectivity to N-DEx in order to use the batch submission process and can send multiple records in one file submission to N-DEx.
- Manual Entry (manually entering data online): Only the agency N-DEx LEA Data Administrators can manually create a record within N-DEx. This option is good for infrequent N-DEx submissions or those agencies without the capabilities to submit via SFTP.
- Manual Submission (mailed media): An agency can send their data on an external media device (CD, DVD, external hard drive, or thumb drive). This method is also used for the initial legacy data submissions.
Back to top
Can a local, county, state, tribal, or other federal agency submit data to the OneDOJ system?
No. OneDOJ is a repository for only DOJ components data.
Back to top
How often will N-DEx accept data submissions? Is there a minimum?
N-DEx has no minimum requirement for the frequency of data submissions. The agency decides how often it would like to submit data to the N-DEx system. Agencies do have the option of submitting their data as close to real-time as possible.
Back to top
Will the data submitted to N-DEx be used for NIBRS reporting?
During N-DEx Increment 1 there will be no relationship between N-DEx and National Incident Based Reporting System (NIBRS). Data submissions from agencies will be used solely for N DEx; however, N-DEx Increment 2 will include the capability to extract NIBRS data from the N-DEx submission and send the extracted data to the Uniform Crime Reporting Program.
Back to top
Will N-DEx alter an agency data once it’s submitted?
No. Agencies submitting data to N-DEx will retain ownership of all data submitted and are responsible to keep the submitted data up to date and accurate.
Back to top
Will N-DEx check that the data is complete and accurate upon submission?
No. N-DEx will validate that the data has been submitted by an agency and provide a report back to the agency containing information on records received and structural errors that need to be corrected.
Back to top
Does N-DEx store an agency’s data? If yes, for how long?
Yes. N-DEx is a data repository and will store data indefinitely, unless otherwise specified by the respective agency's privacy policy. If there is a need to establish retention policies in the future they will be vetted through the CJIS APB.
Back to top
Will N-DEx store images?
Yes. N-DEx has the capability to store digital images that are submitted with an incident report.
Back to top
Can an LEA delete a record?
Yes. The N-DEx LEAs Source Data Administrators can delete individual records, in addition to being able to add, update, and modify records. They can also entirely delete a record and replace it with a new record but cannot modify a record that was submitted automately.
Note: No LEA can change or delete the information of another LEA unless that agency has granted permission for their LEA N-DEx Source Data Administrator to do so.
Back to top
System Cost Questions
Is there a cost to participate in N-DEx?
The FBI will not assess a fee for local, county, state, tribal, and federal agencies to participate in N-DEx. However, agencies are most likely to incur costs associated with connectivity to the N-DEx system. Costs could also be associated with mapping their current data standard to the N-DEx IEPD or with upgrades to hardware and software by agencies currently lacking the technical proficiency to participate in N-DEx.
Back to top
Are there grant funds available to participation in N-DEx?
Community Oriented Policing Services grants are becoming more readily available to aid agencies with funding for participation in N-DEx. Additionally, the N-DEx Program Office staff continues to coordinate efforts with the DOJ Bureau of Justice Assistance (BJA) for continued funding opportunities. LEAs received $50 million in 2007 for information sharing.
Back to top
What is the FBI doing to alleviate funding issues?
One of the major considerations of the N-DEx implementation is the cost for agencies to participate in N-DEx. In order to advise agencies with costs, N-DEx has promoted a Cost Model initiative that will be used to estimate the costs for N-DEx deployment.
The N-DEx Program Office staff is also working toward a national funding strategy with relevant federal agencies such as the DOJ, DHS, BJA, and various grant programs designed to help alleviate certain costs to participating agencies.
N-DEx was also developed to use nationally developed standards and existing systems and networks. Some costs are being reduced by using existing connections. The N-DEx Program staff is also assisting agencies by providing implementation support, tools, and training.
Back to top
Privacy Questions
What precautions are being taken to follow relevant local policy regulations/laws related to sharing criminal and/or victim information?
The policy for N-DEx is that ownership of the data is maintained by each contributing agency; the agency will abide by their own state laws, statutes, and regulations and contribute the data accordingly. N DEx supplies controls to allow an agency to decide what data to share, who can access it, and under what circumstances.
Back to top
How have privacy issues/concerns been addressed for N-DEx?
The N-DEx Program Office staff has developed a Privacy Advocacy Group (PAG) to discuss and identify potential areas of concern relative to privacy in the N-DEx concept development. PAG members are representatives from the American Civil Liberties Union, the Innocence Project, and the National Congress of Indian Affairs. By addressing privacy issues with the PAG in the development phase, issues were identified and resolved prior to the system build. This process has also aided in relieving the CJIS APB of privacy concerns.
In addition, tools have been developed within N-DEx to protect sensitive and personally identifiable information. These tools address the collection, dissemination, and use of all personally identifiable information. The N-DEx information sharing rules exist on the server and are applied when data is received. The N-DEx LEA Source Data Administrators can configure these sharing rules and only require one configuration. Sharing rules will be applied automatically to all records matching the N DEx LEA Source Data Administrators’ sharing request.
Back to top
What is the N-DEx PIA? How can I get a copy?
The collection, use, maintenance, and dissemination of personally identifiable information by the FBI require a thorough analysis of both policy/legal privacy issues. The N-DEx Privacy Impact Assessment (PIA) process provides a means to assure compliance with applicable laws, regulations, and policies governing individual privacy and provides agency officials with a systematic assessment of a new system’s impact on privacy prior to implementation of the system. Section 208 of the E-Government Act of 2002 requires that government agencies conduct PIAs before procuring or developing information technology systems that collect, maintain, or disseminate identifiable information about members of the public or when agencies initiate a new electronic collection of identifiable information about members of the public. The N-DEx PIA can be accessed at http://foia.fbi.gov/piandex040607.htm.
Back to top
What is the N-DEx SORN? How can I get a copy?
The Privacy Act of 1974 dictates any new information sharing initiative that maintains records containing personally identifiable information has to complete a System of Records Notice (SORN). The Privacy Act of 1974 also requires that the public be given 30 days in which to comment on any new or amended uses of information in a system of records. In addition, Office of Management and Budget (OMB), which has oversight responsibilities under the Act and Congress, must be given 40 days in which to review major changes to Privacy Act systems. Pursuant to the Privacy Act of 1974 (5 U.S.C. 552a) and OMB Circular A 130, the N-DEx SORN provided a notice to the DOJ and the FBI. The notice proposed to establish a new system of records entitled "N-DEx". This allowed the public to make comments regarding the N-DEx system prior to implementation. The N-DEx SORN can be accessed at http://www.gpoaccess.gov/fr/index.html.
Back to top
How does N-DEx accommodate state laws recording record retention?
Per N-DEx policy the ownership of the data is maintained by each contributing agency; the agency will abide by their own state laws, statutes, and regulations and contribute and maintain the data accordingly.
Back to top
How does N-DEx handle juvenile records?
LEAs are responsible for handling all juvenile records according to their contributing agency’s state/local laws and to utilize N-DEx data sharing policies to abide by their state/local laws. The agency submitting the record is the owner of that record. N-DEx provides templates and/or tags that enable the N-DEx LEA Source Data Administrators to mark submitted data as GREEN, YELLOW, or RED. This capability allows agencies to submit information for sharing but controls the dissemination of sensitive information to protect the privacy of specific investigative data and to conform to the information dissemination policies of their LEA.
Back to top
How are FOIA requests handled for N-DEx?
The legal position for the FBI is the record does not exist within the system and the requestor will be directed to personally contact the LEA they believe has information regarding them.
The Freedom of Information Act (FOIA) is a request for notification as to whether a record about an individual exists in the system and/or for access to a record from the system. Request shall be made in writing with the envelope and the letter clearly marked "Privacy Act Request."
Include full name and complete address in the FOIA request. Individuals must sign the request and to verify it, the signature must be notarized or submitted under 28 U.S.C. 1746, a law that permits statements to be made under penalty of perjury as a substitute for notarization. Individuals may submit any other identifying data to assist in making a proper search of the system. Requests for N-DEx record access must be addressed to the Record/Information Dissemination Section, FBI, 935 Pennsylvania Avenue, NW, Washington, D.C. 20535 0001. Some information may be exempt from notification and/or access procedures as described in the section titled "Systems Exempted from Certain Provisions of the Act." An individual who is the subject of one or more records in the system may be notified of records that are not exempt from notification and may access those records that are not exempt from disclosure. A determination on notification and access will be made at the time a request is received.
Back to top
