GENERAL ORDERS LINCOLN POLICE DEPARTMENT
SUBJECT: INFORMATION TECHNOLOGY SECURITY
TITLE: MINIMUM ACCESS POLICY
EFFECTIVE DATE: JUNE 1, 2025
REVISION DATE:
ACCREDITATION: ALABAMA ASSOCIATION OF CHIEFS OF POLICE (AACOP)
APPROVAL: CHIEF DARREN E. BRITTON
MINIMUM ACCESS POLICY
1105.1 PURPOSE AND SCOPE
This policy outlines minimum security standards for device access to networks, hardware, services, and systems owned or controlled by the Lincoln Police Department as stated in the Acceptable Use Policy.
This standard applies to all devices connected to the Lincoln Police Department Network, including privately owned devices. Examples of these devices include laptop computers, tablets, smartphones, printers, etc.
1105.2 POLICY
The Policy states that no one shall connect a device to the department's network unless it meets technical and security standards set by the Information Technology Unit, and the Chief of Police, and prior authorizations have been obtained.
The requirements in this policy will reduce risks to the security of individual systems and data, to the operation of the network, and outline the minimum security standards that are required for devices connected to the Lincoln Police Department Network, enforcement procedures, and set procedures for requesting an exception to the standard.
1105.3 STANDARD
(a) Security Updates
Networked devices shall have all applicable security updates installed as soon as practicable or, at a minimum, within 15 days of the security update release date.
(b) Anti-malware Software
Anti-malware software shall be used and kept up-to-date on devices where the use of such software is practical.
(c) Software Firewall
Firewall software shall be used and kept up-to-date on devices that have firewall software capabilities.
(d) Access Control
Devices shall require sign-on or login for users. Users shall be authenticated by means of passwords or by other authentication processes (e.g. biometrics or Smart Cards). In general, only encrypted authentication mechanisms or protocols shall be used. When passwords are used, password construction and management shall comply with the Lincoln Police Department's Password Policy.
(e) Un-authenticated Email Relays and Proxy Services
Devices shall not operate as an unauthenticated email relay or proxy service.
(f) Unnecessary Services
Services that are not necessary for the device to perform its function or mission shall be disabled.
1105.4 ENFORCEMENT AND IMPLEMENTATION
(a) Roles and Responsibilities
Each division/unit is responsible for monitoring equipment and access assigned their members to ensure all systems are compliant, partnered with the Information Unit.
Oversight and implementation are the direct responsibility of Information Technology Unit.
(b) Consequences and Sanctions
Non-compliance with these standards may incur the same types of disciplinary measures and consequences as violations of other department policies.
Any device that does not meet the minimum security requirements outlined in this standard may be removed from the Lincoln Police Department network, disabled, etc. as appropriate until the device can comply with this standard.
1105.5 EXCEPTIONS
Exceptions may be granted in cases where security risks are mitigated by alternative methods, or in cases where security risks are at a low, acceptable level and compliance with minimum security requirements would interfere with legitimate department operations. To request a security exception, contact the Information Technology Unit.
These policies and operating procedures are not designed to cover every possible scenario or situation in society, but rather to define standard operating procedures for members of the Lincoln Police Department. These guidelines are subject to past, present and future judicial review. These guidelines can be amended and or repealed by the Chief of Police as necessary. The policies and procedures herein provided supersede all previous policies and orders.