U.S. flag

An official website of the United States government, Department of Justice.

Global Standards Package Grant Condition

Justice Information Sharing
gonin / shutterstock.com (see reuse policy).
Description

Global Standards Package Grant Condition

 

gray publication cover with a BJA logo in the upper right corner
GSP Frequently Asked Questions Guide

The Global Standards Council (GSC) was created to support the work of DOJ's Global working groups and related bodies by coordinating the establishment of a common, consistent, and standards-based approach to implementing justice information sharing solutions. To further this goal, the GSC developed the Global Standards Package (GSP) which describes a full information sharing technology standards implementation suite that addresses data standardization, messaging architecture, security, and privacy requirements. In order to promote consistency and interoperability of systems across the justice and public safety community, OJP requires grantee compliance to the GSP and all components thereof. In addition to offering a common mechanism to share information across agencies, the GSP also promotes the use of open, consensus-based standards to avoid proprietary or restrictive approaches to system integration and interface development. This approach enables adopters to fully realize the cost savings and operational efficiencies that have been demonstrated by those who have already implemented elements of the GSP.

Compliance to the GSP requires conformance to all components of the GSP whenever applicable. If the grantee is planning to exchange information across agencies or systems using a common data format, such format is required to be conformant to the National Information Exchange Model (NIEM). If the grantee is planning to adopt a service-oriented approach to sharing information, it must leverage the Global Reference Architecture (GRA), and so on. The primary components of the GSP are as follows:

  • National Information Exchange Model (NIEM)
  • Global Reference Architecture (GRA)
  • Global Federated Identity and Privilege Management (GFIPM)

In addition, certain GSP components enable the development of national, or "reference," specifications that further promote reuse for enhanced interoperability. Whenever applicable, these reference specifications should be used as a foundation for implementation of complementary business processes. If the grantee wishes to use an alternate format for which a reference specification already exists, specific justification must be included in the grant application narrative.

National Information Exchange Model (NIEM)—the NIEM data model and tools are supported by a robust governance process and program management office. NIEM conformance is defined explicitly across a number of dimensions, including data modeling, XML representation, exchange development, and implementation. Detailed guidance on NIEM conformance for grantees can be found at https://www.niem.gov/aboutniem/grant-funding/Pages/implementation-guide.aspx. NIEM also maintains a repository of reusable exchange specifications that can be found at https://bja.ojp.gov/program/it/policy-implementation/clearinghouse.

Global Reference Architecture (GRA)—the GRA provides both a reference architecture to speed agency adoption of Service-Oriented Architecture (SOA)-based approaches to information sharing, as well as a standard methodology for developing particular service specifications that align with specific business functions. Conformance to the GRA generally relies on adherence to the GRA Framework for the former and to the GRA Service Specification Guidelines for the latter. Detailed guidance on GRA implementation for grantees can be found at https://bja.ojp.gov/program/it/national-initiatives/gra. On the same page can be found a listing of reference service specification packages (SSPs) that should be reused whenever applicable.

Global Federated Identity and Privilege Management (GFIPM)—the GFIPM specifications and guidelines are designed to support secure access to various information systems based on commonly understood and applied protocols for user access and attribute-based access control policies. Rather than serving as a universal approach to securing justice information systems, GFIPM should be used in particular cases where regional, multijurisdictional, or cross-boundary information sharing is occurring and there is a need to create a “federation” of participants who must agree on policy and technical solutions to satisfy interoperability requirements. Conformance to GFIPM primarily relies on use of the GFIPM Metadata standard and adherence to operational policies and procedures. Detailed guidance on GFIPM implementation can be found at https://bja.ojp.gov/program/it/national-initiatives/gfipm.

As stated above, compliance with the GSP is dependent on the grantee conforming to each of the GSP’s normative components above, whenever applicable. For instance, if the grantee is supporting a project to integrate two reporting systems that already operate within the same security environment and there are no new access control provisions required, then conformance to the NIEM and GRA components of the GSP will be sufficient to satisfy the requirement to comply with the GSP. In general, OJP does not require formal certification of software, tools, etc., to verify conformance. However, additional requirements may be imposed by particular funding programs. In cases where software or services are being procured from private sector partners, the grantee should follow procedures such as those recommended by the IJIS Institute to ensure that procured services are in fact conformant.  See http://www.ijis.org/?page=PreRFP_Toolkit.

In addition to complying with the GSP, grantees are also required to adequately address the protection of privacy and civil liberties of those subjects whose data are being shared. OJP requires that prior to implementation of an information exchange solution that such exchange must be governed by an appropriate privacy policy that meets the minimum standards as described by DOJ’s Global Privacy Guide. If the exchange is covered under an existing or umbrella policy, then such policy should be noted and communicated to the grant office prior to execution. For a comprehensive set of resources to address privacy protection in information sharing projects, please visit https://bja.ojp.gov/program/it/privacy.

For additional background on DOJ’s Global Justice Information Sharing Initiative and related activities, please visit bja.ojp.gov/program/it or contact the Bureau of Justice Assistance (BJA) Justice Information Sharing (JIS) office via Michael Roosa at (202) 532-0031 or [email protected]; or David Lewis, at (202) 616-7829, or [email protected].