Polk County Sheriff's Office achieves CJIS compliance and reduces helpdesk calls with Imprivata OneSign


  • Location:Florida
  • Employees:1800


  • Public safety and general administration applications


  • Inefficiencies and insecurities of multiple logins
  • Budget constraints
  • FBI requirements for CJIS access


  • Flexible, scalable platform for CJIS compliance
  • Reduced helpdesk calls
  • Streamlined access to public safety applications

The Polk County Sheriff’s Office (PCSO), located in Central Florida is responsible for law enforcement within one of Florida’s largest counties—and it takes its leadership in the county seriously. The Sheriff’s Office is spearheading an effort to have all law enforcement, fire and EMS agencies within the county use common applications in an integrated public safety system for improved information sharing and efficiency.

The business challenge

In addition, the PCSO was looking for ways to comply with the FBI’s regulations for connecting with the Criminal Justice Information Services (CJIS) systems. Law enforcement agencies around the country access this vital data, and the FBI has mandated that all agencies accessing those databases meet the following requirements.

  • By September 2010: Enforce unique IDs and strong passwords

  • By September 2010: Implement “Advanced Authentication” like fingerprint biometrics, smart cards or proximity cards, soft or hard token plus password to secure authentication. Some agencies can wait until 2014 if the system being used to access CJI data has not been procured or upgraded anytime after September 2005. Please contact your State’s ISO for specifics.

As the PCSO deployed a new suite of public safety systems applications, they looked for ways to address the challenges of managing multiple logins. According to Tom Rowles, IT Network Supervisor at Polk County Sheriff’s Office, “Employees were already struggling with many accounts to manage. Requiring complex passwords and strong authentication would only make it worse. We knew that we couldn’t implement advanced authentication until we’d solved the single sign-on problem.”

The IT Team set out to find a single sign-on solution that would meet their immediate and longer-term needs, by:

  • Offering single sign-on to dozens of applications, integrated with Active Directory

  • Enforcing complex password policies for CJIS compliance

  • Supporting multiple strong authentication technologies

  • Scaling to support other law enforcement and fire agencies in the county

The Imprivata OneSign solution

After evaluating different solutions, the IT Team at the PCSO purchased Imprivata® OneSign® through its reseller, Tribridge. According to Rowles, “There was no comparison—the others couldn’t do a fraction of what Imprivata can do.”

The PCSO bought three appliances: two for production and one for the disaster recovery site. They used a phased deployment, starting with individuals in IT and rolling out to other administrative departments before deploying to deputies in the patrol cars.

The PCSO is sharing its deployment of the integrated systems applications with all of the public safety agencies in the county, including other law enforcement agencies, fire departments and EMS agencies. Once the Imprivata OneSign deployment was in place, they started working to roll out OneSign to these other agencies as well. The final deployment will support around 2500 users, and dozens of applications in addition to the public safety applications.

The results: A platform for CJIS compliance

OneSign was an immediate success in the field because it addresses the serious problem of managing dozens of different logins. Says Rowles, “Not only do the deputies not have to remember different passwords, but OneSign automatically logs them into their applications. We’ve heard nothing but praise for that.”

The PCSO IT Division has also benefited from self-service password resets; the small Service Desk staff no longer needs to handle dozens of password reset requests each day.

But more importantly, Imprivata OneSign has given Polk County Sheriff’s Office a flexible and scalable platform for CJIS compliance.

CJIS Phase 1 compliance: With the single sign-on and authentication policies in place, the department is able to address the first phase of CJIS compliance: ensuring unique IDs and complex passwords for accounts that access the FBI CJIS systems. Before OneSign, this compliance was difficult to enforce and audit. According to Rowles, “With some of the applications, we didn’t have the ability to enforce strong passwords. With OneSign, we can do that.”

CJIS Phase 2 compliance: OneSign supports a variety of strong authentication methods that the IT team can implement to comply with the second phase of CJIS requirements, due by 2014. With OneSign in place, departments can phase in strong authentication as their budgets allow. Says Rowles, “We’re splitting the cost so we don’t have one large equipment expenditure in a single fiscal year.”

The key take-away, according to Rowles, is that handling the CJIS compliance issue is within reach, and can offer immediate benefits. “CJIS compliance can be daunting. With Imprivata OneSign, police departments can put an infrastructure in place for compliance while solving the immediate problems of managing logins to dozens of applications.”