Department of Justice

Update: DOJ projects are prioritized and processed in a standardized fashion. More refining of the project process continues.

Dec 1 Update: DOJ has begun the process of refining project intake processes with a review of current intake issues

Update: DOJ has implemented numerous imaging solutions that include financial processes, contract management, Concealed Weapon permit records, criminal records, external agency agreement management, training materials, Criminal Justice Information Network access and certification, Highway Patrol field training approval,
crash records, vehicle title and registration documents, disability placard digitization, and Police Officer Standards and Training records. These solutions save staff time by allowing them to electronically search and retrieve files without having to physically go to a location and search paper files.

Dec 1 Update: DOJ is now fully involved in ECM and has migrated all data to the Hyland cloud.

Update: With the COVID-19 pandemic, expanded and robust eGov services are essential. DOJ is focused on expanding eGov services for the Motor Vehicle Division (MVD) to allow Montana drivers additional online services. A contractor was recently selected through the Request for Proposal (RFP) process to work with financial institutions and car dealers to streamline the vehicle titling and licensing process eliminating the need for drivers to visit County Treasurer Offices (CTO) – reducing long lines at CTOs and customer frustration. Additionally, a new on-line service combining customer vehicle and driver license status information is envisioned that will host a suite of advanced digital features intended to make all Driver’s licensing functions, with the exception of the physical visit to the MVD to confirm identity, available online in a single location. For example, on-line renewal, address change, replacements, and vehicle registration. Again, reducing customer traffic in Driver Exam stations.

Dec 1 Update - DOJ continues to expand eGovernment services in MVD. MVD has expanded services with a new vendor to electronically process title and registration documentation.

Update: DOJ continues to build and leverage partnerships with agencies and vendors on various projects, grants, and contracts. DOJ has built partnerships with MACO (Montana Cities and Counties), LGIT (Local Government Information Technology Group), HSIN (Homeland Security Information Network), and MT-DES (Montana Disaster & Emergency Services).

Dec 1 Update - DOJ has developed new relationships with consumers who have requested expertise in understanding cyber security issues.

Update: As part of a Montana Criminal History Improvement Project, DOJ integrated with existing systems and applications in order to expand functionality without duplicating work. Continued modernization development of driver services will fully integrate those functions to the existing Montana Enhanced Licensing and Registration Information Network (MERLIN) system therefore eliminating DOJ use of the State of Montana Mainframe environment.

Dec 1 - Update - DOJ has completed the Montana Criminal History Improvement Project and gone live with the new system. Post go-live cleanup work continues. The Driver Modernization Project has also gone live with post go-live work continuing.

Update: The exchange of data between the Courts and DOJ is, and will continue to be, a major objective/goal. Recent work improved existing exchanges between the courts and the Motor Vehicle Justice Court Reporting System (JCRS) to ensure compliance with federal requirements, driver history and status. We continue to improve the data exchanged as time permits and resources are available.

Dec 1 Update - Due to competing project priorities consuming resources in all agencies involved the data exchange project with courts has been put on hold and the funding attached from HB 10 returned. DOJ will have to revisit the project when resources become available.

Update: In the past two years’ overall customer satisfaction with IT systems continues to improve. Additionally, DOJ IT has added multiple layers of system alerting that has decreased unplanned, and emergency outages.

Dec 1 Update - DOJ continues to maintain appropriate service levels.

Update: DOJ JITSD continues to struggle with loss of FTE to higher paying similar positions in across state government. DOJ has engaged the MUS in conversations and will continue to press forward with the effort to hire, train, and retain a skilled IT workforce.

Dec 1 Update - DOJ has met with DLI personnel to reinvigorate the effort to bring Montana talent into the DOJ IT environment through an organized IT Apprentiship program.

Update: DOJ-IT has partnered with MS-ISAC & LGIT to leverage public-private partnerships to enhance cybersecurity information sharing, outreach and risk awareness.
DOJ-DCI (MATIC) partnered with DHS to build a secure portal where cyber security information, projects and collaboration can be shared among Montana stakeholders.
DOJ IT continues to use various tools such as Skype/Teams/ZOOM, SharePoint, Wordpress and other web applications to increase collaboration in the State and nationwide.

Dec 1 Update - DOJ continues to use all avenues of communication with internal and external partners during this pandemic with the use of Teams and Zoom. The DOJ CIO continues to collaborate with CIO peers in state government and is now the vice chair of the ITMC.

Update: DOJ IT has documented and implemented approximately five new processes and modified others as needed. To strengthen DOJ’s security posture, additional policies and procedures have been put in place; along with auditing and logging to ensure processes are being met. A few examples of these are the IT Use Policy, Firewall Change Procedure, Vulnerability Scanning Procedure, Media Sanitization Procedure, Forensic Analysis Event Response Procedure, etc.

DOJ has also participated in the NCSR (National Cyber Security Review). This nationwide self-assessment helps measure gaps and capabilities of cyber security maturity while providing actionable feedback and metrics directly

Dec 1 Update - DOJ is developing a project intake process that considers project complexity, available recourses, and DOJ priorities in order to accurately select what projects will be initiated and which will be on hold or discontinued.

Update: The Project Management Office purchased Brightwork, a SharePoint-based project management application with templates, portfolio dashboards, and reporting. We are piloting Brightwork and performing a cost benefit analysis on the tool to see if it will meet DOJ needs regards project prioritization and management of resources.

Dec 1 Update - The DOJ Project Management Office is now utilizing Brightwork to manage all projects.

Update: To date, DOJ has implemented:
1. Data loss prevention mechanisms to prevent unauthorized disclosure of sensitive information.
2. Multi-factor authentication to reduce the risk of unauthorized access to DOJ data assets.
3. Monitoring systems to prevent data tampering.
4. Mobile systems are encrypted to meet Federal FBI CJIS requirements.
5. Thumb/external drives that contain sensitive data are now encrypted.
6. Enforced the CJIS SP with LEA's for multi-factor authentication & EDR.

Dec 1 Update - All items are completed and we are now in O&M mode.

Update: 1. In cooperation with DOA, DOJ has implemented multi factor authentication across its environment at the endpoint level to safeguard DOJ systems and information.
2. DOJ has also enhanced first-level authentication requirements to provide additional security.
3. DOJ is collaborating with MT-ISAC, MS-ISAC & LGIT to bring forward a number of policies that will enhance the cyber hygiene of all agencies. Some of these policies are already in place and are actively being applied to the DOJ technology environment.
4. DOJ has implemented an SIEM and an EDR for additional monitoring and to control access to DOJ systems and networks.
5. Enforced the CJIS SP with LEA's for multi-factor authentication & EDR.

Dec 1 Update - All tasks completed except 5. Some local LEA's that are waiting on funding to implement MFA.

Update: DOJ has made security education among its employees a top priority. DOJ has set up an internal resource for DOJ employees to utilize that pertain to security education and outreach. The DOJ Security Team also attends internal meetings and provides additional specialized security training for employees where there needs to be an additional security emphasis within DOJ.

Dec 1 Update - This objective is ongoing with targeted metrics to meet. We are working toward those. For example, we would like our employee phishing testing to be below a 1.5% threshold. Right now we are around 3%.