Department of Justice

Goals

Update:

Objectives

  • 1.1 Meet business needs for new, replacement, and upgraded systems. IT investments will be driven by mission/business needs. In order to make smart decisions, a collective group of business sponsors, IT staff, and executive leadership will make decide on various projects and priorities based on DOJ missions and businesses.
    Update: DOJ projects are prioritized and processed in a standardized fashion. More refining of the project process continues.

    Dec 1 Update: DOJ has begun the process of refining project intake processes with a review of current intake issues
  • 1.2 Implement electronic content management
    Establish the infrastructure and processes (document imaging, storage and retrieval) for electronic records management to create efficient and paperless real-time access to documents in a virtual office environment that crosses physical and organizational boundaries.

    Update: DOJ has implemented numerous imaging solutions that include financial processes, contract management, Concealed Weapon permit records, criminal records, external agency agreement management, training materials, Criminal Justice Information Network access and certification, Highway Patrol field training approval,
    crash records, vehicle title and registration documents, disability placard digitization, and Police Officer Standards and Training records. These solutions save staff time by allowing them to electronically search and retrieve files without having to physically go to a location and search paper files.

    Dec 1 Update: DOJ is now fully involved in ECM and has migrated all data to the Hyland cloud.
  • 1.3 Expand eGovernment Services
    Implementing web-based self-service applications will increase access to services, reduce data error, and reduce travel costs and processing time. DOJ will continue to expand and optimize eGovernment services to citizens and government.

    Update: With the COVID-19 pandemic, expanded and robust eGov services are essential. DOJ is focused on expanding eGov services for the Motor Vehicle Division (MVD) to allow Montana drivers additional online services. A contractor was recently selected through the Request for Proposal (RFP) process to work with financial institutions and car dealers to streamline the vehicle titling and licensing process eliminating the need for drivers to visit County Treasurer Offices (CTO) – reducing long lines at CTOs and customer frustration. Additionally, a new on-line service combining customer vehicle and driver license status information is envisioned that will host a suite of advanced digital features intended to make all Driver’s licensing functions, with the exception of the physical visit to the MVD to confirm identity, available online in a single location. For example, on-line renewal, address change, replacements, and vehicle registration. Again, reducing customer traffic in Driver Exam stations.

    Dec 1 Update - DOJ continues to expand eGovernment services in MVD. MVD has expanded services with a new vendor to electronically process title and registration documentation.
  • 1.4 Build and leverage partnerships
    No IT organization can do everything for everyone. Therefore, various government and private industry partners must be leveraged in order to accomplish some IT project and tasks and/or provide services in a timely manner.

    Update: DOJ continues to build and leverage partnerships with agencies and vendors on various projects, grants, and contracts. DOJ has built partnerships with MACO (Montana Cities and Counties), LGIT (Local Government Information Technology Group), HSIN (Homeland Security Information Network), and MT-DES (Montana Disaster & Emergency Services).

    Dec 1 Update - DOJ has developed new relationships with consumers who have requested expertise in understanding cyber security issues.

Update:

Objectives

  • 2.1. Standardize, Consolidate and Integrate
    Various systems do not follow standards and are duplicated and not integrated, thereby requiring additional resources to support them. Standardizing, consolidating, and integrating systems will allow for more efficient utilization of IT resources, expandability for future needs, and better services for customers.

    Update: As part of a Montana Criminal History Improvement Project, DOJ integrated with existing systems and applications in order to expand functionality without duplicating work. Continued modernization development of driver services will fully integrate those functions to the existing Montana Enhanced Licensing and Registration Information Network (MERLIN) system therefore eliminating DOJ use of the State of Montana Mainframe environment.

    Dec 1 - Update - DOJ has completed the Montana Criminal History Improvement Project and gone live with the new system. Post go-live cleanup work continues. The Driver Modernization Project has also gone live with post go-live work continuing.
  • 2.2. Develop information sharing standards, protocols, policies, and exchanges
    In order to exchange appropriate information, integrate systems, reuse designs and code, and be efficient and effective, standards, protocols and policies must be established. The efficient sharing of data among justice entities is at the very heart of modern public safety and law enforcement. Technological advances in information sharing offer confidence that broad scale justice information sharing can become a reality.

    Update: The exchange of data between the Courts and DOJ is, and will continue to be, a major objective/goal. Recent work improved existing exchanges between the courts and the Motor Vehicle Justice Court Reporting System (JCRS) to ensure compliance with federal requirements, driver history and status. We continue to improve the data exchanged as time permits and resources are available.

    Dec 1 Update - Due to competing project priorities consuming resources in all agencies involved the data exchange project with courts has been put on hold and the funding attached from HB 10 returned. DOJ will have to revisit the project when resources become available.
  • 2.3. Maintain current systems
    Current systems must be maintained at appropriate service levels in order to support current missions and business.

    Update: In the past two years’ overall customer satisfaction with IT systems continues to improve. Additionally, DOJ IT has added multiple layers of system alerting that has decreased unplanned, and emergency outages.

    Dec 1 Update - DOJ continues to maintain appropriate service levels.

Update:

Objectives

  • 3.1. Attract and retain a skilled IT workforce
    In order to have secure, reliable, and effective IT systems, DOJ must have highly skilled and motivated people to design, acquire, install, operate and manage these systems and support contracts in an effective and efficient manner. People are an investment and will be treated as such. Because DOJ has such a diverse set of work, from motor vehicles to law enforcement, and the IT staff is so lean, corporate knowledge, experience, retention, and continuity are vital. At DOJ we invest in people’s education and training as well as their personal and professional development. We also review skill sets and gaps during long term and project planning to help ensure we have the right people. We work to ensure the office environment is comfortable, safe, energetic, collaborative, team oriented, innovative, fun, and rewarding and that people are adequately compensated for their knowledge, skills, abilities, and results.

    Update: DOJ JITSD continues to struggle with loss of FTE to higher paying similar positions in across state government. DOJ has engaged the MUS in conversations and will continue to press forward with the effort to hire, train, and retain a skilled IT workforce.

    Dec 1 Update - DOJ has met with DLI personnel to reinvigorate the effort to bring Montana talent into the DOJ IT environment through an organized IT Apprentiship program.
  • 3.2. Increase collaboration (internal and external)
    Information sharing, and collaboration enhancements will continue to develop and leverage ideas and best practices to efficiently complete projects and operate and manage systems and contracts. Collaboration will increase communication, knowledge sharing, and teamwork, which will positively impact projects, operations, contracts, and other initiatives through reduced errors, faster delivery, and exceeding customer needs.

    Update: DOJ-IT has partnered with MS-ISAC & LGIT to leverage public-private partnerships to enhance cybersecurity information sharing, outreach and risk awareness.
    DOJ-DCI (MATIC) partnered with DHS to build a secure portal where cyber security information, projects and collaboration can be shared among Montana stakeholders.
    DOJ IT continues to use various tools such as Skype/Teams/ZOOM, SharePoint, Wordpress and other web applications to increase collaboration in the State and nationwide.

    Dec 1 Update - DOJ continues to use all avenues of communication with internal and external partners during this pandemic with the use of Teams and Zoom. The DOJ CIO continues to collaborate with CIO peers in state government and is now the vice chair of the ITMC.
  • 3.3. Improve Process Discipline
    The goal of having processes is to improve customer and employee satisfaction. Processes provide rules and guidelines for how to conduct business. In some instances, such as security, rules and processes must be strictly followed. Other times, processes provide guidelines and people must use their knowledge and experience to adapt to the situation in order to complete the task. Processes also allow new staff to understand how the IT business works and allow measurements to be taken and the process modified in order to improve customer and employee satisfaction.

    Update: DOJ IT has documented and implemented approximately five new processes and modified others as needed. To strengthen DOJ’s security posture, additional policies and procedures have been put in place; along with auditing and logging to ensure processes are being met. A few examples of these are the IT Use Policy, Firewall Change Procedure, Vulnerability Scanning Procedure, Media Sanitization Procedure, Forensic Analysis Event Response Procedure, etc.

    DOJ has also participated in the NCSR (National Cyber Security Review). This nationwide self-assessment helps measure gaps and capabilities of cyber security maturity while providing actionable feedback and metrics directly

    Dec 1 Update - DOJ is developing a project intake process that considers project complexity, available recourses, and DOJ priorities in order to accurately select what projects will be initiated and which will be on hold or discontinued.
  • 3.4. Optimize system and project portfolio management
    JITSD will leverage best practices to continually review and refine systems and projects supporting DOJ. Some systems or projects may not be needed as much as others, and with limited resources, some things may have to be canceled or postponed.

    Update: The Project Management Office purchased Brightwork, a SharePoint-based project management application with templates, portfolio dashboards, and reporting. We are piloting Brightwork and performing a cost benefit analysis on the tool to see if it will meet DOJ needs regards project prioritization and management of resources.

    Dec 1 Update - The DOJ Project Management Office is now utilizing Brightwork to manage all projects.

Update:

Objectives

  • 4.1. Assure trusted and resilient systems and information
    Update: To date, DOJ has implemented:
    1. Data loss prevention mechanisms to prevent unauthorized disclosure of sensitive information.
    2. Multi-factor authentication to reduce the risk of unauthorized access to DOJ data assets.
    3. Monitoring systems to prevent data tampering.
    4. Mobile systems are encrypted to meet Federal FBI CJIS requirements.
    5. Thumb/external drives that contain sensitive data are now encrypted.
    6. Enforced the CJIS SP with LEA's for multi-factor authentication & EDR.

    Dec 1 Update - All items are completed and we are now in O&M mode.
  • 4.2. Implement Access controls
    DOJ will implement risk‐based, cost‐effective information access control policies and systems to safeguard DOJ information.

    Update: 1. In cooperation with DOA, DOJ has implemented multi factor authentication across its environment at the endpoint level to safeguard DOJ systems and information.
    2. DOJ has also enhanced first-level authentication requirements to provide additional security.
    3. DOJ is collaborating with MT-ISAC, MS-ISAC & LGIT to bring forward a number of policies that will enhance the cyber hygiene of all agencies. Some of these policies are already in place and are actively being applied to the DOJ technology environment.
    4. DOJ has implemented an SIEM and an EDR for additional monitoring and to control access to DOJ systems and networks.
    5. Enforced the CJIS SP with LEA's for multi-factor authentication & EDR.

    Dec 1 Update - All tasks completed except 5. Some local LEA's that are waiting on funding to implement MFA.
  • 4.3. Institutionalize Information Security
    Security is only as strong as its weakest link (people, process, or technology). Therefore, security must be institutionalized across every aspect of DOJ. From conception through implementation of systems; while developing processes and performing job duties and tasks; to performing administrative functions; security awareness must be present. DOJ will implement a risk‐based decision framework and continue to strengthen information security education and training.

    Update: DOJ has made security education among its employees a top priority. DOJ has set up an internal resource for DOJ employees to utilize that pertain to security education and outreach. The DOJ Security Team also attends internal meetings and provides additional specialized security training for employees where there needs to be an additional security emphasis within DOJ.

    Dec 1 Update - This objective is ongoing with targeted metrics to meet. We are working toward those. For example, we would like our employee phishing testing to be below a 1.5% threshold. Right now we are around 3%.

Agency Contact Information

Agency Director / Administrator
Mike Milburn
444-2026
MMilburn@mt.gov
215 N. Sanders, Helena, MT 59601
Information Technology Contact
(CIO / IT Manager)
Butch Huseby
444-3708
bhuseby@mt.gov
302 N. Roberts, Helena, MT 59601
Information Security Manager
Dawn Temple
444-2414
datemple@mt.gov
302 N. Roberts, Helena, MT 59601