IDAPA 11.10.01
Law enforcement agencies, criminal justice administration agencies, and agencies engaged in the promotion of highway safety.
This rule relates to the governance and operation of the Idaho Public Safety and Security Information System and sets forth who may access the information system, Executive Officer of the Board authority and responsibilities, board member requirements, authority, and responsibilities, network responsibilities, agency access to the network, user access fees, responsibilities, and sanctions, and information access and security.
This rule implements the following statutes passed by the Idaho Legislature:
Criminal Procedure -
Public Safety and Security Information System -
Bureau of Criminal Identification
Monday through Friday, 8:00 a.m. to 5:00 p.m.
700 S. Stratford Drive, Suite 125
Meridian, ID 83642
Phone: (208) 884-7130
Fax: (208) 884-7193
Email: adminrules@isp.idaho.gov
Web: https://isp.idaho.gov/bci
This rule chapter will be reviewed in compliance with Section 67-5292, Idaho Code, and in accordance with the 8-year rule review schedule linked here.
11.10.01 – Rules Governing Idaho Public Safety and Security Information System
000. Legal Authority. ... 3
001. Scope. ... 3
002. Incorporation By Reference. ... 3
003. -- 009. (Reserved) ... 3
010. Definitions. ... 3
011. (Reserved) ... 4
012. Executive Officer Of The Board. ... 4
013. -- 015. (Reserved) ... 4
016. ILETS Network. ... 4
017. Agency Access To ILETS. ... 5
018. User Access Fees. ... 6
019. Adjusted Access Fees During Pilot Projects. ... 7
020. User Responsibilities. ... 7
021. Information Access And Dissemination. ... 7
022. -- 023. (Reserved) ... 7
024. ILETS Security. ... 7
025. -- 026. (Reserved) ... 9
027. Misuse Of The Ilets System And/Or Derived Information ... 9
028. Access Agency Sanctions. ... 9
029. -- 999. (Reserved) ... 9
IDAHO PUBLIC SAFETY AND SECURITY INFORMATION SYSTEM
000. LEGAL AUTHORITY.
Title 19, Chapter 52, Idaho Code. (7-1-26)
001. SCOPE.
These rules relate to the governance and operation of the Idaho Public Safety and Security Information System. (3-23-22)
002. INCORPORATION BY REFERENCE.
01. Incorporated Documents. IDAPA 11.10.01 incorporates by reference the full text of the requirements relating to criminal justice information and the system used to transport such information found in the following documents: (3-23-22)
a. “Criminal Justice Information Systems,” 28 CFR Part 20 (July 1, 2006); (3-23-22) b. “Criminal Justice Information Systems--CJIS Security Policy,” Federal Bureau of Investigation, Criminal Justice Information Services (CJIS) Division, Version 6.0 (January 2025); (7-1-26) c. “National Crime Information Center 2000, Operating Manual,” Federal Bureau of Investigation, National Crime Information Center (August 2015); (3-23-22) d. The International and Public Safety Network, Nlets, Users Guide, (April 23, 2025); (7-1-26) e. The Idaho Public Safety and Security Information System User Manual. (7-1-26)
02. Document Availability. The above listed documents are available during normal working hours for inspection and copying at the Idaho State Police. (3-23-22)
003. -- 009. (RESERVED)
010. DEFINITIONS.
01. Access Agency. An agency that electronically accesses ILETS through the services of an interface agency. (3-23-22)
02. Administration of Criminal Justice. (3-23-22)
a. Performance of any of the following activities: detection, apprehension, detention, pretrial release, post-trial release, prosecution, adjudication, correctional supervision, or rehabilitation of accused persons or criminal offenders. (3-23-22)
b. It also includes: criminal identification activities; and collection, storage, and dissemination of criminal history record information. (3-23-22)
03. Associated System. Any automated or manual information system that is accessible through ILETS. (3-23-22)
04. Board. The Board created by Title 19, Chapter 52, Idaho Code to establish priorities and operational policies and procedures relating to ILETS. (3-23-22)
05. Criminal Justice Agency. (3-23-22)
a. Federal and state courts having jurisdiction to hear criminal matters; and (3-23-22)
b. A government agency or a subunit of a government agency that performs the administration of criminal justice pursuant to a statute or executive order and that allocates a substantial part of its annual budget to the
administration of justice. State and federal Inspectors General Offices are included. (7-1-26)
06. Department. The Idaho State Police, or its successor agency. (3-23-22)
07. Executive Officer. A position on the ILETS Board filled by the director of the Idaho State Police, or its successor agency. (3-23-22)
08. III. The Interstate Identification Index, which is a cooperative federal-state system for the exchange of automated criminal history records and, to the extent of their participation in the III system, the criminal history repositories of the states. (3-23-22)
09. ILETS. The Idaho Public Safety and Security Information System as established by the director of Idaho State Police pursuant to Title 19, Chapter 52, Idaho Code, includes all hardware, software, electronic switches, peripheral gear, microwave links, and circuitry that comprise the system. (3-23-22)
10. Direct Access Agency. An agency that has management control of a computer system directly connected to ILETS. (7-1-26)
11. Management Control Agreement. A written agreement between a criminal justice agency and a non-criminal justice agency that provides services (dispatching, record keeping, computer services, etc.) to the criminal justice agency. The agreement gives the criminal justice agency authority to set and enforce policies governing the non-criminal justice agency’s access to ILETS and ILETS derived information. (7-1-26)
12. NCIC 2000. The National Crime Information Center (NCIC) System is a nationwide information system established as a service to all criminal justice agencies – federal, state, local, tribal, and territorial. The goal of the NCIC System is to help the criminal justice community perform its duties by providing and maintaining a filing system of accurate and timely documented criminal justice information. (7-1-26)
13. NLETS. The International Justice and Public Safety Information Sharing Network, is a national computerized message switching system that links national and state criminal justice information systems. (3-23-22)
14. Non-Criminal Justice Agency. A state agency, federal agency, or unit of local government that is not a criminal justice agency. The term does not refer to private individuals, corporations, or non-governmental agencies or organizations. (3-23-22)
011. (RESERVED)
012. EXECUTIVE OFFICER OF THE BOARD.
01. Authority of Office. The executive officer represents the Board in the day-to-day administration of ILETS and is responsible for implementing Board policies pursuant to the authority of Chapter 52, Title 19, Idaho Code. The executive officer may delegate duties to employees and officers of the department and executes instruments for, and on behalf of, the Board and ILETS. (7-1-26)
02. Additional Responsibilities. The executive officer ensures, within available legislative appropriation, that the Board has sufficient staff support and that staff carry out duties including posting meeting notices, preparing and distributing agendas, keeping official records of Board meetings, and managing all documents related to the Board and ILETS operations. (7-1-26)
013. -- 015. (RESERVED)
016. ILETS NETWORK.
01. Establishment. The executive officer establishes ILETS as a program of the Idaho State Police or its successor agency. (3-23-22)
02. Responsibilities. The program, as established by the executive officer, has the following
responsibilities: (3-23-22)
a. Develop and operate a computerized criminal justice telecommunications and information system that provides message switching and record inquiry and retrieval capabilities. (3-23-22)
b. Publish an ILETS Operations Manual and make available to all user agencies. (7-1-26)
c. Function as the NCIC control terminal agency and the NLETS control terminal agency for the State of Idaho. (3-23-22)
d. Assist and train criminal justice agencies regarding information retrieved from ILETS and associated systems for use in administration of criminal justice. (3-23-22)
e. Establish and maintain connections with the Idaho Transportation Department, and other Idaho agencies and systems to share information that supports enforcement of state criminal and traffic laws and regulations. (7-1-26)
f. Provide staff support to the ILETS Board. (3-23-22)
g. Operate and maintain a program of record validation, quality control, and audits to ensure records in ILETS and NCIC are timely, accurate, complete, and compliant with state and national standards. (7-1-26)
h. Create and maintain model management control agreements between criminal justice agencies and non-criminal justice agencies. (7-1-26)
i. Provide assistance and information access to non-criminal justice agencies for statutory licensing, employment, regulatory and other purposes legally authorized and approved by the Board. (7-1-26)
01. Authorized Agencies. Consistent with Title 19, Chapter 52, Idaho Code, which mandates the exclusive use of ILETS for law enforcement and traffic safety purposes, access to ILETS is restricted to the following governmental agencies: (3-23-22)
a. Criminal justice agencies; (3-23-22)
b. Non-criminal agencies that provide computer services, dispatching support, or other direct support service to one (1) or more criminal justice agencies, and which have signed an ILETS-approved management control agreement with the criminal justice agency; (3-23-22)
c. Non-criminal justice agencies with a statutory requirement to use information capabilities that may be available via ILETS, and use of terminal access will not adversely affect criminal justice agency users, and use of the terminal will be for the administration of criminal justice; (7-1-26)
d. Non-criminal justice agencies that provide information or capabilities needed by criminal justice agencies for a criminal justice purpose, and access or use of a terminal will improve the ability to provide such information or capabilities; and (7-1-26)
e. Providing services to criminal justice agencies does not, by itself, authorize ILETS access. (7-1-26)
02. Management Control Agreements. The management control agreement between a criminal justice agency and a non-criminal justice agency grants to the criminal justice agency the authority to set and enforce: (3-23-22)
a. Priorities of service; (3-23-22)
b. Standards for the selection, supervision, and termination of personnel authorized to access ILETS;
and
(3-23-22)
c. Policies governing the operation of computers, circuits, and telecommunications terminals used to process, store, or transmit information to or receive information from ILETS. (3-23-22)
03. Board Approval. The Board reviews all requests for access to ILETS and determines whether an agency meets the criteria for access and whether access is appropriate based on system resources. Approved non-criminal justice agencies may have access to ILETS information on a limited basis (for example, motor vehicle information only) as authorized by the Board. (3-23-22)
01. Payment of Fees Required. Any agency that has signed a user agreement with ILETS to have direct terminal or system access to the network must pay access and usage fees as provided in Section 018. (3-23-22)
02. ILETS Network User Access Fees. The access fees approved by the Board and to be collected quarterly in advance by the department are as follows: (3-23-22)
a. An agency at the county or municipal level pays an annual access fee of five thousand, four hundred and twenty-five dollars ($5,425). (3-23-22)
b. An agency at the state, federal, or tribal level pays an annual access fee of nine thousand dollars ($9,000). (3-23-22)
03. Usage Fee. Any agency that has signed a user agreement with ILETS to have direct terminal or system access to the ILETS network pays quarterly a usage fee based on that agency’s percentage of total annual messages sent and received by user agencies through the ILETS message switcher. The total percentage for an agency includes the message traffic generated by any other agency authorized to access ILETS through that agency’s direct terminal or system access. (3-23-22)
a. The usage fee is assessed according to the following schedule:
| Percentage of Total ILETS Message Traffic | Annual Usage Fee Effective October 1, 2023 |
|---|---|
| 0 - .25% | $3,750 |
| .26 - .50% | $7,500 |
| .51 - .75% | $15,000 |
| .76 - 1.0% | $24,000 |
| 1.01 - 1.50% | $32,500 |
| 1.51 – 2.0% | $48,750 |
| 2.01 – 5.0% | $69,625 |
| > 5.01% | $98,939 |
(7-1-24)
b. The department will conduct audits of ILETS message switcher traffic for even-numbered years to determine an agency’s annual usage fee. This fee is effective for two (2) years and begins with the quarterly statement beginning October 1 of odd-numbered years. (3-23-22)
c. If an agency discontinues direct terminal or system access to ILETS and acquires authorized access through another agency, the usage fee for the agency maintaining direct access will be adjusted to reflect the combined historical usage. (3-23-22)
d. A new agency approved for direct ILETS access that does not have historical usage will be assessed an interim usage fee by the department pending the next audit of ILETS message traffic. The department sets an interim fee based on the agency’s similarities to existing agencies with direct terminal or system access. An agency may appeal the interim usage fee set by the department to the ILETS Board. (3-23-22)
e. As operator of ILETS, the department, in lieu of payment of fees, provides direct and in-kind support of network operations. The Board reviews biennially the proportion of that support to the overall operating cost of the system. (3-23-22)
04. Billing and Payment. The department mails billing statements quarterly to all agencies with direct terminal or system access to ILETS (October 1, January 1, April 1, and July 1). Payment of the fees is due by the first day of the following month of each quarter unless it is a Saturday, a Sunday, or a legal holiday, in which event the payment is due on the first successive business day. (7-1-26)
05. Sanctions for Delinquency. Any user agency that becomes delinquent in payment of assessed fees is subject to sanctions under Section 028. (3-23-22)
The Board may adjust access fees of user agencies participating in pilot projects being conducted by the department in behalf of ILETS. The fee adjustment is based on any cost savings, actual or anticipated, realized by the ILETS network. (3-23-22)
01. User Agreement. accessing ILETS, directly or through another agency, must comply with all ILETS rules and policies and have a signed agreement with ILETS or the direct access agency. (7-1-26)
02. ILETS Certification. Each agency employee who operates a computer to access ILETS must be certified within three months of accessing ILETS and every two (2) years thereafter. (7-1-26)
03. Background Checks of ILETS Authorized Users Required. All persons accessing ILETS or ILETS-derived information must undergo a national Criminal Justice fingerprint-based records check, in accordance with FBI CJIS policies. These screening policies are adopted for all ILETS access to ensure consistency. Results must meet the Board-approved ILETS access criterion, and persons must be approved before access is granted. (7-1-26)
01. General Policy. ILETS users receive information from multiple sources, including ILETS, Idaho criminal justice agencies, motor vehicle departments, FBI CJIS, and Nlets. Users must follow any restrictions set by the information source. ILETS is responsible for informing users of applicable access or dissemination restrictions. (7-1-26)
02. Criminal History Records. Criminal history information accessed via ILETS from a state or national computerized file is available only to criminal justice agencies for criminal justice purposes. This precludes the dissemination of such information for use in connection with licensing applications, regulatory activities, or local or state employment, other than with a criminal justice agency. (3-23-22)
01. General Policy. The data stored in the ILETS, NCIC, and other criminal justice information system files is documented criminal justice information. This information must be protected to ensure its integrity and its correct, legal and efficient storage, dissemination and use. It is incumbent upon an agency accessing ILETS directly, or another system that has access to the ILETS network, to implement the procedures necessary to make the access device secure from any unauthorized use and to ensure ILETS is not subject to a malicious disruption of service.
ILETS access agencies must participate in ILETS training and compliance activities to ensure that all agency personnel authorized to access the ILETS network are instructed in the proper use and dissemination of the information and that appropriate agency personnel are aware of security requirements and of the dangers to network integrity. ILETS may impose more stringent or additional protection measures than outlined in this document. ILETS retains the authority to disconnect an access agency or network connection when serious security threats and vulnerabilities are detected. (7-1-26)
02. Definitions. The following is a list of terms and their meanings as used in the ILETS security rule: (3-23-22)
a. ILETS Security Officer (ISO) is the department staff member designated by the executive officer to monitor and enforce agency compliance with site and network security requirements. This position contains additional responsibilities as defined in the CJIS Security Policy as CJIS Systems Agency Information Security Officer. (7-1-26)
b. Peer networks are interfaces between cooperative governmental agencies in Idaho where none of the participating entities exercise administrative or management control over any other participating entity. (7-1-26)
c. Untrusted system is any system or series of systems that does not meet the compliance requirements of ILETS, Nlets, CJIS Security Policy, and/or are not authorized for access to ILETS information. (7-1-26)
03. Direct Access Agency Agreements. To ensure agencies having computer interface capabilities to ILETS are fully aware of their duties and of the consequences of failure to carry out those duties, a written and binding Direct Access Agency Agreement must exist between ILETS and all direct access agencies. This agreement will clarify that the direct access agency is equally responsible for actions by secondary and affiliated systems connected through their site to ILETS. Direct access agencies must put in place similar subsidiary security agreements with secondary and affiliated systems to protect its network and ILETS. (7-1-26)
04. ILETS Security Officer. The ILETS Security Officer is responsible for the following duties: (3-23-22)
a. Make available to user agencies copies of ILETS security policies and guidelines; (7-1-26)
b. Communicating to user agencies information regarding current perceived security threats and providing recommended measures to address the threats; (3-23-22)
c. Monitoring use of the ILETS systems either in response to information about a specific threat, or generally because of a perceived situation; (7-1-26)
d. Directing an direct access agency, through its appropriate contact, to rectify any compliance findings; (7-1-26)
e. When an agency is unable or unwilling to co-operate, reporting the issue to the executive officer and initiating escalated sanctions pursuant to IDAPA 11.10.01 section 28; and (7-1-26)
f. Provide support and coordination for investigations into breaches of security. (3-23-22)
05. Agency Security Contacts. A terminal agency coordinator shall serve as that agency’s security contact for ILETS, unless another individual is specifically selected for this purpose and approved by the ILETS Security Officer. ILETS primary sites shall ensure the agency’s security contact, or another person or position designated in an incident contingency plan, can be contacted by the ILETS security officer at any time. (3-23-22)
06. Peer Networks. The security responsibilities of the operators of peer networks connected to ILETS, with respect to their user organizations, are parallel to those of ILETS user organizations in respect to their individual users. The ILETS Security Officer shall ensure that a written agreement exists between ILETS and an interface agency, signed by the agency heads, that embodies these principles. (3-23-22)
07. Network/Physical/Personnel Security Standards. Are established through the incorporation by reference of the CJIS Security Policy. (7-1-26)
025. -- 026. (RESERVED)
Refer to the ILETS Manual. (7-1-26)
01. Review of Violations. The board reviews violations of ILETS rules and may impose appropriate sanctions on access agencies. (3-23-22)
02. Objective of Sanctions. The objectives of the sanction procedure are as follows: (3-23-22)
a. To ensure the security, integrity, availability, and financial stability of ILETS and access agencies. (7-1-26)
b. To create an awareness among access agencies of the importance of following rules, regulations, and procedures in order to minimize the risk to liabilities that may be incurred by misuse of the system and access to its information. (3-23-22)
03. Severity of Sanctions. Sanctions are based upon the severity of violation, previous offenses, and potential legal risks. When deciding on sanctions, the Board considers the violation’s severity, prior sanctions, and any corrective action plans submitted by the offending agency. Sanctions can include various actions as determined by the Board. The Board may impose as sanctions, one (1) or more of the following: (7-1-26)
a. Written warning. (3-23-22)
b. Written notice of violation. (3-23-22)
c. Written notice of probation. (3-23-22)
d. Written notice of temporary suspension. (3-23-22)
e. Written notice of permanent suspension. (3-23-22)
04. Effective Date of Sanctions. Temporary or permanent suspension of service will not begin, unless an emergency exists, until fifteen (15) days after the agency head has received written notice by certified mail or personal service. (3-23-22)
05. Reinstatement. An agency placed on permanent suspension may apply to the Board for reinstatement. (3-23-22)
029. -- 999. (RESERVED)