Appriss launched two partial user security releases for ICOTS in October in order to keep ICOTS in compliance with CJIS security standards, which they are contractually obligated to do. These changes are part of the new CJIS security standards policy drafted by the FBI.
ICOTS Code Release 28.0 - User Security Release Part 2
ICOTS 28.0 code release went into production on October 29, 2014 and implemented the development items described below:
User Security Questions
When a user requests a password reset they will now need to set 2 security questions.
The answers to those security questions will be required the next time a user requests a password reset.
Users Inactive for More Than 90 Days
State administrators now receive an email notification when an ICOTS user has been inactive for more than 90 days. The user will also be flagged on the User List report.
State admins will also notice a new message under the "Deactivate" tab of the user's profile. (More...)
ICOTS Code Release 27.0 - User Security Release Part 1
ICOTS 27.0 code release went into production on October 8, 2014 and implemented the development items described below:
Decreased Time-Out Limit
The idle time-out period was decreased from 2 hours to 30 minutes. (More...)
Single Session Logins
An ICOTS user can only be logged into one active ICOTS session at a time. This means users can no longer log into ICOTS from different computers at the same time or different web browsers on the same machine at the same time. Users should still be able to log in to ICOTS in multiple tabs of the same web browsers. Users should make sure to click the "Logout" link every time before closing their web browser. (More...)