prev section

table of contents

next section 

Download

Florida Courts Technology Standards
Section VI
Integration and Interoperability

6.0.0 | CHAPTER 6 INTRO

This section contains subsections that describe the scope of the processes to which the Integration and Interoperability requirements apply. Florida Courts Technology Commission (11/20)

6.1.0 | BACKGROUND

The Integration and Interoperability requirements and standards are derived primarily from industry best practices and existing standards. The functional requirements of the judicial branch drive the need to define an environment that can fulfill the needs of all justice partners as they interact with the public and other federal, state, and local agencies. The hardware and software platforms, network infrastructure, and methods for data exchange that are discussed and recommended in this document support the strategic vision of the Florida Courts Technology Commission (“FCTC”) relative to integration and interoperability among heterogeneous systems. Florida Courts Technology Commission (11/20)

6.2.0 | REQUIREMENTS AND STANDARDS FOR INTEGRATION & INTEROPERABILITY

This section contains the preliminary requirements and recommended standards for interoperability and integration between technology systems that provide information to or on behalf of the judicial branch. The requirements and standards were defined by analyzing Legislative/Supreme Court mandates, functional requirements, existing information systems architecture, and incorporating the results of that analysis into a solution that leverages contemporary information technology management industry standards and best practices for optimal performance, return on investment and efficient technical solutions. Florida Courts Technology Commission (11/20)

6.2.1 | DIAGRAMS

The diagrams in this section give an overview of the Florida court system network topology (Figure 1) and the circuit court approved clerk interface (Figure 2).

Figure 1. Florida Court System Network Topology Overview

Florida Court System
Network Topology Overview







Figure 2. Circuit Court Approved Clerk Interface

Circuit Court
Approved Clerk Interface






Florida Courts Technology Commission (11/20)

6.3.0 | INTEGRATION REQUIREMENTS AND STANDARDS

Integration requirements and standards are needed to provide the court with an understanding of both the high-level logical design requirements and the physical infrastructure standards and requirements that will be required to efficiently integrate the disparate systems that will support the courts. Florida Courts Technology Commission (11/20)

6.3.1 | INFRASTRUCTURE STANDARDS AND REQUIREMENTS

Standards and requirements are established to provide a strategic approach to hardware and software standardization and lifecycle management that will assist circuits in planning, procuring, and implementation of technologies necessary to comply with Supreme Court and Legislative technology mandates. Florida Statute 29.008 states that counties within each Judicial Circuit are responsible for the court’s technology needs, including but not limited to computer hardware (e.g., PCs, video displays, laptops, servers, etc.) To effectively manage the technology’s total cost of ownership, lifecycle management should include hardware and software procurement strategies, physical asset management, technical support strategies, and retirement and disposal strategies that maximize the hardware’s utility in support of the court’s business objectives. Finally, when planning technology solutions, it is imperative to remember that the personnel costs required for the maintenance of the solutions often exceed the cost of the physical solution itself. Proper support ratios should be factored in to ensure the efficacy of the solution.

The goal of these guidelines is twofold: first, provide a blueprint for a robust extensible infrastructure that will support the growth, integration, and interoperability of information systems supporting the judicial branch; and secondly, reduce aggregate costs through standards that offer economies of scale.

6.3.1.1 Desktop PC Standards

Desktop Personal Computer (“PC”) procurements must be scheduled to meet certain lifecycle and performance objectives. Due to increasingly intensive software requirements, a three-year lifecycle is recommended. The minimum and recommended performance level requirements for desktops currently are listed in Figures 3 and 4. The performance level required will be determined by evaluating system needs, including the number, type and complexity of applications being run, system resources necessary to simultaneously run these applications; and performance metrics requisite for compliance with court standards.

• Courtroom/Hearing Room. Video displays: Per the Court Application Processing System (“CAPS”) standards, courtroom and hearing room displays shall have sufficient screen size to display multiple electronic documents. The minimum recommended size for a video display is 30”. Video display installations should allow for a range of movement and flexible placement to prevent obstruction of the judge’s view of the courtroom or hearing room. Due to the diverse size, complexity, and nature of myriad judicial proceedings, the final determination for size and placement may vary depending on the environment.

• Judge Chambers. Video display: 24” or greater with capability for dual displays.

• Video Display. Video display replacement lifecycles may differ from desktop lifecycles based on functionality and usage requirements. Touch screen displays shall be used where deemed appropriate by the court.

Figure 3. Minimum Desktop Configuration for New Machines

		Details
Hardware	Processor	Quad Core Business Class Intel or AMD (3.4 GHz or greater)
	Memory (RAM)	8 GB or greater
	Storage	500 GB Solid State Drive (“SSD”)
	Video	DirectX 12 or greater Capable (WDDM Driver Support recommended)
	Graphics RAM	256 MB or greater, the system should be able to accommodate dual displays
	Sound	Audio is required in accordance with the planned use of the system
	Ports	HDMI and multiple USB 3.0/USB C ports as required
	Lifecycle	3 years
Network Connectivity	Bandwidth	100/1000BaseT Ethernet, wireless as required

6.3.1.2 Laptop Standards

The court’s migration toward a paperless environment and the implementation of electronic warrant applications offers unprecedented access to judicial officers in nontraditional venues and create an increased need for access to electronic court files/forms from secure, mobile devices.

Figure 4. Recommended Laptop Configurations

		Details
Hardware	Processor	Quad Core Business Class Intel or AMD (3 GHz or greater)
	Memory (RAM)	8 GB or greater
	Storage	250 GB Solid State Drive (“SSD”)
	Graphics	DirectX 12 or greater Capable (WDDM Driver Support recommended) 256 MB (in addition to RAM)
	Sound	Audio required
	Ports	HDMI or mini-display USB 3.0/USB C ports as required
	Lifecycle	3 years
	Bandwidth	Integrated 100/1000 Ethernet LAN (standard)
Network Connectivity	Wireless	Internal adapter supporting 802.11 b/g/n/ac

6.3.1.3 Client (Desktop/Laptop) Software Standards

Software requirements for desktops provide a standardized environment for users. This standardization will both simplify and increase the efficiency of the initial software deployment and on-going support for desktops and laptops.

Figure 5. Software Requirements and Standards

Software	Details
Operating System	Windows 10 Professional or higher (OS must be active in the MS Support Lifecycle for patches and updates)
Office Suite	G Suite, Office365, or Microsoft Office version currently supported by Microsoft
Other Productivity Software	1) PDF Reader 2) PDF Writer
Security Software	1) Anti-virus 2) Anti-malware

6.3.1.4 Mobile Devices

This document defines mobile devices for those that have sufficient computing power for Internet access, receive e-mail reception, client-side applications, and interoperability with server-side applications. Examples of these mobile personal computing devices include but are not limited to tablets, smartphones, and hybrids. Mobile devices with limited security features should be limited to less sensitive areas of access unless a specialized security measure can be applied that will meet security standards. Mobile device usage must comply with the Criminal Justice Information Services (CJIS) Security Policy under the U.S. Department of Justice, Federal Bureau of Investigation.

6.3.1.5 Recommended Mobile Device Configurations

All mobile devices should exceed the minimum standards available at the time of purchase.

6.3.1.6 Mobile Device Computing: Any device, anytime, anywhere

Mobile computing technologies increase productivity and flexibility, as well as support continuity of operations in an emergency. Mobile computing is a rapidly growing segment of court technology; however, with new efficiencies come new security risks. Great diligence must be applied to ensure that developing standards for e-filing and data protection factor devices that can access, view, manipulate and store private court information. The introduction of CAPS that can be accessed off-premises has made mobile devices more utilized than ever.

Mobile devices generally refer to smartphones and tablet devices that support multiple wireless network connectivity options (primarily cellular and Wi-Fi), as well as voice and data applications. This section will focus on the mobile computing or data element.

• Mobile Device Management (“MDM”). A key component to successful control and administration of mobile computing is an MDM Enterprise System that provides security, accessibility, and content policies on many popular tablets and smartphones.

MDM products have been developed to mitigate threats to mobile devices by enabling enterprise-controlled device configuration, security policy enforcement, compliance monitoring, and response (e.g., remotely lock and/or wipe a mobile device that has been reported as lost or stolen). MDM solutions typically include an enterprise server(s) component and an application installed on the mobile device to manage device configuration and security and report device status to the MDM.

Small Florida court technology budgets juxtaposed against the tremendous popularity of the smartphone and tablet have led to an unprecedented rise in Bring Your Own Device, or BYOD. Standards to exercise control, manage expectations, and define acceptable use policies should be developed and implemented for all such users.

• DDNA. Securing mobile devices should focus on the following 4 categories:

1. Device security: methods to prevent unauthorized device use, such as an MDM.

2. Data security: protecting data at rest even on a lost/stolen device, such as an MDM.

3. Network security: network protocols and encryption of data in transmission.

4. Application security: security of the applications, and operating system, such as a MAM.

• Recommended MDM Requirements
1. Enforce passcodes on devices.

2. Allow remote location of devices.

3. Allow remote wiping of device’s drive/data.

4. Allow remote locking.

5. Detect rooted/jailbroken phones, which are more vulnerable to malicious code.

6. Inventory of devices.

7. Policy compliance.

• Mobile Application Management (“MAM”). MAM allows the court to set up an enterprise application store to deploy approved applications, enforce application policies, and remotely upgrade or uninstall applications.

To mitigate the threat of malicious or vulnerable mobile applications to mobile devices, the court should use MAM to provision for application whitelisting or allowing installation of mobile applications from authorized enterprise application stores application blacklisting, which blocks the installation of known vulnerable applications.

• Recommended MAM Requirements

1. Allow for the installation of applications from a private site.

2. Control the push/pull of updates to devices.

3. Allow for the remote installation of applications.

4. Allow for the remote wiping of non–standard applications.

5. Whitelisting of select applications from public sites.

6. Blacklisting of select applications based either on application or site.

7. Application inventory.

• Standards for Acceptable Use: Managing Expectations

Until the FCTC approves a standard policy, each circuit is recommended to develop an acceptable use consent policy that will outline expectations for security, support, and data access on a mobile device. It is recommended that each circuit develop a policy for approval by the Chief Judge. This policy should at a minimum address the following areas:

1. What is the circuit policy for bringing your own device (“BYOD”) hardware?

2. For BYOD devices:

a. What is the data backup policy?

b. What is the extent of policy enforcement versus device support?

i. Security enforcement – when can a device be wiped?

c. Is the user cognizant of rules that constitute the creation of the public records?

d. What enforcement exists for connectivity to unsecured networks (e.g., public wireless connection)?

e. Is confidential data storage on the device prohibited?

3. For court provided devices:

a. What are acceptable recreational uses for the device (e.g., music, photos)?

b. What is the data backup policy?

c. Are secure network connections enforced?

d. What is the acceptable use of data storage on the private or public cloud?



• Wireless Networking Security. Though both wired networks are vulnerable to the threat that intruders might snoop out network traffic, or inject rogue traffic, wireless networks are more susceptible to data theft and hijack. Mobile computing poses an inherent risk to data security that must be strictly managed and monitored. Using a VPN tunnel to encrypt mobile access to corporate resources makes for an excellent first line of defense. Additionally, it is important to educate users concerning the dangers of connecting to a wireless network that does not use 256-bit WPA2 encryption.

Users should understand that most public Wi-Fi is not encrypted and is, by its nature, not secure. By utilizing an encrypted VPN connection, the data transmitted between the device and the VPN endpoint are encrypted, even though the Wi-Fi connection itself is not encrypted. If no VPN is in use, then using encrypted protocols (such as HTTPS instead of HTTP) where possible will provide encryption between the device and the remote endpoint.

For internal wireless court/county networks, VLANS or MAC address filtering provide additional controls over secure connectivity.

Bluetooth settings, when not in use, should be turned off.

• Best Practices for CJIS Connections. Only use properly encrypted connections.

• Best Practices for Non-CJIS Connections. For wireless connections, only use properly encrypted connections. There are other potential confidential or sensitive data transmitted outside of CJIS systems.

Be aware of Federal Information Processing Standards (“FIPS”) 71A-1 Subsections 001-023, and the U.S. Department of Justice, Federal Bureau of Investigation, Criminal Justice Information Services Security Policy Sections 4.3, Personally Identifiable Information, and Section 5 regarding securing technology that accesses, stores, transmits and logs Criminal Justice Information governed by this referenced policy. The most current version of this policy can be viewed at http://www.fbi.gov/about-us/cjis/cjis-securitypolicy-resource-center/.


6.3.1.7 Servers

Production servers should support both common/shared services as well as organization-specific services. Servers should meet a combination of priorities, including affordability, performance, scalability, space-optimization, and support for the mission-critical applications that will comprise the system. A maintenance contract with a qualified vendor must be maintained for any mission-critical servers.

6.3.1.8 Network Components

• Courts Local Area Network (“LAN”) Considerations/Recommendations

A standard for agency LAN implementations should be established. It is recommended that the standard include the following:

1. Naming conventions using Domain Name Service (“DNS”) should be standardized across the courts.

2. Ethernet topology (over unshielded twisted pair cabling).

3. High-speed copper (UTP) to the desktop (CAT 5e or better).

a. Utilize BICSI Standards as a guideline for structural wiring.

4. Fiber optic cable for interconnections between high-speed concentration areas.

a. Standardized connectors (ST, SC, LC, FC) and type single/multimode.

5. Networking equipment should be based on a full-switched TCP/IP network.

a. Backbone should have Layer 3 capability for VLAN/Routing/QoS.

b. Switches should have fiber uplink capability.

c. Switches shall be manageable via IP or other remote protocol.

6. Scalable high-speed Ethernet/Fiber switches.

7. Bandwidth standards and requirements within and among each judicial location are recommended at:

a. Gigabit to servers

b. Gigabit to workstations

The use of existing LAN technology at judicial locations should be evaluated on a location-by-location basis. Where required, the LAN infrastructure should be upgraded to meet the standard.

Any LAN technology dedicated for use by the court should meet the following requirements:

Feature Sets	IP Routing, VRRP, HSRP, STP enhancements, 802.1s/w, IGMP snooping, IEEE 802.3af Power over Ethernet (PoE).
Security	ACL, port security, MAC address notify, AAA, RADIUS/TACAC+, 802.1x, SSH, SNMPv3, IPv6
Advanced QoS	Layer 2–4 QoS with Class of Service (CoS)/Differentiated Services Code Point (DSCP), & Differentiated Services Model (DiffServ) supporting shaped round robin, strict priority queuing. QoS compliant with DiffServ (IETF) standards as defined in RFC 2474, RFC 2475, RFC 2597 and RFC 2598 and DSCP (IETF) standards as defined in RFC 791, 2597 2598, 2474, 3140 4594[MediaNet]. 802.1p, 802.1Q, 802.11e Resource Reservation protocol (RSVP) in RFC 2205.
Management	One IP address and configuration file for the entire stack. Embedded web-based cluster management suite to Layer 2/3/4 services easy configuration of network-wide intelligent services in local or remote locations automatic stack configuration.
Performance	Distributed Layer 2 and Layer 3 distributed providing wire-speed switching and routing via Gigabit Ethernet and Fast Ethernet configurations
Deployment	Automatic configuration of new units when connected to a stack of switches. Automatic OS version check of new units with the ability to load images from a master location. Auto-MDIX and Web setup for ease of initial deployment. Dynamic trunk configuration across all switch ports. Link Aggregation Control Protocol (LACP) allows the creation of Ethernet channeling with devices that conform to IEEE 802.3ad. IEEE 802.3z-compliant 1000BASE-SX, 1000BASE-LX/LH, 1000BASE-ZX, 1000BASE-T and CWDM physical interface support through a field-replaceable small form-factor pluggable (SFP) unit. 10 gigabit Ethernet IEEE 802.3-2008
Configuration/ Survivability	Switches must work standalone and in a stacked configuration. Stack up to 9 units, Separate stacking port. Minimum 32Gbps fault-tolerant bidirectional stack interconnection. Master/slave architecture with 1:N master failover. Less than 1 second Layer 2 failover with nonstop forwarding. Less than 3 second Layer 3 failover with no interrupt forwarding. Cross-stack technology, cross-stack QoS Single network instance (IP, SNMP, CLI, STP, VLAN). Minimum of 24 Ethernet 10/100/1000 ports and 2 SFP uplinks with IEEE 802.3af and pre-standard Power over Ethernet (PoE).
Software	Intelligent services: Layer 3 routing support via RIP, OSPF, static IP routing. Dynamic IP unicast routing, smart multicast routing, routed access control lists (ACLs), Hot Standby Router Protocol (HSRP) support, and Virtual Router Redundancy Protocol (VRRP).

• Courts Wide Area Network (“WAN”). The WAN infrastructure supporting the courts will use the State network as its primary transport media, if applicable. Specific WAN hardware and software solutions should be evaluated and customized to handle the additional traffic that may be required from the system. Integration of local county network infrastructure to the State network will be addressed on a case-by-case basis in compliance with definitions outlined in Florida Statutes 29.008(f)(2).

• WAN Considerations/Recommendations

1. The court should strive to standardize Domain Naming Services (“DNS”) conventions, Network Address Translation (“NAT”) conventions, and TCP/IP conventions (including subnetting) based on RFP standards.

2. The current infrastructure supports high-speed switching technology The WAN infrastructure should include the use of TCP/IP for interagency communications.

3. Where possible, the communications infrastructure should provide for coexistence with existing architectures until these architectures are compliant with the standard.

4. Multi-protocol WAN bandwidth may have to expand to handle traffic while supporting other emerging applications and business requirements.

5. Each courthouse or remote facility should have a high-speed connection back to the State network unless a high-speed network has already been provided by the county. Network speeds for each circuit will vary depending on bandwidth requirements.

6. Throughput on the WAN should be benchmarked at key junctures before the system becomes operational It should be monitored continually thereafter.

7. State-provided bandwidth is a shared resource; accordingly, bandwidth management at the circuit level is strongly recommended.

6.3.1.9 Wireless Technologies

In the courts, wireless technologies include point-to-point connectivity and multi-point connectivity. Point-to-point is utilized to extend ta WAN, connecting physically separate networks. Multi-point wireless is used to extend the LAN to wireless users within a limited geographic area. Wireless is beneficial when providing network connectivity for mobile judicial users, as well as fixed-user locations where wired LAN connectivity is unavailable. The following guidelines should be considered when developing a wireless security plan.

• General Wireless Guidelines

1. Must meet current CJIS security standards.

2. Change the default level of product security – out of the box, WLANs implement no security.

3. Change the out-of-the-box settings – do not use default or null SSIDs or passwords.

4. Implement wireless access points on switched network ports.

5. Develop and publish standards and policies for departmental WLANs.

6. At a minimum, use 256-bit keys or greater.

7. Implement MAC address tracking to control network security.

8. Monitor access logs or use network-based instruction detection to detect unauthorized access or attack.

9. Highly sensitive networks should use a minimum of 256-bit encryption. The SSID should not be broadcast, and MAC authentication should be required.

10. Disable Wi-Fi Protected Setup (“WPS”).

11. Each circuit should develop a practical and comprehensive wireless solution including a detailed IEEE 802.1x-based security plan.


• Multi-Point Wireless. Due to the open broadcast nature of wireless networks, each organization should design and publish security standards for their wireless solution. The WLAN uses several standards defined by the IEEE 802.11 classification that addresses both bandwidth and security issues. While cost will vary between technologies, priority for essential elements such as security through encryption and authentication is strongly recommended. Restricting the area of coverage for wireless access points should also be considered; covering only the areas within the physically controlled area reduces the accessibility by unauthorized users. Given the ongoing evolution of wireless standards, any guidelines and metrics should be reviewed during the planning stages of multi-point wireless projects.

The following general guidelines should be considered when developing and implementing a wireless security plan for your WLAN.

Multi-Point Wireless Guidelines

1. Develop and publish standards and policies for departmental WLANs, including acceptable use and levels of service for multiple user types (if applicable).

2. Perform site surveys in advance of access point placement to ensure adequate signal coverage and identify related power requirements.

3. Implement wireless access points on switched network ports.

4. Address security on two levels: encryption and authentication.

5. The newest security standard is 802.11-2007 (sometimes referred to as WPA2), incorporating authentication by 802.1x standard. 802.1x supports authentication server or database service including Remote Authentication Dial-In User Service (RADIUS), LDAP, and Windows domain, and Active Directory. Encryption in 802.11-2007 is strong AES.

6. Change the “out-of-the-box” settings – do not use default or null SSIDs or passwords. At a minimum, activate the default level of product security.

7. Set access point SSID broadcasting to “OFF”.

8. Consider implementing VPN with strong encryption for wireless networks. Place access points outside of the firewall. Use VPN for connectivity to the intranet.

9. Implement MAC address authentication and tracking to control network security. Utilize monitoring software to limit network access based on the user’s physical location and IP address, granting or denying access to services as needed.

10. Implement additional authentication if supported by the vendor (RADIUS, LDAP, etc.).

11. Monitor access logs or use network-based intrusion detection to detect unauthorized access or attacks.

12. All publicly accessible Wi-Fi must be outside the court’s internal network.


• Point-to-Point Wireless. When implementing a wireless solution to connect remote locations, the following list of guidelines needs to be considered.

Point-to-Point Wireless Guidelines

1. Bandwidth/Network Requirements: Video Conferencing, Digital Court Recording (“DCR”) Monitoring, VoIP, data volume, and latency.

2. Distance/Path: Line of sight is required.

3. Tower Locations and Access.

4. Security

a. Physical security: Tower location and equipment need to be secure.
b. Network security.

5. Availability: Uptime of 99.98% or better is recommended.

6. Management: Utilities should be Simple Network Management Protocol (“SNMP”) compliant.

7. Warranty and Maintenance: Equipment, tower climbing, and maintenance should be included.

8. Each circuit should develop a practical and comprehensive wireless solution including a detailed IEEE 802.1x-based security plan.


Licensed bandwidth has oversight by the Federal Communications Commission (“FCC”) and must adhere to FCC rules and regulations. Licensed bandwidth guarantees frequency ranges that are assigned to the associated license, preventing interference with other frequencies. Unlicensed bandwidth is not under the FCC oversight and carries the risk of interference from competing wireless locations. Any interference issues must be negotiated on a case-by-case basis.



6.3.1.10 Security Standards

Information Security encompasses many technical and non-technical areas. This section describes the comprehensive high-level technical security architecture strategy that should be addressed when defining Information Security requirements.

Information Security Standards are organized into four categories:

• Device Control
• Personnel Control
• Network Control
• Physical Security

These standards address the overarching Information Security needs and provide a framework for developing compliant Information Security Standards and Policies. Security standards shall comply with CJIS Security Policy under the U.S. Department of Justice, Federal Bureau of Investigation where applicable.

• Device Control

1. Access Rights and Privileges: Computer-resident sensitive information shall be protected from unauthorized use, modification, or deletion by the implementation of access control rights and privileges.

2. Anti-Virus Protection: Platforms that are susceptible to malicious code shall be equipped with adequate software protection when such protection is available.

3. Authentication of Desktop Users: Desktop access shall be secured and authenticated using adequate security techniques.

4. Backup Policy: Data storage devices shall undergo sufficient periodic backup to protect against loss of information.

5. Business Continuity & Disaster Recovery: Formal business continuity and disaster recovery plan(s) shall be documented and implemented per applicable Florida State Courts policy and administrative rules.

6. Transmission of Sensitive Data: Sensitive data (security management information, transaction data, passwords, and cryptographic keys) shall be exchanged over trusted paths, using adequate encryption between users, between users and systems, or between systems.

7. E-mail Anti-Virus Protection: Proactive installation and management of software/hardware to safeguard against the injection of malware, viruses, or other code via e-mail or e-mail attachments is required.

8. Platform Level Administration (Local): Local access to system console functions shall be restricted to appropriately authorized personnel.

9. Platform Level Administration (Remote): Remote access shall be secured via adequate authentication and restricted to appropriately authorized personnel.

10. System Administration Privileges: System administration privileges shall be locally granted only to appropriately authorized personnel.

• Personnel Control

1. Acceptable Use Policy: Policies addressing the acceptable use of information technology shall be documented.

2. Acceptable Use Training: All employees shall undergo training, briefing, and orientation as deemed necessary by the circuit to support compliance with all elements of established acceptable use and applicable information security policies and guidelines.

3. Remote Access Policy: Where applicable, each circuit will maintain a written remote access policy.

4. Sensitive and Exempt Data Handling: All employees with access to sensitive or exempt data shall be trained to handle the data in compliance with relevant guidelines. The Florida Department of Law Enforcement (“FDLE”) establishes CJIS guidelines governing the access by any workstations to FCIC/NCIC data directly or through the Judicial Inquiry System (“JIS”).

5. Incident Response: Incident Response (“IR”) procedures shall be developed and maintained. IR procedures will guide appropriate steps to take in response to breaches in devices, networks, and physical security.

• Network Control

1. Network: Network security encompasses preventing unauthorized access to the LAN and WAN that will be used to access judicial services.

2. Device Resistance: All critical devices within the perimeter network shall be resistant to attack by known threats for which there are available defenses.

3. Network Audit Logs: Network audit logs shall provide sufficient data to support error correction, security breach recovery, and investigation. Network audit logs should be retained for a minimum of three months.

4. Remote Access: All remote access methods providing access to critical systems shall be identified and inventoried. Remote access to the court’s network and resources will only be permitted providing that authorized users are authenticated, data is encrypted across the network, and privileges are restricted. Remote access logs should be recorded for a minimum of three months. A centralized point of access is preferred.

5. Wireless Network Security and Management: All wireless networks and devices shall be locally authorized by each circuit and have adequate security configurations.

• Physical Control

1. Physical Security Policy: Physical security policies shall adequately address information technology infrastructure.



6.3.1.11 System Management Tools

A comprehensive set of management tools will be required to support an integrated information system environment. The system architecture and its components should support centralized monitoring and control. Characteristics of system management include:

• An application to provide complete systems and network management throughout the enterprise environments, preferably including Active Directory (“AD”) monitoring, Structured Query Language (“SQL”) (or equivalent) database monitoring, and detailed flexible reporting.

• Network management applications that are deployed and integrated to support network management requirements, including hub, switch, and router management. SNMP compliant hardware; when in a Windows environment, Windows Management Instrumentation (“WMI”) compliance is required.

• Network management tools that have the ability to monitor across VLANs, WANs, and disparate network architectures, including wireless networks.

• Either IPv4 or IPv6 are protocols.

• The tools should contain the ability to monitor, report, and block offending IP addresses or infected network segments.

• Network Quality of Service (“QoS”) management utilities. Preference for SSH or SSL over telnet or HTML for network management tools.

• Traffic monitoring systems that utilize a learning mechanism establishing initial baselines that are time corrected and display anomalous traffic with reasonable swiftness. Rules-based equipment should allow for frequent base table updating.

• Desktop management tools deployed and integrated to support workstations, software distribution, desktop inventory control, and asset tracking of desktop configurations and installed software (“metering”). Ghost or equivalent imaging software, patch management (such as Windows Server Update Services (“WSUS”)), and detailed, flexible reporting mechanisms.

• Server management tools should be SNMP compliant, have the ability to monitor server health, including disk, memory, process utilization, and when possible, power consumption, and when possible, support Lightweight Directory Access Protocol (“LDAP”).

Change control applications should be utilized to help coordinate the activities (such as software code changes, testing and verification of the changes, and related documentation changes) that need to be performed by various organizations.

When evaluating system management tools administrators should consider the following criteria:

• For flexibility, site or enterprise licensing is preferred.

• “Agent-less” tools are not required but may be preferred.

• Robust reporting/metrics functionality is preferred and strongly recommended.

• E-mail/text alerts for virus monitoring should be available for all systems. Encryption should be required for some types of e-mail at rest and in route.

• Remote management of network, desktops, servers, provided software meets the established security standards is preferred. A health report should be periodically generated, and contain the following information when possible:

• SNMP trap information.
• Login reports for both successful and failed attempts (wireless, RADIUS, VPN, etc.).
• Switch/router/hub changelogs.
• Wireless connections.
• Server health (average CPU load, RAM and disk utilization, etc.).
• Active Directory additions/deletions/changes.
• Restricted traffic attempts and perceived network anomalies.



6.3.1.12 Audio and Video Teleconferencing

The following is a list of recommended guidelines that will serve as a baseline for video conferencing definition.

• Digital Audio and Video Conference Standards

1. Must use the TCP/IP network protocol.

2. Separate VLAN for video.

3. Standard definition speed: 384K.

4. High-definition speed: 768K

5. Duplex: Full (512 units = half).

6. Network speed: 100Mbps (502 units = 10Mbps).

7. Switch and codec: hard-coded speed/duplex.

8. Video communications must support the H.264 SIP multimedia standards.

9. Audio conferencing must support G.711 audio compression

10. Low Resolution: Based on communications availability. H.323 standard should use a minimum of 256Kbps bandwidth per concurrent video session.

11. QoS tag: DSCP AF41.

12. Ports: 1719, 1720, 3230-3253 TCP/UDP



Any endpoint or Multi-Point Conference (“MCU”) traversing the Internet should be considered “best effort”, given the circuit’s inability to manage all aspects of the connection, signal quality, and clarity.

6.3.1.13 Cloud Video Conferencing

Support for cloud-based video conferencing is desirable.

6.3.1.14 Court Reporting Technologies

Court Reporting standards shall comply with CJIS Security Policy under the U.S. Department of Justice, Federal Bureau of Investigation when applicable.

• Reference
Technical and Functional Standards for Digital Court Recording (last updated March 2021).


6.3.1.15 Technical Support

Skill sets needed to achieve technology objectives and provide support and maintenance should be defined by each circuit court.

On-call is required to support 24/7 operations.

6.3.1.16 User Support Ratio

Minimum service level expectation in the court environment is to provide initial service within the same day or less as when the call for assistance was received, depending on the criticality of the environment (e.g., a case manager’s printer error can be responded to the same day, but a network outage impacting first appearance or shelter hearings must be responded to more quickly).

Specialized technical services may require dedicated support staff depending on the environment. Specialized services may include:

• Network
• Security
• Audio Video
• ADA
• Communications
1. Data
2. Voice
• Training
• Web
1. Internet
2. Intranet
• Application Development
• Database Administration
• Server Administration

Other considerations: Geographic distribution of serviced sites will impact service levels. Multi-county or large county circuits must factor travel time into service level expectations. Additional staff may be required to meet service level requirements.

Funding for on-going training must be included with staff to maintain the skill sets required to support the environment.

6.3.1.17 Courtroom Technology Standards

• Courtroom – Hearing Room Technology Minimum Requirements

For criminal proceedings, courtrooms and hearing rooms need to have the infrastructure in place to deliver information and services to the courtroom. Information is vital whether it is information on a computer screen, a juror’s ability to hear the witness, or the ability to set up evidence presentation tools. For Civil proceedings, equipment may be used if available; otherwise, attorneys are responsible for providing the equipment needed for evidence presentation.

Posting a disclaimer on the circuit’s website concerning the provided technology is recommended. An example is listed below:

Courtroom technology is provided as a courtesy to the legal profession and court participants. While the court will make every effort to ensure the equipment is working properly, the court does not guarantee the reliability or availability of the equipment. It is presumed that anyone using courtroom technology is properly trained to do so. The court is not responsible to provide educational or technical support for these services. By using this technology, the user agrees to hold the court harmless for any equipment failure or corruption of data, for any court-related proceeding, and to not seek to delay/reschedule court proceedings due to same. Finally, users agree to be prepared to proceed without using technology should the circumstances warrant such action. • Infrastructure

When building new courtrooms, plans shall include conduit and cable paths to support existing and future technology. Raised flooring is recommended for courtrooms to allow for easy access. Floor boxes can be used to support future expansion. If using floor boxes, industry-standard termination must be accommodated into the design of the floor boxes and wiring practices. See Figure 6 for a typical courtroom design.

• Courtroom Technology Guidelines

1. DSP-based Sound Reinforcement System (1 system per courtroom)/ADA compliant hardware. Microphone locations should be discussed with the chief judge to determine if hanging microphones, tabletop microphones, or if both types are needed in the courtrooms.

2. ADA assisted listening devices.
3. Video display(s).
4. 1 pan/tilt/zoom camera (minimum).
5. DCR (when applicable).
6. LAN access for the judge and the clerk of court.

• Recommended Optional Integrated Equipment

1. Touch panel control pad.

2. Wireless presentation interface.

3. Sidebar microphones.

4. Gallery microphones.

5. Video displays/Intelligent displays (capable of supporting different multi-media sources).

6. Touch screen video displays (witness stand for evidence presentation).

7. 4 pan/tilt/zoom cameras (suggested camera options: judge, witness, courtroom, and evidence/jury. The evidence camera should be mounted in the ceiling at a location that allows evidence to be placed underneath for presentation.

8. Network access/Wi-Fi for participants.

9. Remote interpreting A/V equipment.

10. Video conferencing.

11. Teleconferencing.

12. Analog stereo audio, VGA, component, and HDMI inputs and/or wireless media display devices, display port, and other industry-standard connections.

13. Media plate

14. Remote technical support and control.

15. White noise cancellation for sidebar conferences.

16. Where needed, the microphones should be configured to work with the DCR.

• Hearing Rooms Guidelines

While sound systems may not be needed in all hearing room types, other equipment is essential. These rooms shall include the following:

1. ADA assisted listening devices.

2. Video display(s).

3. 1 camera.

4. DCR (pre-wired if possible).

5. LAN access for judge and clerk

• Recommended Optional Hearing Rooms Equipment

1. Network access/Wi-Fi for participants.

2. Wireless presentation interface.

3. Remote interpreting A/V equipment.

4. Video conferencing.

5. Teleconferencing.

6. Analog stereo audio, VGA, component, and HDMI inputs and/or wireless media display devices, display port, and other industry-standard connections. These inputs can be installed in a floor box or wall plate.

7. Remote technical support and control.

• Optional Mobile Technology

If funding is unavailable for integrated courtroom technology solutions, mobile systems are recommended. Evidence presentation systems should be able to display a wide range of types/formats/sizes of physical and digital evidence used in today’s courtrooms. An evidence presentation system should include (but not be limited to) the following support components:

1. Display

Mobile display (TV/LCD screen) or projector:

A mobile display is recommended only for smaller settings and should support multiple resolutions with sufficient brightness.

A projector should support multiple resolutions with sufficient brightness for viewing in ambient light (will vary based upon projected image size) + projector screen.

The system should provide audio/video outputs compatible with the courtroom’s integrated video displays/audio/DCR system (if applicable).

2. Cables

Audio/video presentation systems should support prevailing audio/video transmission cable standards such as analog stereo audio, analog stereo audio, VGA, component, and HDMI.

3. Physical Media

Audio/video presentation systems should support prevailing physical media standards such as CD (R/RW), DVD, (+R/RW), USB storage device (flash or HD), CompactFlash, SD/Smartmedia, Memory Stick, Blue-ray, and cell phone connectivity.

4. Digital Audio/Video Standards

Audio/video presentation systems should support prevailing digital audio/video standards such as Audio CD, DVD, VCD, SVCD, WMV, QuickTime, Mpeg4, MP3, OGG.

5. Overhead Projector

6. Document Camera





Figure 6. Courtroom Drawing

AV Infrastructure Legend:

	Press Plate Location. Contractor shall install a 8”x8”x3” Deep Junction Box flush in wall at 18” AFF. Install two 2” conduit from the plate to the Cable tray on the 1st level
	Floor Box/Pocket; Install an Ace Backstage 124SL Floor pocket or approved equal. The floor pocket shall be able to contain a minimum of 4 A/V gangs, 1 duplex receptacle, 2 RJ-45 connectors, and two spare single gang plates. Each pocket shall have two 2” conduits for future A/V cabling and one 1” conduit spare. These conduits shall be installed to the cable tray on the 1st level. A separate conduit shall be installed for the duplex receptacle and a separate conduit for the RJ-45 connections. Refer to the telecom and power plans for information on these systems.
	Ceiling Speaker Location; location is approximate and shall be coordinated with the A/V contractor prior to roughing in; a junction box shall be installed at each location. Install a ¾” conduit from the speaker to the other speakers on the same zone. The homerun conduit for each zone shall be installed to the cable tray on the 1st level.
	Ceiling Hanging Microphone Location; location is approximate and shall be coordinated with the A/V contractor prior to roughing in; a junction box shall be installed at each location. Install a ¾” conduit from the microphone to the cable tray on the 1st level.
	Button Microphone Location; location in casework is approximate and shall be coordinated with the A/V contractor prior to roughing in; a stub up ¾” conduit shall be installed in the casework. The conduit shall be routed to the cable tray on the 1st level.
	Sidebar Button Microphone Location; location in casework is approximate and shall be coordinated with the A/V contractor prior to roughing in; a stub up ¾” conduit shall be installed in the casework. The conduit shall be routed to the cable tray on the 1st level.
	A/V Plate Location; install a 12” wide x 6” tall x 3” deep junction box flush in casework. Junction box shall be located 18” above the bottom of the casework. Install two 2” conduits and one 1” conduit from the junction box to the cable tray on the 1st level.
	A/V Camera Location; install a junction box flush in the wall at each location. Install a ¾” conduit from the junction box to the cable tray on the 1st level mounting height shall be coordinated with the A/V contractor prior to install.
	A/V Camera Location; install a junction box flush in the wall at each location. Install a ¾” conduit from the junction box to the cable tray on the 1st level mounting height shall be coordinated with the A/V contractor prior to install.
	TV Location; install a junction box flush in the wall at each location. Install a ¾” conduit from the junction box to the cable tray on the 1st level mounting height shall be coordinated with the A/V contractor prior to install.
	TV Location; install a junction box flush in the wall at each location. Install a ¾” conduit from the junction box to the cable tray on the 1st level mounting height shall be coordinated with the A/V contractor prior to install.
	DCR Light Location; install a junction box flush in the wall 12” above the bottom. Install a ¾” conduit from the junction box to the cable tray on the 1st level.
	Hearing Impaired IR Location; install a junction box flush in the wall at a height to be determined by the A/V contractor. Install a 1” conduit to the cable tray.

Florida Courts Technology Commission (11/20)

6.4.0 | REQUIREMENTS FOR INTEROPERABILITY & DATA EXCHANGE

New applications being developed must have web-based capabilities for record viewing. Any enhancements or upgrades to existing applications must include support for access through a web browser for viewing of records. To the extent possible, access to add, change, and delete information must migrate toward web-based interfaces. Scanning systems and other applications that directly interface with peripherals are more difficult to move to web-based applications, but it is possible. In addition, applications must include industry-standard application programming interfaces (“APIs”) for standardized exchange of information.

The technical standards listed below have been developed across all industry sectors and have the joint backing of many software development companies (e.g., Microsoft, Oracle, Sybase, IBM) that have recognized that information exchange and the resulting gains in productivity and efficiency are critical strategic goals of improved system performance. Florida Courts Technology Commission (11/20)

6.4.1 | SOFTWARE APPLICATIONS

• Software applications must support the following standards when applicable:

1. Presentation (for web-based applications)

a. Standards compliant XHTML 1.0/HTML 4.01 and later
b. Standards compliant Cascading Style Sheets 2.1 and later

2. Application

a. Service-Oriented Architecture (“SOA”) should be applied to applications.
b. Development processes such as Model-View-Controller (“MVC”).
c. The presentation layer should access information via a web service.
d. Where possible, code should be executed on the server (server-sidecode), not the client.
e. eXtensible Markup Language (“XML”).
f. Simple Object Access Protocol (“SOAP”)
g. Web Services and/or Representational State Transfer (“REST”) web services.
h. JSON (“JavaScript Object Notation”).
i. American National Standards Institute Structured Query Language (“ANSI SQL”).
j. W3C ADA/508 compliance.
k. Open Database Connectivity (“ODBC”), Java Database Connectivity (“JDBC”), OLEDB, Database Native Clients.
l. Remote Procedure Call (“RPS”)

3. Storage

a. American National Standards Institute Structured Query Language (“ANSI SQL”).

4. Security

a. Security for all components of software applications should use industry-proven algorithms, techniques, platform-supplied infrastructure, and vendor-tested and supported technologies.

b. The Data Exchange Standards, adopted in May 2016, but the FCTC provide a Data Security Model standard to which applications should adhere when applicable.


Florida Courts Technology Commission (11/20)

6.4.2 | DATA TRANSMISSION

Protocols for transmission, between distinct entities, of data governed by this document must be generally available, nonproprietary, and protected by the most secure methods reasonably available to all participants. Each repository of data shall provide its data per this document, the Data Exchange Standards, and such other standards as may be adopted under the authority of the Supreme Court. Florida Courts Technology Commission (11/20)

6.4.3 | DATABASE STANDARDS

Database connectivity to some databases may not be possible due to driver/network restrictions at the location. Each participating agency/entity should collaboratively develop a plan governing the connection to, accessing, and formatting the data maintained in the particular database source. These databases should

• Be relational.
• Use ANSI SQL.
• Package appropriate database drivers with the database platform.
• Be secured using industry-proven algorithms, techniques, platform-supplied infrastructure, and vendor-tested and supported technologies.
• Be backed up per the Backup of Electronic Records standards in Section 8.5.
• Have a tested recovery plan.
Florida Courts Technology Commission (11/20)

6.4.4 | DATABASE CONNECTIVITY

A detailed system architecture should be defined that will meet the business requirements of judicial applications. The system architecture should describe the structure and organization of the information systems supporting specific circuit/county/judicial location functions and provide the technical system specifications based on the functional requirements. It should describe the complete set of system and network infrastructure components that are installed or planned for installation. It should also include an approach to information sharing (database connectivity) and workflow coordination between business functions, external sources, and users of business information. Also, the architecture should define recommended drivers/middleware once the database and application development software for the system is finalized.

The communication technologies (database drivers) needed to allow transmittal and sharing of access to and utilization of information for various databases in the circuits may include:

• Open Database Connectivity (“ODBC”).

• Object Linking and Embedding (“OLE DB”).

• Java Database Connectivity (“JDBC”).

• Database Native Drivers.

Figure 7. Conceptual Data Exchange Environment

Typical Web Environment
Florida Courts Technology Commission (11/20)

6.4.5 | ARCHIVAL STORAGE OF ELECTRONIC DOCUMENTS

Electronic document systems must accommodate the need to archive documents in a manner that will guarantee accurate reproduction of the original content in the present system as well as future systems and their storage format changes. Archival storage requirements of content must comply with the current records retention policy. Each system must consider and address the challenges of delivering documents seamlessly as changes occur over time. Archival storage formats used must be able to meet long-term rendering requirements as well as have a method to meet ADA requirements/accommodations. An industry standard specifically developed for long-term archival purposes is PDF/A-2.

The Florida Supreme Court approved PDF/A-2 as the document storage format for electronic court documents in June 2019. Section 8 outlines the current document storage and backup of electronic records requirements. Florida Courts Technology Commission (11/20)

6.5.0 | CLOUD COMPUTING

There are unique opportunities and challenges with the advent of cloud computing. Cloud services are evolving at a fast pace that goes beyond file storage. Florida Courts Technology Commission (11/20)

6.5.1 | APPROVAL PROCESS

Due to the changing nature of cloud computing in the areas of storage and service offerings, moving to the cloud can be beneficial financially, but also carries many risks. Therefore, the chief judge shall be informed of benefits and potential risks and give approval before court records or court services are moved to a cloud service provider. Where applicable, cloud services must conform to CJIS standards. Florida Courts Technology Commission (11/20)

6.5.2 | RISKS

One of the major risks with cloud computing involves the accessibility of data/services upon termination of the hosting agreement due to formatting or proprietary storage protocols implemented by the vendor. Care should be given to ensure the data is returned in the same format in which it was migrated. Security and integrity of the court data may be at risk when a contracted cloud service provider, who is also responsible for data security, is storing the data outside the monitoring capability of court/clerk staff. Care must be taken to ensure the security and integrity of court data and services. Security audits and reviews should be conducted preferably by an external, third-party entity. Security breaches should be properly and immediately reported to the Trial Court Administrator, Chief Judge, and the Chief Information Security Officer at the Office of the State Courts Administrator.

Because Service Level Agreements (“SLA’s”) can change often and with short notice, a plan must be in place to monitor and audit the impact that such changes to agreements could have and mitigate their impact. Florida Courts Technology Commission (11/20)

6.5.3 | STORAGE RESTRICTIONS

The location of cloud data storage is restricted based on the following classifications:

• Classification 1: Judicial Branch Records as defined in Fla. R. Gen. Prac. & Jud. Admin. 2.420 (b)(1):

1. Court Records
2. Administrative Records

• Classification 2: Logs (e.g. temporary files such as computer activity logs, scheduling polls that are short-term files).

Data in both classifications must be available for a time period at least as long as the applicable records retention period by Florida law.

Data in classification 1 must reside within the United States. Data in classification 1 shall be encrypted, both in transit and at rest.

Data in classification 2 may be stored outside the United States, but the data must be stored in such a way as to facilitate copying of the data or a portion thereof in an amount of time similar to the amount of time such duplication would take if the data were stored within the United States. Florida Courts Technology Commission (11/20)

6.5.4 | DATA ENCRYPTION

Data encryption must be enabled for the storage of sensitive data in the cloud. Florida Courts Technology Commission (11/20)

6.5.5 | BEST PRACTICES

Best practices related to the security and integrity of data stored in the cloud should be followed either by practice (as identified in proposed cloud migration plans) or by contractual agreement. These include, but are not limited to:

• Any agreement should include a clause prohibiting the use of court data for any use without the express written consent of the governing jurisdiction.

• Any agreement should include a clause requiring law enforcement to work through the custodian of the record when requesting access to records rather than direct access.
Florida Courts Technology Commission (11/20)

6.5.6 | RESOURCES

• ISO 27018:2019 Compliant Cloud data privacy

• Security

o Cloud Security Alliance: Cloud Control Matrix
o PCI Security Standards
o ISO/IEC 27001:2013
o ISO/IEC 27002:2013

• Justice Partner Compliance

o Criminal Justice Information Services (CJIS) compliance
o Compliance with Justice Partner standards for current & future integrations

• Industry-verified conformity with global standards
Florida Courts Technology Commission (11/20)