VULNERABILITY DISCLOSURE POLICY

Introduction

Court Services and Offender Supervision Agency (CSOSA) mission is to effectively supervise adults under our jurisdiction to enhance public safety, reduce recidivism, support the fair administration of justice, and promote accountability, inclusion and success through the implementation of evidence-based practices in close collaboration with our criminal justice partners and the community.

CSOSA is committed to ensuring the security of the American public by protecting their information. This policy is intended to give security researchers clear guidelines for conducting vulnerability discovery activities and to convey our preferences in how to submit discovered vulnerabilities to us.

This policy describes what systems and types of research are covered under this policy, how to send us vulnerability reports, and how long we ask security researchers to wait before publicly disclosing vulnerabilities.

We encourage you to contact us to report potential vulnerabilities in our systems.

Authorization

If you make a good faith effort to comply with this policy during your security research, we will consider your research to be authorized we will work with you to understand and resolve the issue quickly, and CSOSA will not recommend or pursue legal action related to your research. Should legal action be initiated by a third party against you for activities that were conducted in accordance with this policy, we will make this authorization known.

Guidelines

Under this policy, “research” means activities in which you:

  • Notify us as soon as possible after you discover a real or potential security issue.
  • Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction or manipulation of data.
  • Only use exploits to the extent necessary to confirm a vulnerability’s presence. Do not use an exploit to compromise or exfiltrate data, establish command line access and/or persistence, or use the exploit to pivot to other systems.
  • Provide us 90 days from the date you sent your report to resolve the issue before you disclose it publicly.
  • Do not submit a high volume of low-quality reports.

Once you’ve established that a vulnerability exists or encounter any sensitive data (including personally identifiable information, financial information, or proprietary information or trade secrets of any party), you must stop your test, notify us immediately, and not disclose this data to anyone else.

Test methods

The following test methods are not authorized:

  • Network denial of service (DoS or DDoS) tests or other tests that impair access to or damage a system or data
  • Physical testing (e.g. office access, open doors, tailgating), social engineering (e.g. phishing, vishing), or any other non-technical vulnerability testing

Scope

This policy applies to the following systems and services:

  • csosa.gov
  • *.csosa.gov

Any service not expressly listed above, such as any connected services, are excluded from scope and are not authorized for testing. Additionally, vulnerabilities found in systems from our vendors fall outside of this policy’s scope and should be reported directly to the vendor according to their disclosure policy (if any). If you aren’t sure whether a system is in scope or not, contact us at soc@csosa.gov before starting your research (or at the security contact for the system’s domain name listed in the .gov WHOIS).

Though we develop and maintain other internet-accessible systems or services, we ask that active research and testing only be conducted on the systems and services covered by the scope of this document. If there is a particular system not in scope that you think merits testing, please contact us to discuss it first. We will increase the scope of this policy over time.

Reporting a vulnerability

Information submitted under this policy will be used for defensive purposes only – to mitigate or remediate vulnerabilities. If your findings include newly discovered vulnerabilities that affect all users of a product or service and not solely CSOSA, we may share your report with the Cybersecurity and Infrastructure Security Agency, where it will be handled under their coordinated vulnerability disclosure process. We will not share your name or contact information without express permission.

We accept vulnerability reports at via email to soc@csosa.gov. Reports may be submitted anonymously. If you share contact information, we will acknowledge receipt of your report within 3 business days.

We do not support PGP-encrypted emails.

What we would like to see from you

In order to help us triage and prioritize submissions, we recommend that your reports:

  • Describe the location the vulnerability was discovered and the potential impact of exploitation.
  • Offer a detailed description of the steps needed to reproduce the vulnerability (proof of concept scripts or screenshots are helpful).
  • Be in English, if possible.

What you can expect from us

When you choose to share your contact information with us, we commit to coordinating with you as openly and as quickly as possible.

  • Within 3 business days, we will acknowledge that your report has been received.
  • To the best of our ability, we will confirm the existence of the vulnerability to you and be as transparent as possible about what steps we are taking during the remediation process, including on issues or challenges that may delay resolution.
  • We will maintain an open dialogue to discuss issues.

Questions

Questions regarding this policy may be sent to soc@csosa.gov. We also invite you to contact us with suggestions for improving this policy.

 

Modified:  March 2, 2021

CSOSA Launches Hire One Jobs Campaign

CSOSA is launching the “Hire One” campaign to directly connect area employers with a pool of talented justice-involved people who are ready, able, and eager to work.

In our decades of supervising people on probation, parole, and supervised release in the District of Columbia, CSOSA has found that gainful employment is a cornerstone of stability and growth. However, too often, those who have been involved in the justice system find that their past transgressions continue to be obstacles to their progress. Second Chance hiring provides an opportunity to move toward a brighter future. That’s why CSOSA is asking area employers to pledge to “Hire One” of its referrals.

“Hire One,” an expansion of CSOSA’s job placement efforts, aims to pair employers with an untapped and under-utilized pool of talent. Businesses that have hired people under CSOSA supervision report that these employees are among the most dedicated, hardworking, and loyal in their workforce. Employers interested in joining the program can contact Vocational Development Coordinator Tony Lewis at tony.lewis@csosa.gov.

In coming weeks, CSOSA will unveil a series of videos that answer the question “Why Hire One?” Stay tuned to hear answers directly from businesses that have already partnered with us.

See Related: Hire One Featured Story

Fellowship Opportunities at CSOSA

The Court Services and Offender Supervision Agency (CSOSA) is accepting applications for a fellowship program to provide new opportunities to people who have successfully completed a period of probation, parole, or supervised release. This program, similar to “Credible Messenger” efforts around the country, calls for the selected candidates to use their own life experiences to work with CSOSA’s supervision and treatment staff to assist offenders in a variety of ways, including goal-setting, social and emotional support, and decision-making. The program is part of a broader “Hire One” jobs initiative the agency launched in 2020 to better engage area employers.

We have extended the deadline and are now accepting applications through January 22, 2021 for five temporary positions (GS-3 or GS-4). The new hires will be with CSOSA for up to six months, with the possibility of one six-month extension. These paid positions are expected to help those selected for the program move forward with their own careers, while helping others. The object is more than just employment. CSOSA also hopes to provide these temporary employees with the opportunity to enhance their skills and obtain vocational certifications that private employers may need.

Through the First Step Act and other initiatives, the President has endeavored to make the transition from the justice system back into society smoother. This fellowship program, designed with support from the Office of Personnel Management, is consistent with that policy direction.

The job application can be accessed on USA Jobs at https://www.usajobs.gov/GetJob/ViewDetails/586643400.

Also see:  Fellowship Opportunities

Hire One

The Court Services and Offender Supervision Agency (CSOSA) has launched “Hire One,” a new campaign to directly connect area employers with a pool of talented people who are ready, able and eager to work: justice-involved men and women who hope to get a second chance.

The “Hire One” initiative aims to team employers with an untapped and under-utilized talent pool. CSOSA supervises thousands of people on probation, parole or supervised release in the District of Columbia. Gainful employment is the cornerstone of stability and growth. Too often those that have been justice-involved are marred by their past transgressions. The path towards redemption and restoration starts with an opportunity.

Businesses that have hired CSOSA referrals have praised the commitment and loyalty these new employees bring to the workplace. Now, in an expansion of its longstanding job placement efforts, CSOSA is asking area employers to commit to hiring one of the Agency’s referrals, confident that they’ll be asking for even more new candidates once they do.

“Our Agency has the talent pool, training resources and partnerships to provide employers with the right match,” said CSOSA Director Richard Tischner. “We have a proven track record of placing people in all kinds of work, with men and women of all skill levels. We will be partners throughout the ‘Hire One’ process and follow up afterwards to make sure all needs are met. The result is a win-win for everyone, benefiting the employer, the new hire, and the community.”

Director Tischner announced the program on October 1, at the annual conference of the D.C. chapter of the Society for Human Resource Management (SHRM). CSOSA has been working with SHRM and its nationwide “Getting Talent Back to Work” initiative. At the conference, CSOSA premiered a “Hire One” video as part of a panel discussion featuring some of its many partners.

The outreach to SHRM is part of a broader effort in which Director Tischner and other CSOSA leaders will meet with businesses throughout the D.C. area to recruit them into the program.

SHRM has been a leader in second chance hiring. In his keynote remarks to the conference, SHRM President and CEO Johnny C. Taylor, Jr., thanked the D.C. chapter’s HR professionals for the work they’ve already done on this issue, adding that it the cause is “near and dear to my heart.”

“We need great workers,” Mr. Taylor said, adding that “people make mistakes” and deserve another chance. “We know we can make a difference for our community, these individuals, and their families,” he said.

More information about CSOSA’s Hire One initiative can be found in a brochure, “Hire One: A Call to Action,” as well as in a one-page Hire One Fact Sheet. Questions also can be directed to Vocational Development Coordinator Tony Lewis at 202-369-0775 or tony.lewis@csosa.gov.

Hire One Contact

Hire One

HireOne Contact Form

Thank you for your interest in our efforts to Hire One.

We hope you will join CSOSA and hire one of the skilled and motivated people under our supervision.

Enter your information below to stay connected with CSOSA and receive your Hire One Toolkit!

If you would like additional information about Hire One, you may also contact Tony Lewis directly at (202) 369-0775 or tony.lewis@csosa.gov.

Hire One Contact

Hire One

HireOne Contact Form

Thank you for your interest in our efforts to Hire One.

We hope you will join CSOSA and hire one of the skilled and motivated people under our supervision.

Enter your information below to stay connected with CSOSA and receive your Hire One Toolkit!

If you would like additional information about Hire One, you may also contact Tony Lewis directly at (202) 369-0775 or tony.lewis@csosa.gov.

Fellowship Opportunities at CSOSA

CSOSA is now accepting applications for a fellowship program to provide new opportunities to people who have successfully completed a period of probation, parole, or supervised release. This program, similar to “Credible Messenger” efforts around the country, calls for the selected candidates to use their own life experiences to work with CSOSA’s supervision and treatment staff to assist offenders in a variety of ways, including goal-setting, social and emotional support, and decision-making. The program is part of a broader jobs initiative being launched by the agency, including a “Hire One” campaign that will be aimed at recruiting area employers.

A total of five temporary positions (GS-3 or GS-4) were created, and applications are being accepted through August 23, 2020. The new hires will be with CSOSA for up to six months, with the possibility of one six-month extension. These paid positions are expected to help those selected for the program move forward with their own careers, while helping others. The object is more than just employment. CSOSA also hopes to provide these temporary employees with the opportunity to enhance their skills and obtain vocational certifications that private employers may need.

Through the First Step Act and other initiatives, the President has endeavored to make the transition from the justice system back into society smoother. The fellowship program, designed with support from the Office of Personnel Management, is consistent with that policy direction.

The job application can be accessed on USA Jobs at https://www.usajobs.gov/GetJob/ViewDetails/575115700.

Also see:  Fellowship Opportunities

CSOSA'S Community Outreach Reaches Hundreds of People Online

The Court Services and Offender Supervision Agency (CSOSA) remains as dedicated as ever to community outreach throughout the pandemic, using its virtual Community Justice Advisory Network (CJAN) meetings to reach hundreds of District residents.

Since April, the Agency’s Intergovernmental and Community Affairs Specialists (ICAS) have held nine CJANs in collaboration with community partners including the U.S. Attorney’s Office for the District of Columbia, the D.C. Office of Human Rights, the D.C. Department of Employment Services and other D.C. government agencies.

The ICAS staff, part of the Office of Legislative, Intergovernmental and Public Affairs, proved that navigating the coronavirus pandemic through virtual CJANs can provide the community with resources while keeping people connected.

“CSOSA was proud to continue our CJAN meetings virtually during this unprecedented time in our city, using Zoom and Facebook Live,” said Supervisory ICAS Trina Stewart. “The virtual CJANs not only provided an outlet for us to stay connected with people in the community but to also gain new community partners along the way, while engaging current partners including the U.S. Census Bureau, D.C. Board of Elections and the Metropolitan Police Department.”

ICAS Christine Barron and ICAS LaToshia Butler initiated the virtual CJANs by launching a series focusing on empowering women involved in the criminal justice system, providing information about entrepreneurship, domestic violence, sexual assault, and citizenship rights. Other CJAN topics included the importance of mental health during the pandemic, navigating employment challenges, and bias crime awareness. A variety of guest speakers provided valuable insights at the sessions. The program on mental health, for example, included appearances by experts with the Psychiatric Institute of Washington and MBI Health Services, LLC.

“Virtual CJANS can help bring a sense of community to populations that are easily overlooked,” said ICAS Butler. “Because the Agency quickly responded by providing the necessary technology, we were able to meet the needs of our partners and the community.”

The virtual CJANs allowed participants to gain valuable information to assist them in navigating the new challenges of reentering society and avoiding recidivism, while maintaining a safe social distance. “Like many organizations, CSOSA unexpectedly began conducting some business virtually,” said Ms. Stewart. “The virtual CJANs exceeded expectations. We plan to continue engaging the community and our partners virtually beyond the pandemic.”

“CSOSA is finding new ways to foster community partnerships with organizations like Prestige Services to provide mental health services for the people we supervise,” said ICAS Barron. “It is our responsibility to practice social distancing and to make sure that we are doing our part to keep the community and staff safe and it is also our responsibility to find creative ways to stay connected with the community we serve.”

PPPS Week 2020

The American Probation and Parole Association (APPA) has declared July 19 to July 25, 2020, as Pretrial, Probation, and Parole Supervision Week (#PPPSWeek)! This annual celebration recognizes the great work done by community corrections professionals on a daily basis. Here, at CSOSA, we again join the APPA and a host of other agencies throughout the country in thanking the community corrections and supervision workforce. Every day, they work tirelessly to keep our communities safe and assist justice-involved individuals in their quest for successful reentry.

We are particularly grateful for our supervision workforce this year as they have readily adapted to changes in supervision as a result of the current health pandemic. “This year, especially, you have demonstrated great ingenuity and resolve in continuing our important work on behalf of the community we serve. You are giving the people we supervise opportunities to stay on the right path, and holding them accountable when they make choices that threaten public safety,” said CSOSA Director Richard Tischner.

On July 20, 2020, the Honorable Eleanor Holmes Norton, the District of Columbia’s Delegate to the House of Representatives, thanked the dedicated public servants who carry out community corrections and supervision services “for their commitment, compassion, and contributions to healthier and safer communities.” Norton noted that CSOSA and our sister agency, the Pretrial Services Agency for the District of Columbia (PSA), “are dedicated to reducing recidivism and enhancing public safety in the nation’s capital. CSOSA and PSA are recognized as model community supervision entities because of [our] use of evidence-based practices and community partnerships.”

District of Columbia Mayor Muriel Bowser issued a proclamation “salut[ing] those who have chosen this socially and civically important career.” Echoing Norton’s reference to the community partnerships forged by CSOSA, Bowser remarked that “community supervision agencies are valuable partners of DC government agencies, non-profits, neighborhood-based groups, and all who strive to make our nation safer and stronger.”

To all of CSOSA’s Community Supervision Officers and to the Pretrial Supervision Officers of our sister agency, PSA, we salute you for your unceasing efforts to positively impact public safety in the District of Columbia. We also thank all of our staff, who make it possible for our supervision officers to effectively enhance public safety for those who visit, work, and live in this city.