By ProTelesis Corporation | ProTelesis Blog
Government agencies in Davis County, Utah are running on a compliance clock that resets every fiscal year — and the technology bar keeps moving with it. County departments, the six largest cities, public-safety answering points, courts, and special service districts no longer just need working email and a help desk. They need CJIS-compliant network controls for law-enforcement data, IRS Publication 1075 safeguards for tax information, StateRAMP-authorized cloud, audit-ready cybersecurity, and a managed services partner that can prove all of it to a state auditor on demand.
ProTelesis is a managed services provider, systems integrator, and carrier-class communications partner with an established footing in Utah and an engineering base in the Salt Lake City metro. We support government agencies across Layton, Bountiful, Farmington, Clearfield, Syracuse, and Kaysville — and the smaller municipalities and districts in between — with a portfolio built specifically for the public sector’s regulatory, budget, and public-trust realities. Below is a regional view of what’s changed, the variables every Davis County agency should be tracking, and how ProTelesis maps managed IT to the mission.
What Changed: Why Government IT in Davis County Looks Nothing Like It Did Five Years Ago
Davis County is the third-most-populous county in Utah and one of the fastest-growing corridors along the Wasatch Front. That growth — more residents, more permits, more 911 calls, more digital services — has collided with a threat environment that now treats local government as a primary target. Several forces have reshaped the technology demand curve at once.
Ransomware and cyberattacks moved downstream to local government
State, county, and municipal governments are now among the most-targeted organizations for ransomware in the United States, according to repeated advisories from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC). Attackers know that a city or county holds sensitive resident data, runs life-safety systems, and often operates on aging infrastructure with thin internal IT staffing. A single encrypted server can take utility billing, court records, or dispatch offline — which is exactly why cyber insurance carriers and state auditors now demand documented controls.
Utah went “whole-of-state” on cybersecurity
Utah operates a coordinated, statewide approach to cybersecurity through the Utah Department of Government Operations / Division of Technology Services and the state’s Utah Cyber Center, which shares threat intelligence, incident-response support, and security standards down to county and city governments. For a Davis County agency, that means the security expectations placed on your environment increasingly mirror state-level standards — and your vendors are expected to meet them too.
Residents now expect digital-first service
Permitting, utility payments, records requests, court interactions, and public-meeting access have all moved online. That shift raises the stakes on uptime, payment security (PCI DSS), web accessibility under Section 508 / WCAG and the 2024 DOJ ADA Title II web rule, and the secure handling of every form a resident submits. Citizen-facing digital services are now a core government function, not a convenience.
Hybrid work and cloud migration changed the perimeter
Inspectors, caseworkers, public-health staff, and administrators increasingly work from the field or from home, while core applications move to the cloud. The old “everything sits in the basement of the county building” model is gone. Government networks now need Zero Trust access, hardened identity, and consistent security policy whether a user is at a desk in Farmington or a laptop at a job site in Syracuse.
Grant funding made cybersecurity affordable — temporarily
The federal State and Local Cybersecurity Grant Program (SLCGP), administered by CISA and FEMA and passed through the State of Utah, has put real dollars behind local-government security upgrades. But grant windows, match requirements, and approved-project rules change year to year — and the agencies that benefit most are the ones with a partner who can scope a fundable, audit-ready project before the application deadline.
The Compliance Landscape Davis County Agencies Must Navigate
Unlike a commercial business, a government agency answers to a stack of overlapping mandates — often several at once, depending on which departments share a network. These are the frameworks that drive most public-sector IT budget conversations in Davis County.
CJIS Security Policy
Any agency that touches Criminal Justice Information — police departments, sheriff’s offices, courts, dispatch, and any city or county system that queries state or NCIC databases — must comply with the FBI’s CJIS Security Policy. Recent versions phase in stricter requirements including multi-factor authentication for access to criminal-justice data, advanced encryption (FIPS 140-validated), detailed audit logging, personnel screening, and incident response. CJIS is the single most common reason a Davis County public-safety agency calls a managed services provider.
IRS Publication 1075
Agencies that receive Federal Tax Information (FTI) — typically treasurers, assessors, collections, and certain human-services functions — must protect it under IRS Publication 1075. Pub 1075 maps to NIST SP 800-53 controls and carries its own safeguard-review and reporting obligations. When FTI shares a network with other workloads, the entire environment can be pulled into scope.
StateRAMP and FedRAMP for cloud services
StateRAMP provides a standardized way for state and local governments to verify that a cloud provider meets a recognized security baseline — the public-sector analog to FedRAMP. As Davis County agencies move records, GIS, finance, and public-safety systems to the cloud, the question shifts from “is it convenient?” to “is it authorized?” ProTelesis helps agencies evaluate and architect around StateRAMP- and FedRAMP-authorized platforms.
NIST SP 800-53 and the NIST Cybersecurity Framework
NIST SP 800-53 is the underlying control catalog beneath most government requirements, and the NIST Cybersecurity Framework (CSF) 2.0, released in 2024, has become the common language agencies use to organize and report their security posture. Many Utah local governments now structure security programs and grant applications around the CSF’s Govern, Identify, Protect, Detect, Respond, and Recover functions.
Utah GRAMA and public-records retention
The Government Records Access and Management Act (GRAMA) governs how Utah agencies classify, retain, produce, and protect public records. Email archiving, document management, body-worn-camera and dispatch-audio retention, and defensible deletion all have to satisfy GRAMA — which makes records infrastructure a security and compliance problem, not just a storage one.
Layer election security guidance, PCI DSS for resident payments, HIPAA for county health and human-services functions, and CISA’s emergency-communications standards on top, and the picture is clear: a Davis County agency is rarely subject to one framework. It’s subject to a moving overlap of several.
The Variables Every Davis County Agency Should Be Tracking
The public-sector technology landscape doesn’t sit still between budget cycles. These are the variables we coach Davis County government clients to keep on the radar.
Shifting compliance deadlines
CJIS policy revisions, the NIST 800-53 / 800-171 control updates, and StateRAMP baseline changes all arrive on their own schedules. A control that was “recommended” last year can become “required” this year — particularly multi-factor authentication, encryption standards, and continuous logging. Agencies that treat compliance as a one-time project fall out of alignment fast; the ones that stay current treat it as a managed, continuous program.
Grant cycles and match requirements
SLCGP and other state and federal cybersecurity grants change eligible-project lists, cost-share percentages, and deadlines annually. The difference between a funded upgrade and a deferred one is usually whether the agency had a scoped, defensible project ready when the window opened.
Election security and public trust
County clerks and election offices operate under intense scrutiny and specific CISA election-infrastructure guidance. Network segmentation, endpoint integrity, access logging, and tested incident response aren’t optional in this environment — they’re part of maintaining public confidence in the result.
AI, records, and new data-governance questions
Generative AI tools are entering government workflows quickly. That raises fresh questions about what data can be entered into which tool, how AI-assisted records are classified under GRAMA, and how to prevent sensitive or criminal-justice data from leaking into unsanctioned services. Data-loss prevention and clear acceptable-use policy now matter as much as firewalls.
Cyber-insurance underwriting
Cyber-liability carriers now require MFA, EDR, tested backups, email security, and documented incident-response plans before they’ll bind or renew a government policy — often at the same level a state auditor would expect. The control questionnaire has effectively become a second compliance framework.
Aging infrastructure and staffing gaps
Many Davis County agencies run lean internal IT teams managing a mix of legacy and modern systems. Recruiting and retaining specialized security engineers on a government pay scale is genuinely hard — which is precisely the gap a managed services partner is built to fill.
How ProTelesis Maps Services to the Mission
ProTelesis aligns its public-sector portfolio to the frameworks, threats, and audit obligations that define government work in Davis County — delivered and supported from our Salt Lake City metro engineering base. Behind each service is a deliberately chosen set of platforms, selected for one reason: they produce both the protection and the audit evidence a government environment is required to show. Where a specific tool does the work, we’ve named it so your team knows exactly what is guarding the environment.
Managed Cybersecurity (24×7 SOC, MDR, SIEM)
The mandate: CJIS audit logging and incident response, NIST 800-53 control families AC, AU, IR, and SI, and cyber-insurance continuous-monitoring requirements.
- 24×7 Managed Detection & Response (MDR) with endpoint detection across endpoints, servers, and identity
- Continuous log collection and retention through Kaseya SIEM, sized to the CJIS and IRS 1075 evidence requirements an auditor will ask to see
- Microsoft 365 tenant monitoring with SaaS Alerts to catch unauthorized logins, privilege escalations, and data exfiltration the moment they happen
- Email security and anti-phishing with INKY, which intercepts the credential-theft and impersonation attempts behind most government breaches
- Ongoing vulnerability scanning with VulScan and independent network penetration testing through Vonahi vPenTest — the outside validation CJIS audits and cyber-insurers increasingly require
- Incident-response playbooks aligned to CISA, MS-ISAC, and the Utah Cyber Center reporting expectations
Backup, Continuity & Ransomware Recovery
The mandate: Ransomware now targets local government directly, and GRAMA requires that public records survive. Recovery has to be measured in hours, not weeks.
- Image-based server backup with near-instant local and cloud failover through Datto BCDR (Datto Continuity), so an encrypted server doesn’t take billing, dispatch, or court records offline
- Microsoft 365 backup with Datto SaaS Protection — every user’s mailbox, OneDrive, SharePoint, and Teams data preserved independently of Microsoft’s own retention
- Field-device protection with Datto Endpoint Backup, so a lost or compromised inspector or caseworker laptop never means lost public records
- Tested restores and retention schedules aligned to GRAMA records obligations and audit expectations
Network Engineering & CJIS-Grade Segmentation
The mandate: Logical separation of criminal-justice, tax, health, and general-government workloads, with FIPS-validated encryption wherever protected data moves.
- Segmented LAN/VLAN architectures isolating CJIS, FTI, and PHI systems from general traffic
- Next-generation firewalls with IDS/IPS and DNS-layer filtering at every facility
- SD-WAN with validated encryption connecting city halls, public-works yards, libraries, and remote field offices
- Zero Trust Network Access for inspectors, caseworkers, and hybrid staff outside the trusted enclave
Compliance-Ready Managed IT
The mandate: Documentation an auditor can actually trace — policies that match the live environment, not a binder on a shelf.
- Managed Microsoft 365 GCC deployments with conditional access, MFA enforcement, and DLP for protected data
- Hardened endpoint baselines (CIS Benchmarks) maintained and monitored through Datto RMM, with patch management, asset inventory, and configuration-drift detection mapped to NIST 800-53 families
- Automated environment discovery and documentation with Network Detective Pro, keeping asset inventories and risk reports current between audits
- Control mapping, evidence collection, and audit reporting through Compliance Manager GRC, aligned to CJIS, IRS 1075, and the NIST Cybersecurity Framework
- Security documentation, control-evidence support, and assessment-readiness coaching ahead of state safeguard and CJIS audits
- SLCGP grant-scoping support so security projects are fundable and defensible
Secure Communications, 911 & Collaboration
The mandate: Reliable, survivable voice and video for agencies where a dropped call can be a public-safety event.
- Hosted UC and SIP trunking with carrier diversity and survivability for mission-critical voice — see our deep-dive on SIP trunking and carrier redundancy
- E911 and emergency notification compliant with Kari’s Law and RAY BAUM’s Act across multi-building campuses
- Council-chamber and courtroom AV with audit-friendly device management — see our enterprise AV deep-dive
- Secure collaboration aligned to government cloud where protected data is in scope
Structured Cabling, Physical Security & Field Services
The mandate: The physical layer behind every camera, badge reader, and dispatch console.
- BICSI-aligned Cat 6A and fiber backbone design, installation, and certification
- IP video surveillance, access control, and intrusion detection that don’t compromise the data network
- Body-worn-camera and dispatch-audio storage architected for GRAMA retention
- Pre-construction IT scoping for new public buildings, public-safety facilities, and remodels
Serving Davis County’s Government, County Seat to City Hall
Government work in Davis County isn’t monolithic — each jurisdiction carries a different mix of departments, data, and obligations. Our delivery teams plan engagements accordingly.
Farmington — County Seat & Countywide Agencies
As the Davis County seat, Farmington concentrates countywide functions — the courts, assessor and treasurer offices handling FTI, the county sheriff and jail, elections, and health and human services. These environments routinely overlap CJIS, IRS 1075, HIPAA, and GRAMA on shared infrastructure, making segmentation and documentation the central engineering challenge.
Layton — The County’s Largest City
Layton is the most populous city in Davis County, with a full municipal stack: police, fire, public works, utility billing, parks, and a busy permitting and business-licensing operation. Engagements here typically blend CJIS-grade public-safety networking, PCI-secure resident payments, and resilient citizen-facing digital services.
Clearfield — Public Safety & Municipal Operations
Clearfield’s municipal and public-safety operations sit alongside one of the county’s densest industrial corridors. City IT work tends toward network segmentation, surveillance and access-control integration, and hardened connectivity between city facilities.
Bountiful — Established City Services & Municipal Power
Bountiful operates a deep set of long-standing city services, including its own municipal power utility. That mix raises the bar on operational-technology security, billing-system protection, and reliable communications across utility, public-works, and administrative networks.
Syracuse — Rapid Growth on the West Side
Syracuse is one of the fastest-growing cities in the county, standing up new facilities and expanding services to keep pace. ProTelesis is frequently engaged at the pre-construction phase — scoping cabling, wireless, security, and CJIS-ready architecture before slabs are poured, so compliance is built in rather than retrofitted.
Kaysville & the Smaller Municipalities
Kaysville, Centerville, North Salt Lake, Woods Cross, Clinton, Fruit Heights, and the county’s special service districts often run the leanest IT teams of all — which makes a managed partner the most cost-effective route to MFA, EDR, tested backups, and audit-ready documentation without hiring a full security staff.
What “Audit-Ready” Looks Like Six Months In
Use-case spotlight — a representative Davis County engagement.
The challenge: A Davis County municipality runs a flat network shared by its police department, utility billing, and general administration. A cyber-insurance renewal questionnaire and an upcoming CJIS audit both demand MFA, network segmentation, EDR, log retention, and a documented incident-response plan. Internal IT is two generalists who keep the lights on but have never been through a CJIS audit.
The first 90 days: Asset inventory and data-flow mapping to identify exactly where criminal-justice information and resident payment data live. Re-architecture into segmented enclaves isolating the police network. MFA enforced on every identity, EDR deployed to every endpoint, and conditional access blocking legacy authentication. Email security and DLP layered on to catch phishing and prevent data leakage.
By month six: 24×7 MDR live with SIEM log retention sized to CJIS requirements. A written incident-response plan tested in a tabletop exercise and documented. Security policies aligned to the NIST Cybersecurity Framework. The cyber-insurance questionnaire answered “yes” down the line — and the CJIS auditor handed evidence instead of explanations.
The outcome: The renewal binds at a better rate, the audit passes, and the city has a managed program that stays current as the next policy revision lands — rather than a project that’s already aging out.
Why a Salt Lake City-Based MSP Matters for Davis County Government
Public-sector work runs on accountability, response time, and the ability to show up in person when something breaks. ProTelesis maintains regional engineering and field-services presence across the Wasatch Front — Salt Lake, Davis, and Weber counties — with response windows measured in hours, not next-business-day. We understand the badge requirements at a public-safety facility, the records obligations of a county clerk, and the budget realities of a fiscal-year procurement cycle.
For the work that belongs off-site — 24×7 SOC monitoring, after-hours patching, weekend cutovers — we operate the platforms ourselves rather than reselling another provider’s NOC. When a ransomware alert fires at 2 a.m. on a dispatch network, that ownership is the difference between a contained incident and a front-page one. ProTelesis also supports the broader Davis County economy, including the Hill Air Force Base defense contractor base, giving our Utah team rare depth in the compliance frameworks that government and defense work share.
Schedule a Government IT & Compliance Conversation
If you run technology for a Davis County agency — in Farmington, Layton, Clearfield, Bountiful, Syracuse, Kaysville, or a smaller municipality or district — and a CJIS audit, a cyber-insurance renewal, or an SLCGP grant deadline is on your calendar, this is the conversation we have every week.Schedule a Consultation
ProTelesis is a managed services provider, systems integrator, and carrier-class communications partner serving organizations across Utah, California, Arizona, and the broader western United States from a Salt Lake City metro base. Our Utah team supports county, municipal, and public-safety agencies across Davis County and the Wasatch Front with managed cybersecurity, CJIS- and IRS 1075-aligned network engineering, structured cabling, secure unified communications, and compliance-ready managed IT.
Frequently Asked Questions: IT & Cybersecurity for Government Agencies in Davis County, Utah
What IT and cybersecurity services do government agencies in Davis County, Utah need?
Government agencies in Davis County, Utah — counties, cities, courts, and public-safety departments — typically need a layered managed IT and cybersecurity portfolio built for public-sector compliance. This includes 24×7 Managed Detection and Response (MDR) with endpoint detection, SIEM log retention for audit evidence, CJIS-grade network segmentation isolating criminal-justice data, FIPS-validated encryption, multi-factor authentication on all identities, documented incident-response plans, and records infrastructure that satisfies Utah’s GRAMA retention rules. ProTelesis delivers these as a single managed-services portfolio from a Salt Lake City base.
What is CJIS compliance and which Davis County agencies need it?
CJIS compliance means meeting the FBI’s Criminal Justice Information Services (CJIS) Security Policy, which governs how agencies protect criminal-justice data such as queries to state and NCIC databases. In Davis County, Utah it applies to police departments, the county sheriff, courts, dispatch centers, and any city or county system that touches criminal-justice information. The policy requires multi-factor authentication, advanced encryption, detailed audit logging, personnel screening, and incident response. ProTelesis architects CJIS-aligned networks and security controls for public-safety agencies across Davis County.
What is IRS Publication 1075 and how does it affect county governments?
IRS Publication 1075 is the U.S. Internal Revenue Service standard that defines how agencies must safeguard Federal Tax Information (FTI). It maps to NIST SP 800-53 controls and carries its own safeguard-review and reporting obligations. County treasurers, assessors, collections, and certain human-services functions in Davis County, Utah commonly receive FTI, and when that data shares a network with other workloads the entire environment can fall into scope. ProTelesis designs segmented, documented environments so FTI safeguards are auditable and contained.
What is StateRAMP and why does it matter for Utah local government?
StateRAMP is a standardized program that verifies cloud service providers meet a recognized security baseline for state and local government — the public-sector counterpart to the federal FedRAMP program. As Davis County, Utah agencies move records, finance, GIS, and public-safety systems to the cloud, StateRAMP authorization helps confirm a platform is secure enough for government data. ProTelesis helps agencies evaluate and architect around StateRAMP- and FedRAMP-authorized cloud services.
How has the cybersecurity landscape changed for local government in Utah?
Local government in Utah has become a primary target for ransomware and cyberattacks, prompting a coordinated, whole-of-state response through the Utah Cyber Center and the state’s Division of Technology Services. At the same time, residents expect digital-first services, staff work hybrid, systems move to the cloud, and cyber-insurance carriers and auditors now demand documented controls like multi-factor authentication, endpoint detection, and tested backups. Federal funding through the State and Local Cybersecurity Grant Program (SLCGP) has helped agencies modernize. ProTelesis helps Davis County agencies meet these shifting expectations as a continuous managed program.
What is the State and Local Cybersecurity Grant Program (SLCGP)?
The State and Local Cybersecurity Grant Program (SLCGP) is a U.S. federal grant program administered by CISA and FEMA and passed through each state to fund cybersecurity improvements for local governments. In Utah, county, city, and special-district agencies can use SLCGP funding for eligible projects such as multi-factor authentication, endpoint detection, security assessments, and planning. Eligible-project lists, cost-share requirements, and deadlines change annually. ProTelesis helps Davis County agencies scope fundable, audit-ready projects before grant windows close.
What is GRAMA and how does it affect government IT in Utah?
GRAMA — the Government Records Access and Management Act — is the Utah law that governs how state and local agencies classify, retain, produce, and protect public records. It affects email archiving, document management, body-worn-camera and dispatch-audio storage, and defensible deletion, which makes records infrastructure both a compliance and a security responsibility. ProTelesis architects records and storage systems for Davis County agencies that satisfy GRAMA retention while keeping sensitive data protected.
Does ProTelesis serve government agencies in Layton, Clearfield, Bountiful, Farmington, Syracuse, and Kaysville?
Yes. ProTelesis serves government agencies across Davis County, Utah — including Farmington (the county seat), Layton, Clearfield, Bountiful, Syracuse, Kaysville, and smaller municipalities and special service districts — with managed IT, cybersecurity, CJIS-grade network engineering, structured cabling, and secure unified communications. With a Salt Lake City metro engineering base, ProTelesis maintains regional field-services presence across the Wasatch Front with response windows measured in hours.
Why should a government agency hire a managed services provider instead of building an internal IT team?
Government agencies hire a managed services provider (MSP) because public-sector compliance now requires 24×7 monitoring, audit-grade logging, rapid incident response, and specialized security engineering that are operationally expensive and hard to staff on a government pay scale. An MSP like ProTelesis delivers continuous cybersecurity, compliance documentation, and field support as a predictable managed service — filling the staffing gap many Davis County, Utah agencies face while keeping pace with changing CJIS, NIST, and StateRAMP requirements.
How does ProTelesis help Davis County agencies pass cyber-insurance and compliance audits?
ProTelesis prepares Davis County, Utah agencies for cyber-insurance underwriting and compliance audits by implementing and documenting the exact controls reviewers ask for — multi-factor authentication, endpoint detection and response (EDR), network segmentation, SIEM log retention, tested backups, and a written, exercised incident-response plan aligned to the NIST Cybersecurity Framework. Because the controls are managed continuously rather than configured once, agencies walk into a CJIS audit or insurance renewal with evidence in hand. ProTelesis delivers this as part of a single regional managed-services portfolio.