In the process of stopping and reducing crime, law enforcement authorities often require timely and secure access to data. In order to facilitate this process, the Advisory Policy Board (APB) recommended the FBI that the Criminal Justice Information Services (CJIS) division be authorized to expand the existing security management structure in 1998. Following the expansions made, CJIS security policy contains information security guidelines, compliance requirements, and agreements that reflect the will of the criminal justice agencies and law enforcement agencies for protecting the transmission, sources, generation and storage of criminal justice information. Furthermore, the Federal Information Security Management Act of 2002 provides further basis for APB approved management, technical and operational security requirements mandated to protect CJI (Criminal Justice Information).
What is CJIS Compliance?
CJI applies to every individual including private entities, contractors, members of a criminal justice entity or non-criminal justice agency representatives with access to, or who operate in support of, criminal justice services and information. The basic premise of the CJIS Compliance security policy is to provide full support to protect the full lifecycle of CJI, whether in transit or in rest. The security policy provides guidance for the creation, viewing, modifying, transmitting, disseminating, storing as well as the destruction of CJI. The policy integrates the presidential directives, FBI directives, federal laws, APB decisions along with guidance from the National Institute of Standards and Technology.
The security policy helps to strengthen the partnership between CJIS Systems Agencies (CSA) and FBI. CJIS Compliance security policy is very important against the backdrop of increasing use of criminal history record information for noncriminal justice, CJIS guides the State compact officers and National Crime Prevention and Privacy Compact council in securely exchanging criminal justice records.
There are 12 policy areas that we will discuss in detail in this blog series and understand them and it is worth noting that not every consumer of FBI CJIS will encounter all of the policy areas. The circumstances of applicability are based on individual entity/agency configurations and usage. The policy areas are:
- Policy Area 1—Information Exchange Agreements
- Policy Area 2—Security Awareness Training
- Policy Area 3—Incident Response
- Policy Area 4—Auditing and Accountability
- Policy Area 5—Access Control
- Policy Area 6—Identification and Authentication
- Policy Area 7—Configuration Management
- Policy Area 8—Media Protection
- Policy Area 9—Physical Protection
- Policy Area 10—Systems and Communications Protection and Information Integrity
- Policy Area 11—Formal Audits
- Policy Area 12—Personnel Security
DoubleHorn is a leading Cloud Solutions Provider founded in January. We, along with our strategic partners are able to design and offer CJIS Compliance capable solutions. We were awarded the Cloud Services Contract for the State of Texas (DIR-TSO-2518) and Oklahoma (ITSW1022D) covering Cloud Services Brokerage, Cloud Assessment and Cloud Infrastructure-as-a-Service (IaaS). Contact us for a complimentary initial assessment.