CJIS Security Policy Compliance

Know what you need to do to comply with the Criminal Justice Information Security Policy

Law enforcement agencies need timely and secure access to criminal justice information wherever and whenever it is needed. If you handle victim and criminal information, you need to be compliant with the FBI’s Criminal Justice Information Services (CJIS) Security Policy.

Allowing Criminal Justice Information (CJI) to flow freely while keeping it from falling into the wrong hands can be challenging. This information is not only private, but it's valuable to a criminal who may sell it to other criminals, use it as a ransom, or manipulate the data for other criminal activities. Failing to protect criminal justice information can provide rich pickings for all sorts of criminals, cause problems for individuals, and expose the agency who failed to protect it to administrative sanctions, litigation, and state and federal penalties.

To ensure that criminal justice information does not end up in the wrong hands, and to help agencies to better protect the confidential data they control, the FBI enacted the Criminal Justice Information Services (CJIS) Security Policy. The goal of the CJIS Security Policy is to minimize criminal and terrorist activities by maximizing the capability to provide critical criminal justice information to the FBI and local law enforcement.

The CJIS Security Policy sets the minimum level of security requirements for any organization accessing the data, while providing guidelines and agreements to protect the transmission, storage and generation of criminal justice information. The security policy provides guidance for the creation, viewing, modifying, transmitting, disseminating, storing, and destruction of CJI. Compliance with the CJIS Security Policy is mandatory.

Don't Go It Alone

The FBI's CJIS Security Policy can be confusing and difficult to navigate.

Trying to comply with all the mandates yourself can be risky. Depending on your circumstances, working with an outside vendor may also be a requirement. Let us assist you with the process and help ensure your criminal justice information remains secure. Our CJIS security solutions include:

  • CJIS Readiness Assessments
  • CJIS Gap Analysis
  • Penetration Testing, Vulnerability Assessments & Social Engineering
  • Application & Database Vulnerability Testing
  • Policy Development
  • Employee Security Awareness Training
  • 24X7 Managed Security Services & SIEM
  • Risk Management
  • IT Audit
  • Incident Response, Disaster Recovery, Business Continuity Planning

We will help you refine your security programs according to your specific risks, needs, budget, and resource constraints, while ensuring your compliance with the requirements set forth in the CJIS Security Policy. Contact us today.