If you have any involvement with government entities and operations, chances are you’ve heard of CJIS compliance. It’s the largest division of the FBI and the primary source of information and services for all law enforcement, national security, and intelligence community partners. And, most importantly to us at Imprivata, it’s what keeps government agencies safe from suspicious cyber activity and digital threats. CJIS released a Security Policy that outlines 13 policy areas all government agencies should follow to stay compliant and protected from hackers with malintent. Let’s take a deeper look at what CJIS is, the role it plays within government cybersecurity, and how the 13 CJIS Security Policy areas help maintain compliance within government institutions.
CJIS compliance is an important compliance standard for law enforcement at the local, state, and federal levels, and is designed to ensure data security in law enforcement. The Criminal Justice Information Services Division is the largest division of the Federal Bureau of Investigation. CJIS provides a centralized source of criminal justice data to agencies and authorized third parties throughout the United States. It encompasses several key departments, including the National Crime Information Center (NCIC), the National Instant Criminal Background Check System (NICS), and the Integrated Automated Fingerprint Identification System (IAFIS). Government entities that access or manage sensitive information from the US Justice Department need to ensure that their processes and systems comply with CJIS policies for wireless networking, data encryption, and remote access, especially since phishing, malware, and hacked VPNs or credentials are the most common attack vectors used to hack into government networks. The CJIS compliance requirements help proactively defend against these attack methods and protect national security (and citizens) from cyber threats. Because of this, CJIS compliance is one of the most comprehensive and stringent cybersecurity standards. Failure to comply with it can result in denial of access to any FBI database or CJIS system, along with fines and even criminal charges. Knowing the various policy areas and how to best approach them is the first step to making sure your government entity is adhering to the CJIS Security Policy guidelines.
To protect criminal justice information, the FBI created the CJIS Security Policy document - a hefty 230-page read - that defines implementation requirements and standards for the following 13 security policy areas: