What is CJIS and What Organizations Does it Affect?
Criminal Justice Information Services (CJIS) is a joint program of the FBI, State Identification Bureaus, and CJIS Systems Agency. This federal program outlines the security precautions that must be taken to protect sensitive data including fingerprints and criminal background information gathered by local, state, and federal criminal justice and law enforcement agencies. The CJIS security policy provides specific requirements for wireless networks, remote access, encryption, and more. This impacts local, state, and federal law enforcement agencies accessing CJIS information.
What CJIS Requires
Federal regulation and CJIS policies require that best practices are adhered to for wireless networks, remote access, data encryption, and multi-factor authentication. Some of the requirements include:
Designation of an individual or position to review and analyze information system audit records.
Event logging/tracking of various login activities, including password changes.
Weekly audit reviews.
Active account management moderation.
Storage of records for a minimum of one year.
Access restriction based on job assignment, time of day, network address, and physical location.
Training of employees regarding security requirements.
An audit is conducted by the FBI CJIS Division at least once every three years of local, state, and federal law enforcement agencies accessing CJIS information. A best practice is to conduct an annual, third-party audit to assure continued compliance with all regulations. You can learn more about CJIS security requirements here.
Dox is Your Answer to CJIS Regulation Compliance
When it comes to CJIS regulation compliance, you need an experienced partner who can answer all of your questions. Dox will lead your organization through the necessary security assessments from pen testing and annual audits to ensure your security is up to par. Should we discover any issues with your organization’s security that could threaten your CJIS compliance, we provide security solutions to address every issue we find. With Dox, you can feel confident your law enforcement agency will be ready for CJIS regulation compliance.
The Clock is Ticking on CJIS Regulation Compliance
Regular, third-party audits are required for CJIS compliance. If you need to schedule a security assessment or independent third-party audit of your business to meet the CJIS requirements, please contact us and we will reach out to you as soon as possible.