Access Controls

• Implement strict access controls to ensure only authorized personnel can access criminal justice information (CJI).
• Assign unique user IDs to individuals with access privileges.
• Enforce strong password policies and multi-factor authentication (MFA) for secure access.

Background Checks

• Conduct thorough background checks on personnel who will have access to CJI.
• Ensure that all personnel with access have undergone appropriate criminal history checks.

Data Encryption

• Encrypt CJI both at rest and in transit to prevent unauthorized access or breaches.
• Utilize strong encryption algorithms to protect sensitive information.

Auditing and Logging

• Implement robust auditing mechanisms to track and monitor access to CJI.
• Maintain comprehensive logs of access activities, including date, time, and user details.

Physical Security

• Safeguard physical access to systems and facilities housing CJI through access controls, surveillance, and monitoring.
• Restrict unauthorized personnel from entering secure areas.

Training and Awareness

• Provide comprehensive training to personnel with access to CJI on CJIS policies, security practices, and their responsibilities.
• Ensure employees are aware of the importance of maintaining the confidentiality and integrity of CJI.

Incident Response

• Develop a robust incident response plan to address security breaches promptly and effectively.
• Define procedures for reporting security incidents to law enforcement agencies and appropriate authorities.

Secure Communication

• Use secure communication channels and protocols when transmitting CJI.
• Ensure that data shared internally and externally is encrypted to prevent interception.

Data Retention and Disposal

• Abide by CJIS retention and disposal requirements for CJI.
• Ensure secure deletion of data and proper disposal of physical media.

Network Security

• Implement firewalls, intrusion detection/prevention systems, and anti-malware solutions to protect network infrastructure.
• Regularly update and patch software to address vulnerabilities.

Vendor Management

• Ensure that third-party vendors and partners who handle CJI adhere to CJIS security policies.
• Establish contracts that stipulate compliance with CJIS requirements.

Periodic Audits and Assessments

• Conduct regular internal audits to assess compliance with CJIS policies and procedures.
• Engage third-party auditors for independent assessments to identify gaps and vulnerabilities.

User Termination Procedures

• Develop procedures to promptly revoke access for personnel who no longer require access to CJI due to termination or role changes.
• Ensure terminated users cannot access CJI after their departure.

Mobile Device Security

• Secure mobile devices that have access to CJI with strong authentication and encryption.
• Implement remote wipe capabilities for lost or stolen devices.

Physical Media Security

• Protect physical media containing CJI through secure storage and controlled access.
• Encrypt portable media used to transport CJI.

Policy Documentation

• Document all CJIS-related policies, procedures, and practices.
• Maintain up-to-date records of compliance efforts and audits.

By adhering to these requirements, contractors can ensure they are in full compliance with the FBI CJIS Security Policy, thereby contributing to the secure handling, sharing, and management of criminal justice information.

We Provide a Full Life Cycle of Solutions for FBI CJIS Policy Compliance

• Gap Assessments
• Policies and Procedures Writing
• Independent CJIS Security Assessments
• CJIS Specific Continuous Monitoring Programs