Notable incident response requirements outlined in the CJIS Security Policy include the following:

• Incident Response Plan (IRP): Agencies are required to develop and maintain an Incident Response Plan that outlines the procedures, roles, and responsibilities for responding to security incidents involving CJIS data. The plan should include incident identification, containment, eradication, recovery, and lessons learned.
• Incident Reporting: Agencies must promptly report security incidents involving CJIS data to the FBI CJIS Division's Information Security Officer (ISO). The reporting should include details about the incident, the affected systems, the potential impact, and any actions taken or planned to mitigate the incident.
• Incident Handling and Investigation: Agencies are responsible for promptly initiating appropriate actions to contain and investigate security incidents. This includes preserving evidence, identifying the root cause, and implementing measures to prevent recurrence.
• Reporting Requirements: Agencies must report specific categories of security incidents to the CJIS ISO within a specified timeframe. The types of incidents subject to reporting may include unauthorized access, data breaches, malware infections, system compromises, or any incident that poses a significant risk to CJIS data.
• Incident Response Training and Exercises: Agencies are required to provide incident response training to personnel involved in the handling, reporting, and investigation of security incidents. Regular exercises and drills should be conducted to test the effectiveness of the incident response plan and improve incident response capabilities.
• Incident Documentation and Retention: Agencies must maintain accurate and detailed documentation of security incidents, including incident reports, investigative findings, remediation actions, and lessons learned. Incident documentation should be retained for a specified period as defined by agency policies and legal requirements.
• Coordination with CJIS ISO: Agencies must collaborate and cooperate with the CJIS ISO during incident response activities. This includes providing requested information, participating in investigations, and following guidance provided by the CJIS ISO.

It's important to note that the specific incident response requirements within the CJIS Security Policy may vary based on the version of the policy and any additional guidance provided by the FBI CJIS Division. Agencies should regularly review the policy and stay updated on any revisions or guidance issued by the CJIS Division to ensure compliance with incident response requirements.

We Provide a Full Life Cycle of Solutions for FBI CJIS Policy Compliance

• Gap Assessments
• Policies and Procedures Writing
• Independent CJIS Security Assessments
• CJIS Specific Continuous Monitoring Programs