National Forensic Interviewers Week is coming! Nominate today →

What is CJIS compliance? Find out in this exclusive guide for IT directors.

Safeguarding sensitive information is paramount in criminal justice. At the heart of this effort lies the Criminal Justice Information Services (CJIS), a set of rigorous standards established by the Federal Bureau of Investigations (FBI). CJIS Compliance is not just a bureaucratic checklist; it’s a dynamic process that involves federal, state, and local agencies collaborating seamlessly to uphold the integrity of criminal justice data.

What is CJIS compliance?

CJIS, or the Criminal Justice Information Services, is a set of security standards and procedures set forth by the FBI for criminal justice agencies and organizations. It provides regulations directing the safe transmission, storage, and security of criminal justice information (CJI).

The CJIS is the largest division of the FBI and a centralized source of criminal justice information (CJI)  for state, local, and federal law enforcement and criminal justice agencies and authorized third parties. To ensure the protection of this information, including fingerprint records, criminal histories, and other pertinent sensitive data, the FBI created the CJIS Security Policy document — a set of guidelines and regulations that agencies utilizing criminal justice information, and the vendors that work with them, must adhere to in order to meet the security requirements of handling protected information.

CJIS compliance in action

CJIS regulations are set in place by FBI working groups and then are enacted at the state law enforcement level. It is the responsibility of the state’s information security officer to make sure all law enforcement agencies within the state are compliant.

Every three years, police departments, sheriff departments, and state law enforcement agencies are audited by the information security officer team at the state level.

Having a trusted partner in place to support your digital evidence management adds an extra layer of security for you, knowing that your team is storing evidence in a secure location that supports the administration of criminal justice.

Implementing CJIS security policy

CJIS compliance is the primary responsibility of an IT director with a District Attorney’s office. This involves overseeing the implementation of the CJIS Security Policy, overseeing measures for securing CJI, coordinating with third-party service providers, and ensuring adherence to federal and state laws.

Coordinating with third-party service providers

To fortify CJIS compliance, close collaboration with third-party service providers becomes imperative. IT Directors must actively engage with these partners, ensuring they meet and uphold CJIS compliance standards when handling sensitive data. This collaborative effort guarantees a seamless and secure flow of information within the justice system.

Adherence to federal and state laws

Compliance with CJIS extends beyond policy implementation. IT directors bear the responsibility of guaranteeing that their organizations adhere rigorously to all pertinent federal and state laws governing the storage and transmission of criminal justice information. This holistic approach ensures that the IT infrastructure remains not only CJIS-compliant but also legally sound.

By mastering the implementation of the CJIS Security Policy, coordinating with third-party allies, and upholding legal standards, you can fortify the foundation upon which a secure and efficient criminal justice system thrives.

Working with multidisciplinary teams

Bridging the gap between law and IT, you understand the importance of maintaining efficient and secure technology systems to support the DA’s office, law enforcement agencies, and organizations. These multidisciplinary teams, or MDTs,  play a crucial role in upholding the law and ensuring public safety, where protecting sensitive case information is a constant worry.

  • Multidisciplinary teams require a secure and reliable IT infrastructure to support their operations.
  • They often handle sensitive and confidential information that must be protected from unauthorized access.
  • The ability to access and share data in real-time is critical for effective law enforcement activities.
  • Multidisciplinary teams also need to comply with specific regulations and standards related to data security and privacy.

Federal, state, and local agencies

It’s important to understand the roles and responsibilities of federal, state, and local agencies in relation to the CJIS Division.

Federal agencies, such as the FBI, have the responsibility of overseeing the CJIS Division and ensuring compliance with policies and procedures. They also play a key role in conducting audits and providing training to ensure that agencies are following CJIS security standards.

State agencies, such as state police departments, are responsible for implementing CJIS policies and procedures at the state level. They also work closely with local agencies to provide support and guidance in CJIS-related matters.

Local agencies, including police departments and sheriff’s offices, are responsible for adhering to CJIS security standards and ensuring that their personnel are properly trained. They also play a crucial role in providing feedback and input during working group meetings and proposal considerations.

CJIS Division activities, such as working group meetings, provide a platform for federal, state, and local agencies to collaborate and address CJIS-related issues. These meetings also serve as an opportunity for agencies to propose and discuss changes to CJIS policies and procedures.

Non-criminal justice agencies involved in CJIS compliance

CJIS compliance and the involvement of non-criminal justice agencies in this process are no less important. Non-criminal justice agencies that are involved in CJIS compliance include:

  • State or local government agencies
  • Private entities providing services to multi-disciplinary teams
  • Other organizations processing or storing criminal justice information

These non-criminal justice agencies play a crucial role in ensuring that all entities involved in the criminal justice system are compliant with CJIS regulations. It is important to work collaboratively with these agencies to maintain the security and integrity of criminal justice information.

Choosing the right partner: the key to CJIS compliance.

Partnering with a trusted service provider like Guardify that offers a cloud-based digital evidence management solution supports your office in being CJIS compliant.

Ensure alignment with CJIS security policies

The CJIS ACE Division of Diverse Computing offers the first and only industry-standard process for evaluating CJIS-related products and services to ensure alignment with the FBI’s CJIS Security Policy. Seals are only awarded to entities after completing a meticulous assessment and evaluation process that reviews systems, policies, and procedures in relation to the CJIS Security Policy.

Does your partner understand their obligations?

Partnering with a company that offers a solution to your digital evidence storage needs can help your office remain CJIS compliant. You want a partner who is familiar with these regulations,  and who also maintains your data on secure servers in a stable geographic location. They should have the necessary password management policies to keep your data safe.

Take the time to verify that your partner understands CJIS and protects your data. Ensure that the partner you choose:

  • Complies with all applicable regulations, statutes, policies, and rules governing access to criminal justice information (CJI).
  • Completes any state/agency-specific CJIS-related requirements.
  • Takes appropriate measures to ensure that all data is private. Only authorized, licensed users who have been verified through multi-factor authentication should be able to access the content.
  • Gives you the power to grant or revoke access in real time. Users with the appropriate authority level should be able to grant or remove access to audio files, video files, and associated attachments and annotations.
  • Encrypts all data, and access goes through multiple levels of authentication.
  • Enables complete Case History Audit tracking. At any time, users with the appropriate authority level should be able to see the historical access to the evidence, who currently has access, and who has downloaded or viewed the evidence.

Final thoughts.

Guardify has demonstrated a commitment to and has a real-world working knowledge of FBI CJIS Security Policy compliance and understands its criticality to the law enforcement and justice fields.

Guardify is hosted in a FedRamp-authorized high-level infrastructure on AWS GovCloud, ensuring all data is maintained in U.S. data centers.

See it in action, any time. Schedule a demo to see how CJIS-compliant Guardify Pro secures evidence for the long term.

Related Content