Dara Security

Information Security Review

Security Policy Compliance Support

The FBI Criminal Justice Information Services (CJIS) Division maintains a vast repository of sensitive information that cyber criminals actively pursue.  Fingerprint records, criminal histories, and sex offender registrations are highly valued by hackers because they could profit well from selling this information on the black market.  Cyber attacks to capture this sensitive information are on the rise, which makes securing this information increasingly challenging.


The FBI CJIS Division has published a fairly strict security policy [PDF] governing access to the CJIS database.  Based on Presidential and FBI directives, federal laws, and NIST guidelines, the CJIS Security Policy provides access to law enforcement and criminal justice agencies for criminal investigation purposes.  Implementation of the CJIS Security Policy as applicable to individual CJIS Systems Agencies (CSAs) is a requirement for ensuring continued access to the CJIS database.


The CJIS Security Policy is broad in scope, detailing requirements in the following areas:

    Security Awareness Training


    Security Incident Handling

    Media Protection

    Configuration Management


Written Agreement

Each CSA is required to sign a written agreement with the FBI CJIS Division stating willingness to abide by and demonstrate compliance with the CJIS Security Policy before accessing and participating in CJIS records information programs.  As part of this agreement, CSAs consent to be audited by the FBI CJIS Division once every three (3) years as a minimum to assess compliance with the policy.


Dara Security provides State and Local law enforcement organizations a CJIS Readiness Review – a complete package that analyzes and reviews your organization's readiness for compliance with CJIS Security Policy requirements. Our technical and management experts will partner with your team to analyze and assess your security and privacy measures, both from the technical as well as management and operational perspectives.


Technical and Analytical Assessment

This technical and analytical assessment process will include:

    Review of IT infrastructure security (including Systems, Applications, Network and Telecommunications

    Vulnerability scanning using automated tools and manual techniques, from external and internal perspectives

    Review of information security policies and procedures

    Interviews with key technical and management personnel

    Step-by-step evaluation of current security posture against CJIS requirements

    Conclusions and recommendations for any issues found

 At the end of this process, Dara Security's team will deliver a presentation summarizing the team's findings and recommendations.  A summary report will outline the CJIS requirements, detail your current situation, and allow you to plan your compliance strategy.


How We Can Help

Dara Security consultants are experts in understanding both the administrative, physical, and technical aspects of your environment.  We have extensive experience in various industries and their corresponding data protection acts.  You can be confident that our knowledge and experience will yield an accurate compliance assessment and strategic plan for your organization.