The FBI Criminal Justice Information Services (CJIS) Division maintains a vast repository of sensitive information that cyber criminals actively pursue. Fingerprint records, criminal histories, and sex offender registrations are highly valued by hackers because they could profit well from selling this information on the black market. Cyber attacks to capture this sensitive information are on the rise, which makes securing this information increasingly challenging.
The FBI CJIS Division has published a fairly strict security policy [PDF] governing access to the CJIS database. Based on Presidential and FBI directives, federal laws, and NIST guidelines, the CJIS Security Policy provides access to law enforcement and criminal justice agencies for criminal investigation purposes. Implementation of the CJIS Security Policy as applicable to individual CJIS Systems Agencies (CSAs) is a requirement for ensuring continued access to the CJIS database.
The CJIS Security Policy is broad in scope, detailing requirements in the following areas:
Security Awareness Training
Security Incident Handling
Each CSA is required to sign a written agreement with the FBI CJIS Division stating willingness to abide by and demonstrate compliance with the CJIS Security Policy before accessing and participating in CJIS records information programs. As part of this agreement, CSAs consent to be audited by the FBI CJIS Division once every three (3) years as a minimum to assess compliance with the policy.
Dara Security provides State and Local law enforcement organizations a CJIS Readiness Review – a complete package that analyzes and reviews your organization's readiness for compliance with CJIS Security Policy requirements. Our technical and management experts will partner with your team to analyze and assess your security and privacy measures, both from the technical as well as management and operational perspectives.
This technical and analytical assessment process will include:
Review of IT infrastructure security (including Systems, Applications, Network and Telecommunications
Vulnerability scanning using automated tools and manual techniques, from external and internal perspectives
Review of information security policies and procedures
Interviews with key technical and management personnel
Step-by-step evaluation of current security posture against CJIS requirements
Conclusions and recommendations for any issues found
At the end of this process, Dara Security's team will deliver a presentation summarizing the team's findings and recommendations. A summary report will outline the CJIS requirements, detail your current situation, and allow you to plan your compliance strategy.
Dara Security consultants are experts in understanding both the administrative, physical, and technical aspects of your environment. We have extensive experience in various industries and their corresponding data protection acts. You can be confident that our knowledge and experience will yield an accurate compliance assessment and strategic plan for your organization.