Criminal Justice Information Services cybersecurity compliance, or CJIS compliance, exists to protect and safeguard criminal justice information. The premise of CJIS cybersecurity compliance is to enact proper security controls to prevent CJI data dissemination. Policy provides a baseline of security requirements to secure CJI access to authorized law enforcement authorities.
In 1998, the FBI suggested their CJIS division should expand its existing structure with regards to information security, compliance, and agreements to protect CJI data transmission and storage. The Federal Information Security Act of 2002 laid out additional basis regarding mandatory technical and operational security requirements protecting CJI.
CJIS compliance policy is broken down into 12 areas including:
1. Information Exchange Agreements
2. Security Awareness Training
3. Incident Response
4. Auditing and Accountability
5. Access Control
6. Identification and Authentication
7. Configuration Management
8. Media Protection
9. Physical Protection
10. Systems and Communications Protection and Information Integrity
11. Formal Audits
12. Personnel Security
Many organizations use the Threatcare Suite to verify security. Threatcare, an Austin-based SaaS company, is the leader in proactive cyber defense and offers the only cloud-based breach and attack simulation technology on the market. Everyone has a right to know if they are secured — especially after many questions can be raised even when an organization has proper security implemented.