The FBI Criminal Justice Information Services (CJIS) Division maintains a vast repository of Criminal Justice Information (CJI) such as fingerprint records, criminal histories, and sex offender registrations. Access to this database (known as CJIS) is provided to state, local, and federal law enforcement and criminal justice agencies for use in on going activities subject to Title 28, Part 20, Code of Federal Regulations (CFR).
In order to ensure the integrity of CJIS and to prevent unauthorized access to this extremely sensitive information, The FBI CJIS Division has published a security policy (currently at Version 5.2) governing the access to the CJIS database. The CJIS security policy, which is based on established Presidential directives, FBI directives, Federal laws (e.g., FISMA) and NIST guidelines. Implementation of the CJIS Security Policy as applicable to individual CJIS Systems Agencies (CSAs) is a requirement for granting continued access to the CJIS database.
While the most visible and pressingrequirement is for “Advanced Authentication,” or multi-factor authentication, (with an implementation deadline of Sept. 2013), the CJIS Security Policy is much broader in scope and covers areas such asSecurity Awareness Training, Auditing, Security Incident Handling, Media Protection and Configuration Management, as detailed in the document’s twelve “Policy Areas”. Each CSA is required to execute a signed, written user agreement with the FBI CJIS Division stating willingness to abide by and demonstrate compliance with this Policy (in its entirety) before accessing and participating in CJIS records information programs. As part of this agreement, CSAs consent to be audited by the FBI CJIS Division once every three (3) years as a minimum to assess compliance with the policy.
SeNet International Corporation is offering State & Local law enforcement organizations a CJIS Readiness Review – aquick and complete package of analyzing and reviewing your organization’s readiness for compliance with CJIS Security Policy requirements.. Our team of technical and management experts will visit your facility, and together with your MIS team, will review, analyze and assess your security and privacy measures, both from the technical as well as management and operational aspects.
This technical and analytical assessment process will include:
• Review of IT infrastructure security (incl. Systems, Applications, Network and Telecommunications
• Vulnerability scanning using automated tools and manual techniques, from and external and internal perspectives (“pen-testing”)
• Review of information security policies and procedures
• Interviews with key technical and management personnel
• Step by step evaluation of current posture against CJIS requirements
• Conclusions and recommendations development.
At the end of this effort, the SeNet team will deliver a short presentation along with a draft report summarizing the team’s findings and recommendations. A final report will be delivered within 10 business days from the completion of the on-site portion.
This is a short, focused effort which will allow you to learn about the requirements evaluate your situation and plan your compliance strategy. Should you require to implement additional means (be it hardware, software or even revisions to your internal operational processes), SeNet can provide you with an economical, effective and approved set of options to choose from.