FBI CJIS Compliance

What It Is and Why It Matters

What is FBI CJIS Compliance?

FBI CJIS (Criminal Justice Information Services) is the term used to refer to all the CJI Criminal Justice Information provided data necessary for law enforcement agencies to perform their mission and enforce the laws, including but not limited to biometrics, identity history, person, organization, property (when accompanied by any personally identifiable information), and case/incident history data. In many instances, accompanying victim and witness data also needs protection.
 
The essential premise of the FBI CJIS Security Policy is to provide appropriate controls to protect the full lifecycle of CJI, whether at rest or in transit. The FBI CJIS Security Policy provides guidance for the creation, viewing, modification, transmission, dissemination, storage, and destruction of CJI. This Policy applies to every individual—contractor, private entity, noncriminal justice agency representative, or member of a criminal justice entity—with access to, or who operate in support of, criminal justice services and information.
 

What FBI CJIS is not

FBI CJIS is not a marketing term. And it cannot be applied to a solution set that is a partnership or integration of vendors to address the market or solve the complicated needs to support victims, witnesses, and the court processes. Each engineer developing and accessing the technology must pass the required background check.
 
FBI CJIS “ready” is not FBI CJIS compliant.
 

How FBI CJIS compliance is attained

Attaining FBI CJIS compliance is a detailed and arduous task that sets a vendor apart in the arena of IOT and Enterprise software solutions.
 
The process of becoming FBI CJIS compliance is a complex undertaking in the world of cyber security, considering that it encompasses:
  • Fingerprinting of personnel with access to CJI data
  • Background check of personnel with access to CJI data
  • Completion of CJI knowledge test by personnel with access to CJI data, which must be renewed every two years
  • Access control – by both onshore and offshore personnel
  • Passwords set at a level across the enterprise that secures the environment
  • Servers – only appropriately accessed by appropriate onshore personnel
  • Dissemination of data – when appropriate and only to the appropriate personnel
  • Encryption levels
 

How is eBodyGuard FBI CJIS compliant and why?

eBodyGuard has taken the daunting and costly journey to protect victim and witness data, as well as the CJI data, from the origination of a crime, all the way through to sentencing.
  • Aligned with the 13 requirements of the FBI CJIS Security Policy1
  • Dedicated CJIS Security Compliance Officer
  • Auditing of access and devices
  • Additional security on all devices
  • Encryption and security of data
  • Security of network infrastructure
  • Firewall between our vendor/partners for CJI data
eBodyGuard has built its foundation for FBI CJIS compliance across its People, Process, and Technology. We have a vendor-agnostic, forward-looking approach for protecting victim data in the criminal justice system, for cyber protection across the entire system, and for the sake of our national security.