Criminal Justice Information System
The Criminal Justice Information System (CJIS) provides state, local, and federal law enforcement and criminal justice agencies with access to critical, personal information such as fingerprint records, criminal histories, and sex offender registrations. In order to prevent unauthorized access to this extremely sensitive information, a security policy governing the access to the CJIS database was enacted on January 1, 2011. CJIS compliance information was set in a mandate released by the FBI. The mandate sets forth the minimum requirements for securing access to the data included within CJIS. The policy requires "Advanced Authentication", or multi-factor authentication, to be implemented across all those that agencies that access the information contained in the CJIS database. CJIS compliance will affect many organizations and many departments. Public safety, judicial, and correctional institutions must comply or face administrative sanctions and/or criminal penalties.
How do I Become Compliant?The good news is that many state, local, and federal law enforcement and criminal justice agencies can meet the Advanced Authentication provision easily with a cost effective solution that is already being implemented by law enforcement agencies across the country. CJIS compliance can be obtained easily and proved during a third party audit. Many times, organizations can utilize their existing building access technology (physical access) to log in to the CJIS database securely (logical access) while meeting the FBI's mandate. If you are unable to use your current access cards for CJIS compliance, you can get outfitted with a different, cost effective solution that will provide you with the compliance standards you need. Please view these helpful links to learn more:
- Physical Access vs. Logical Access
- Advanced Authentication 101
- When Do I Need to Have my Solution in Place?
- How Do I Become Compliant?
What is Advanced Authentication?
The FBI released the following regarding Advanced Authentication:
"Advanced Authentication (AA) provides for additional security to the typical user identification and authentication of login ID and password, such as: biometric systems, user-based public key infrastructure (PKI), smart cards, software tokens, hardware tokens, paper (inert) tokens, or "Risk-based Authentication" that includes a software token element comprised of a number of factors, such as network information, user information, positive device identification (i.e. device forensics, user pattern analysis and user binding), user profiling, and high-risk challenge/response questions. Advanced Authentication is also called Multi-Factor or Two-Factor authentication.
Learn More: What classifies as Advanced Authentication?