CJIS

The Criminal Justice Information Services (CJIS) Division of the FBI plays a crucial role in enabling local, state, federal, and international law enforcement agencies to share sensitive criminal justice data securely. Since its inception in 1992, CJIS has provided systems that help manage everything from criminal records to wanted persons and background checks.

CJIS as a standard for security policy is also applicable and flows down in the vendor, contractor, and supplier supply chain for the FBI and for local, state, other federal, and international law enforcement. Some vendors, contracting agencies, and suppliers are classified as Noncriminal Justice Agencies (NCJA) that are Processors or Non-Processors of Criminal Justice Information.

For organizations handling criminal justice information (CJI), ensuring CJIS compliance is not just a legal requirement but an essential step in protecting sensitive data and maintaining public trust.

Why is CJIS Compliance Important for Businesses?

Ensuring CJIS compliance for small businesses and large agencies alike is critical. Non-compliance can have significant consequences, including data breaches, legal penalties, and a loss of customer trust. With Egis IT Security, your business can stay compliant and avoid these risks.

CJIS Security Policy: Key Areas to Focus On

The CJIS Security Policy (CSP) outlines strict security measures designed to protect CJI throughout its lifecycle. At Egis IT Security, we ensure that your organization meets and exceeds these requirements. The key policy areas include:

• Information Exchange Agreements - Ensuring secure agreements between entities handling CJI data.
• Security Awareness Training - Keeping employees informed about best practices and requirements for CJIS compliance and data security.
• Incident Response Planning - Establishing procedures to follow in the event of a security breach, monitoring for incidents, and training for incident handling.
• Auditing and Accountability - Regular audits to track access to CJI and ensure compliance with current standards.
• Access Control and Identification - Ensuring only authorized personnel have access to sensitive data through strict access control systems.

• Configuration Management and Media Protection - Access control and labelling restrictions for internal staff, external vendors, and securely handling media containing CJI.
• Systems and Communication Protection - Protection against external entities, encryption, and cloud computing security.
• Personnel Security and Physical Security - Safeguarding physical access to systems and requirements for personnel screening and sanctions.
• Mobile Devices and Wireless Technologies - Wireless communication protocol requirements and access control for cellular devices.

These policy areas are the foundation of achieving CJIS compliance for small businesses and government agencies alike. We tailor our services to meet the specific needs of your organization.

What is Criminal Justice Information (CJI)?

Criminal Justice Information (CJI) includes all data used by law enforcement to conduct investigations, background checks, and other duties. Safeguarding CJI is critical, as a breach can have significant repercussions for both individuals and organizations.

Some types of CJI include:

• Biometric Data (e.g., fingerprints, DNA)
• Identity History (e.g., past criminal activities, arrests)
• Property Data (e.g., evidence related to a crime)
• Case/Incident History (e.g., criminal case records)

For businesses managing sensitive data, ensuring CJIS compliance is vital. Egis is located in central Indiana, and we work with businesses all over the United States.

Restricted vs. Non-Restricted Information: What’s the Difference?

Criminal History Record Information (CHRI) is a subset of CJI that requires additional controls due to its sensitivity. For this reason, CHRI is also sometimes referred to as “restricted data.” CHRI refers to a more specific and detailed records of an individual’s criminal history. This could include arrests, protection orders, and other pertinent data that is collected and used by law enforcement agencies or courts.

The National Crime Information Center (NCIC) distinguishes between restricted and non-restricted information. Restricted information includes more sensitive data that requires stringent security protocols, such as:

• Gang Files
• Identity Theft Files
• National Sex Offendor Registry
• Supervised Release Files
• Threat Screening Center Files
• Historical Protection Orders
• Violent Person Files

Non-restricted files may be shared more freely but must still be handled with care. Compliance ensures your organization manages both types of data appropriately and securely.

Protecting Personally Identifiable Information (PII) Under CJIS

Personally Identifiable Information (PII), which includes data like Social Security numbers, names, and biometric records, often falls under the scope of CJI. Organizations must ensure that PII is protected from breaches or unauthorized access. While CJIS focuses primarily on CJI, any handling of PII must also follow strict security protocols.

CJIS Compliance Services by Egis IT Security

At Egis IT Security, we offer tailored CJIS compliance solutions to ensure your business is fully protected. Our services are designed to meet the needs of businesses handling criminal justice data in Central Indiana and beyond.

Our CJIS services include:

• Vulnerability Assessments - Identifying weaknesses in your current infrastructure and providing actionable solutions.
• Security Awareness Training - Educating your employees on best practices to ensure data security and compliance.
• Continuous Monitoring - Providing round-the-clock monitoring of your systems to detect potential threats before they become serious problems.
• Policy Development and Implementation - Assisting in the creation of security policies that align with CJIS standards, customized for your business needs.

• Incident Response Planning - Developing a comprehensive incident response plan to minimize damage in the event of a security breach.
• Audit Consultations - We can participate in meetings with auditors or provide consultations regarding audit findings for mitigation.
• Supply and Support and Implement Cybersecurity Products - Egis is a partner with a variety of vendors and suppliers for products and 3rd party services to help with meeting the CJIS security control requirements.

These services are crucial for achieving CJIS compliance for businesses in law enforcement, private security, and other sectors.

Service Area: CJIS Compliance Support for Central Indiana Businesses and Beyond

Egis IT Security proudly serves organizations in the Criminal Justice industry and supply chain throughout the Midwest and across the United States, helping them meet CJIS compliance requirements and protect their sensitive data.

Whether your business is in a major metropolitan area or a smaller community, we are here to ensure your CJIS compliance with expert services and guidance.

Frequently Asked Questions about CJIS Compliance

What is CJIS compliance, and why does my business need it?
CJIS compliance refers to adhering to the Criminal Justice Information Services Security Policy, which is designed to protect sensitive criminal justice data. If your business handles CJI (such as biometric or criminal history data), you must meet CJIS requirements to avoid data breaches and legal penalties.

How often should my business perform vulnerability assessments?
Regular vulnerability assessments are crucial to maintaining compliance and protecting sensitive data. We recommend conducting assessments at least once a year or more frequently if your organization handles large volumes of CJI.

What types of businesses need CJIS compliance?
Businesses that handle criminal justice data—including law enforcement agencies, security firms, and contractors—must comply with CJIS standards. Additionally, organizations processing data or providing software and hardware solutions for law enforcement agencies also need to meet these requirements.

What happens if my business is not CJIS compliant?
Failure to comply with CJIS standards can lead to serious consequences, including data breaches, legal penalties, and a loss of trust from clients and partners. Non-compliance can expose your business to security vulnerabilities and fines.

Does Egis IT Security provide training for CJIS compliance?
Yes, we offer security awareness training to ensure your employees understand the importance of CJIS compliance and are aware of their role in protecting sensitive data.

What steps can Egis IT Security take to ensure my organization passes a CJIS audit?
We assist with comprehensive auditing support, including policy development and reviews, vulnerability assessments, and remediation plans. We can meet with you and your auditors and IT staff or consult behind-the-scenes to ensure that your systems, policies, and procedures meet CJIS requirements.

Can CJIS compliance be tailored to my specific business needs?
Absolutely. At Egis IT Security, we provide customized CJIS compliance solutions to meet your organization's unique needs, ensuring compliance without overburdening your team with unnecessary protocols.

Call Today for a Security Assessment

Ensure your business is CJIS compliant with the help of Egis IT Security. Our team is ready to assess your current systems, identify vulnerabilities, and provide customized solutions that meet your needs. Call today to schedule your security assessment and safeguard your organization's critical data.