Skip to main content
All CollectionsCompliance automation
Criminal Justice Information Services (CJIS) Security Policy
Criminal Justice Information Services (CJIS) Security Policy
Updated over 9 months ago

The Criminal Justice Information Services (CJIS) Security Policy is a set of standards established by the Federal Bureau of Investigation (FBI) for the creation, viewing, modification, transmission, dissemination, storage, and destruction of Criminal Justice Information (CJI).

CJI includes any data necessary for law enforcement and civil agencies to perform their missions, including biometrics, identity history, person, property, case/incident history, and other data like FBI’s Ten Most Wanted Fugitives, Uniform Crime Reports, and National Incident-Based Reporting System data.

The CJIS Security Policy provides a secure framework of laws, standards, and elements of published and vetted policies for accomplishing the mission across the broad spectrum of the criminal justice and noncriminal justice communities. It guides the protection and transmission of CJI, whether at rest or in transit.

The policy applies to every individual—contractor, private entity, noncriminal justice agency representative, or member of a criminal justice entity—with access to, or who operates in support of, criminal justice services and information.

The CJIS Security Policy contains specific requirements in various areas such as authentication, access control, encryption, personnel security, physical security, system and communications protection information integrity, and formal audits.

Non-compliance with the CJIS Security Policy can result in a loss of access to CJI, which can significantly impact the ability of law enforcement and affiliated entities to perform their duties.

To prepare your endpoint security for CJIS, Swif MDM can enable you at
least:

  1. Remote locking of device

  2. Remote wiping of device

  3. Setting and locking device configuration

  4. Enforce folder or disk-level encryption

  5. Application of mandatory policy settings on device

  6. Detection of unauthorized configurations

  7. Detection of unauthorized software or applications

  8. Ability to determine the location of an agency-controlled device

Did this answer your question?