CJIS

If you are a law enforcement agency, entity or contractor that is required to work with Criminal Justice Information (CJI), you must be compliant with CJIS Version 5.6 that was released in June of 2017. MainNerve has the past performance with state and local entities and a unique background of defense and Law Enforcement support necessary to review your security posture to get you CJIS compliant.

MainNerve has assisted Municipalities and LEA organizations in achieving CJIS compliance.

In 2011, the FBI’s Criminal Justice Information Services Division (CJIS) issued the CJIS Security Policy, a set of standards for organizations that access criminal justice information (CJI). The essential premise of the CJIS Security Policy is to provide appropriate controls to protect the full lifecycle of CJI, whether at rest or in transit. The CJIS Security Policy provides guidance for the creation, viewing, modification, transmission, dissemination, storage, and destruction of CJI and serves as the minimum set of security requirements for access to the FBIs, Criminal Justice Information Services (CJIS) Division systems and information to protect CJI. These standards have been updated over the years and the current standard is CJIS Version 5.6, released in June of 2017.

This CJIS compliance and policy now applies to every individual—contractor, private entity, noncriminal justice agency representative, or member of a criminal justice entity—with access to, or who operate in support of, criminal justice services and information.

What does this mean?

Any agency, organization, municipality or law enforcement agency as well as its employees that have access to CJI and/or the FBI’s CJIS database must be compliant with CJIS requirements.

How do I get compliant?

By conducting an audit of your agency’s or company’s policies, controls and procedures IAW CJIS Version 5.6.

Comprehensive CJIS Assessment: MainNerve will send its highly experienced staff on hand to take the client through the requirements for a CJIS compliance audit and to assist LEAs in mapping out a path to compliance. Blue Light can do an off or on-site assessment interfacing with an organization’s personnel to ensure that an assessment is conducted in accordance with CJIS 5.6 and NIST Special Publication 800-53, Security and Privacy Controls for Federal Information Systems and Organizations as well as the FBI CJIS 5.5 to NIST 800-53 mapping tool dated June 1, 2016.

Penetration Testing: MainNerve is one of the leading penetration testers in the U.S. with hundreds of customers and highly trained, accredited and experienced penetration testers and is one of the few companies with CJIS related experience with Law Enforcement and Municipalities. While penetration testing is not mandated under CJIS, it is a recommended practice and annual penetration tests and quarterly scans are encouraged to demonstrate “best practice” cybersecurity principles in case of an FB) audit as well as to heighten your cybersecurity posture.

Literature: https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center