The CJIS Security Policy sets minimum security requirements for any organization accessing the data, as well as guidelines to protect the transmission, storage, and creation of criminal justice information (CJI) such as fingerprints, identity history, case/incident history, etc.
The CJIS standards include best practices in areas like data encryption, wireless networking, and remote access, as well multi-factor authentication and physical security. All entities, whether law enforcement or a non-criminal justice agency, that has access to any of the FBI’s CJI data must adhere to the security standards.
Recently, IT360 went through our own CJIS Compliance process in order to ensure our data and security policies met the CJIS Security standards. Regardless of your industry, or the kind of data you are handling, the FBI CJIS Security Policy is a good measuring stick for your data security.