In today’s society, criminal justice is a top priority. It is a seemingly universal obligation to hold those who commit crimes accountable for their actions and sentence them accordingly to avoid future recurrences. Though it may sound simple enough in theory, the application of criminal justice is incredibly complex. There are several components of the criminal justice system that play an integral role in ensuring it remains strong and effective in keeping public citizens safe. There are crime scene investigations, forensic accounting practices (which are particularly important in the context of economic crimes), and more. One of the most important additional components is criminal justice information services.
Those who aren’t familiar with this sector of criminal justice likely have many questions about what it entails. This guide answers all of them.
What Exactly is CJIS?
The Criminal Justice Information Services (CJIS) Division is a department within the FBI dedicated to providing an array of innovative tools and services to law enforcement, national security and intelligence community partners, as well as the general public.
These tools help organizations and individuals protect sensitive data that is stored on the cloud or transferred through the Internet from cyberattacks. Examples of such data include fingerprints, criminal background information, and copies of private documents (e.g. financial records, social security identification). CJIS also sets standards that certain agencies must legally abide by.
What is CJIS Compliance?
To be compliant with the CJIS simply means that you and/or your company are meeting the requirements set by the division for data encryption. These requirements are designed to safeguard private data as well as any CJIS communications.
How Can I Become a CJIS Compliant?
If you are wondering what’s involved to become CJIS compliant, below are the criteria companies must meet to abide by these standards:
- The company must have a maximum limit of unsuccessful login attempts.
- The company must track login activities including password changes.
- The business must conduct weekly audit reviews.
- Sessions must lock after 30 minutes (or less) of inactivity.
- The company must set access restrictions for certain employees based on job role, location, time of day, and network address.
Given that there are more online hacks that occur today than ever before, meeting these requirements is essential to maintain an adequate sense of online security.
Who Needs to Be CJIS Compliant?
Any company or entity with sensitive information and/or data coming from CJIS databases must be compliant with CJIS standards.
Some examples of these entities include:
- Police departments
- Security agencies
- Prosecuting attorneys’ offices
- Transcription and translation companies
Clearly, Criminal Justice Information Services (CJIS) plays a key role in the maintenance of justice and in the protection of sensitive information that is required to reach justice. There are several types of agencies that must be CJIS compliant, such as police departments, prosecutors’ offices, and security companies. In meeting the established requirements, including placing limits on unsuccessful login attempts and tracking login activity, these entities will not only ensure they are CJIS compliant but they will strengthen their overall security in the digital space.