LEGAL

What is CJIS compliance?

The intent of the CJIS Security Policy is to ensure the protection of the Criminal Justice Information, until the information is either 1) released to the public via authorized dissemination (e.g., within a court system, presented in crime reports data, or released in the interest of public safety) or 2) purged or destroyed in accordance with applicable record retention rules.

The Criminal Justice Information Services Division (CJIS) is a division of the United States Federal Bureau of Investigation (FBI) and is responsible for publishing the Criminal Justice Information Services (CJIS) Security Policy.

The CJIS Security Policy outlines a minimum set of security requirements that create security controls for managing and maintaining Criminal Justice Information data. The CJIS Advisory Policy Board (APB) manages the policy with national oversight from the CJIS division of the FBI. There is no centralized adjudication body for determining what is or isn’t compliant with the Security Policy.

What is the purpose of CJIS?

CJIS compliance is necessary to keep networks aligned on matters of data security and encryption. It is also necessary to ensure that sensitive intelligence data doesn’t fall into the wrong hands.

Is Permitium Software CJIS compliant?

Absolutely. Our products are designed to be well within the standards outlined by CJIS.

Who performs our third-party CJIS audit?

Lazarus Alliance (visit Lazarus Alliance here) performs Permitium Software’s third party CJIS audit. We consult with the Lazarus team monthly in order to remain compliant.

What are some examples of steps you take toward compliance?

Permitium Software supports a thorough set of privacy and security capabilities to prevent unauthorized disclosure of criminal justice information or data. Tight user authentication features securely control access to stored data. We use only fully compliant software and hardware infrastructure. We do not cut corners.