By Ian M. Marlow
September 11, 2015
The US Department of Justice, through the Federal Bureau of Investigation (FBI) has put forth a standard of security protocols for various systems to meet government encryption level and other data security requirements. This is the Criminal Justice Information Services (CJIS) security policy administered by the FBI and it’s starting to move into the digital age. You can read the full security policy here—http://www.fbi.gov/about-us/cjis/cjis-security-policy-resource-center.
CJIS protocols are evolving and being continually updated to embrace more of digital technology’s capabilities. Remember, these systems were conceived and built in the “old days” before the cloud, and trying to keep up with the virtual world while meeting protocol standards can create challenges. However, municipal and local entities (for example, police departments or sheriff departments) are recognizing the cost savings in these new capabilities and are looking at moving to the cloud. To do so, IT consultants must address their concerns about how to do so while maintaining CJIS compliance as well as security and control over their data in general. To move forward, they must be clear on how they can implement these system updates and still comply with CJIS protocol.
Implementing compliant network updates
In these instances, a collaborative environment works well to make the switch to virtualization and cloud computing. IT services providers who understand the particular CJIS criteria can work closely with government agencies to show them how they can embrace new technology and maintain a secure computing environment. The FBI works with law enforcement agencies and their third-party IT companies to review and approve specific solutions that already exist and that adhere to CJIS protocols, even though the upgrades are not specifically stated as CJIS compliant.
At FITECH, we have had such an experience and it was very positive. By collaborating with the Essex County Sheriff’s Office on installing and testing new internet based encryption and routing designs based upon cloud computing upgrades for a forward-thinking sheriff’s office, we were able to show how certain existing technologies—not specifically stated as CJIS compliant—do indeed meet those government standards. The FBI examined these alternatives and identified those that met federal standards (and declined others); in the back-and-forth process, we were able to help the Sheriff’s Office become CJIS compliant with alternatives that achieved the desired results (and will save them money over their prior computing infrastructure).
Now that this system has been tested by a law enforcement agency that was open to innovation, and was approved by the FBI as a proof of concept, it can be applied to many other situations. IT engineering has created a new solution from existing ones that were not purpose-built for CJIS—but has now helped pave the way for new thinking and creative deployments that are CJIS compliant.
Are you working with government entities that must meet the challenge of 21st century technology?