CJIS Compliance: Advanced Authentication and You

CJIS Compliance: Advanced Authentication and You

If you haven't seen it yet, we've written a new eBook called "CJIS Compliance: Advanced Authentication and You". This eBook focuses on addressing CJIS Advanced Authentication requirements, as well as how AuthAnvil can help you meet compliancy.

Here are some key excerpts from the eBook:

The CJIS Security Policy requires that all Law Enforcement Agencies (LEA) must deploy Advanced Authentication for their users in order to retain access to CJIS, the computerized information system that is part of the FBI’s National Crime Information Center. The deadline for this requirement is September 30, 2014.

“Advanced Authentication (AA) provides for additional security to the typical user identification and authentication of login ID and password, such as: biometric systems, user-based public key infrastructure (PKI), smart cards, software tokens, hardware tokens, paper (inert) tokens, or “Risk-based Authentication” that includes a software token element comprised of a number of factors, such as network information, user information, positive device identification (i.e. device forensics, user pattern analysis and user binding), user profiling, and high-risk challenge / response questions.”…

While establishing authentication through simple usernames and passwords is permissible under the policy from within secure locations, access to the CJIS database from non-secure locations, like a patrol car, will always require Advanced Authentication. Additionally, as the policy defines what is considered a secure location, it is quite possible that even within a physically secure precinct, certain requirements of technological security may remain unmet, and thus Advanced Authentication would be required…

Ready to Get Started?

Try AuthAnvil