Complying with CJIS Doesn't Have to Be Hard
Many IT service providers across the country are facing the challenge of having to update and adapt their security processes and protocols to ensure they meet the requirements the FBI has set forth for any agency accessing their Criminal Justice Information Services (CJIS) databases (you can read the full CJIS document here: http://www.fbi.gov/about-us/cjis/cjis-security-policy-resource-center/view).
I’ve spoken with many law enforcement IT service providers who feel that the CJIS compliance guidelines are too complex to implement successfully in their agency—especially by the upcoming September 2014 deadline. Many of these IT professionals feel stuck. On the one hand, they know the hurdles they will have to overcome to change security standards in their agency (budget limitations, often-outdated equipment, peers who don’t have any knowledge of network security, etc.). On the other hand, they understand that access to the CJIS databases is crucial and should their law enforcement organization lose access to this valuable resource, their jobs could be on the line.
Fortunately, there’s a solution for this CJIS compliance problem and it’s a pure win-win situation.
Advanced password management systems on the market today offer a comprehensive security solution that can be completely customized to meet specific security requirements and guidelines. This means that with one single software package, you can ensure that many of the technical safeguards outlined in the CJIS guidelines are in place on your network.
CJIS compliance is surprisingly simple when you choose a security suite with features that include:
- The ability to generate and store reports and logs for security-related events (like failed login attempts, etc.)
- multi factor authentication (also called “advanced authentication”)
- Centralized password management that allows admin users to create strong password templates and easily remove or change user permissions
Features like these allow you to quickly get your network up to date with the CJIS requirements—and save you time and headaches in the process.
That’s where the win-win comes in. The truth is, these password management systems aren’t just handy for CJIS compliance—they will also make your life as an IT professional in law enforcement easier on a day-to-day basis. With such a system in place you can:
- Set up the needed security parameters and protocols from a centralized application.
- Automate security-related maintenance tasks (like password expirations, audit reports, etc.).
- Allow admin users to easily pull reports and see who has access to what.
- Assign group password permissions to privileged users, and create strong password templates.
One area of the CJIS guidelines that many law enforcement IT personnel are unsure of is multi factor authentication (MFA). With MFA, a user is required to provide not only a password, but also another security “factor,” like a one-time access code from a token device or secure mobile app on their phone. The CJIS guidelines call for MFA for any user trying to access CJIS data from a non-secure location. With MFA in place, your network is nearly impenetrable to an outside attack—even if a password is somehow compromised, the attacker wouldn’t be able to provide the needed second security factor.
The enhanced level of security that MFA provides opens the door to even more advanced options like single sign on (SSO). SSO is a great example of a security solution that will simplify CJIS compliance.
With SSO, a user first authenticates with MFA and is then taken to his or her SSO portal, where he or she can be automatically logged into all of his or her needed applications (even cloud applications) and sites without needing to again enter credentials or undergo numerous logins or passwords. SSO is an ideal on-the-go solution for many officers and law enforcement professionals who spend most of their day off-site.