The CJIS Security Policy specifies security requirements for access to CJIS systems

The Criminal Justice Information Services (CJIS) Security Policy is a document published by the CJIS division of the U.S. Federal Bureau of Investigation (FBI). The document, which is updated annually, establishes information security best practices to help organizations protect CJI throughout its full lifecycle.

Who must comply with the CJIS Security Policy

The Policy applies to any organization that submits information to or receives information from FBI CJIS systems or services, by any means. Failure to comply with CJIS Security Policy requirements may result in administrative sanctions including, but not limited to, termination of services and state and federal criminal penalties.

Establish appropriate controls and prepare for your next CJIS audit with Netwrix Auditor

Netwrix Auditor helps criminal and non-criminal justice agencies exert more vigilance over privileged user activity, changes to prescribed behavior patterns, inappropriate data manipulations and other security issues across critical IT systems in accordance with specific information protection provisions of various CJIS Security Policy areas. The integrated platform provides a complete audit trail and ensures easy access to noise-free security intelligence whenever it is needed, which streamlines the compliance process.

Enable full control over individual access privileges

Make your access control and account management processes more efficient by gaining visibility into the current and historic states of user accounts, groups and permissions, as well as related changes.

Enable full control over individual access privilege
Enable full control over individual access privilege
Enable full control over individual access privilege
Enable full control over individual access privilege

Minimize the risk of unauthorized disclosure, alteration or misuse of sensitive data

Promptly respond to improper access attempts to both structured and unstructured data by keeping a close eye on any suspicious activity in your file systems and databases.

Minimize the risk of unauthorized disclosure, alteration or misuse of sensitive data
Minimize the risk of unauthorized disclosure, alteration or misuse of sensitive data
Minimize the risk of unauthorized disclosure, alteration or misuse of sensitive data
Minimize the risk of unauthorized disclosure, alteration or misuse of sensitive data

Spot unusual activity to control risk of information confidentiality breaks

Ensure timely response to policy violations by detecting abnormal user behavior patterns and analyzing irregular data access.

Facilitate incident handling process by establishing an early warning system

Mitigate the risk of information disclosure by using the meaningful information from alerts and scheduled security reports to react quickly to threats.

Investigate suspected policy violations and answer auditors’ questions faster

Simplify investigations into unauthorized access to and use of critical systems and data using Interactive Search. Quickly find specific activity, easily create custom reports and definitively prove the effectiveness of your controls.

Investigate suspected policy violations and answer auditors questions faster
Investigate suspected policy violations and answer auditors questions faster

Meet any audit record retention requirements

Keep a complete audit trail in a reliable two-tiered (file-based + SQL database) AuditArchive™ storage system for any retention period you need. The audit trail remains easily accessible for reporting, investigation and compliance needs.

Meet any audit record retention requirements
Meet any audit record retention requirements

See which specific CJIS Security Policy requirements
Netwrix Auditor can help you address

Netwrix Auditor helps organizations overcome the problem of fragmented visibility by delivering security analytics about critical changes, configurations and data access in hybrid cloud IT environments and enabling investigation of suspicious user behavior. The following chart details the specific paragraphs of the CJIS Security Policy that criminal and non-criminal justice agencies and their contractors can address using Netwrix Auditor:
Please note that Netwrix Auditor can facilitate the ongoing evaluation of security controls in addition to those listed above, helping you achieve continuous compliance with the security provisions of other regulations as well.
Learn more about how Netwrix Auditor can help you address specific CJIS Security Policy requirements.
Download Netwrix Auditor Report Mapping (.pdf)

Organizations of all sizes and profiles rely on Netwrix Auditor to prepare for CJIS audits

"Cleaning up user accounts, verifying user permissions and closing security gaps is a monumental task. Netwrix Auditor makes it far easier. It can trace down issues; it tells us who has access and who doesn’t; and it lets us know when access permissions may have changed."

Randy Turner,

Information Services Manager, Idaho Department of Correction