Strengthening CJIS Compliance with Keeper Security: Protecting State Agencies and Law Enforcement

In November 2022, the Criminal Justice Information Services (CJIS) division of the FBI updated its cybersecurity policy, impacting state agencies, police departments, and other organizations that handle Criminal Justice Information (CJI). The updated policy poses challenges for organizations, especially smaller ones, to maintain compliance due to limited resources, lack of expertise and the policy’s complexity. Keeper Security Government Cloud offers a comprehensive solution to address these challenges and ensure seamless compliance with CJIS requirements.

The Importance of CJIS Compliance

CJIS is the largest division of the FBI. It is responsible for handling CJI, which encompasses biometric data, identity history, biographic data, and case history. The updated CJIS security policy applies to organizations of all sizes, including noncriminal justice agencies that manage IT departments. Many of these state and local agencies, often seen as easy targets by cybercriminals, struggle with cybersecurity due to limited funding and inadequate security measures.

Updated CJIS Requirements

The updated policy introduces several new requirements for password management, including:

• Minimum password length of 20 characters
• Prohibition of stored password hints
• Maintenance of a banned passwords list
• Limiting failed authentication attempts
• Forced password changes in case of compromise or every 365 days
• Encrypted, authenticated channels for password requests
• Salted, hashed password storage resistant to offline attacks

The Need for Compliance Support

Non-compliance with CJIS requirements can result in loss of access to data, terminated contracts or grants, and potential liability in civil lawsuits. Moreover, data breaches can damage an organization’s reputation. Small organizations, in particular, may struggle with compliance due to limited resources, lack of expertise and the policy’s complexity.

Keeper Security Government Cloud: A Comprehensive Solution

Keeper Security Government Cloud is a FedRAMP and StateRAMP Authorized solution that enables law enforcement and local government agencies to efficiently and cost-effectively meet CJIS compliance requirements. The platform provides:

• Industry-leading password management: Keeper enables organizations to enforce strong, unique passwords for all user accounts, which is a key requirement of the CJIS Security Policy. It allows users to generate complex passwords and securely store them, minimizing the risk of unauthorized access to sensitive systems and data.
• Multi-Factor Authentication (MFA): Keeper supports multi-factor authentication, adding an extra layer of security and aligning with CJIS requirements for advanced authentication.
• 256-bit encrypted storage: Keeper uses Elliptic Curve Cryptography (ECC) to protect all stored data, including passwords, files, and other sensitive information, which surpasses the CJIS encryption requirement.
• Role-Based Access Control (RBAC): Keeper allows organizations to implement granular, role-based access control, ensuring that users only have access to the information they need to perform their job duties.
• Auditing and monitoring:  Keeper includes extensive auditing and reporting capabilities, enabling organizations to track user access and password changes, while also monitoring to see if any passwords in use by your organization match passwords on the dark web.
• Secure sharing of passwords and sensitive data:  Keeper facilitates the secure sharing of passwords and sensitive data between authorized users, ensuring that sensitive information is only shared with those who have a legitimate need to know.

The updated CJIS compliance requirements demand a robust password management solution to help organizations enforce security measures effectively. Keeper Security Government Cloud offers a comprehensive, user-friendly platform to address these requirements and protect sensitive data. Contact us today to learn how Keeper Security can help your organization seamlessly comply with CJIS security policy updates.