We sign CJIS security agreements with our customers, including allowing or performing any required employee background checks according to the CJIS Security Policy.
Law enforcement customers (and partners who manage CJI) are taking advantage of Newtek’s services to dramatically improve the security and protection of CJI data, using the advanced security services and features of the Newtek Cloud, such as activity logging, encryption of data in motion and at rest, comprehensive key management and protection, and integrated permission management (IAM federated identity management, multi-factor authentication).
FREQUENTLY ASKED QUESTIONS:
Can the Newtek Cloud be Used For CJIS Data?
Absolutely. In order to meet the requirements of CJIS customers, Newtek’s cloud infrastructure has been built from the ground up to be one of the most flexible and secure cloud computing environments on the market. Customers can deploy applications, data, and services, all of which securely comply with CJIS Security Policy requirements.
What Is CJIS Anyway?
Established in 1992, CJIS comprises several departments including the National Crime Information Center (NCIC), Integrated Automated Fingerprint Identification System (IAFIS) and the National Instant Criminal Background Check System (NICS). CJIS monitors criminal activities in local and international communities using analytics and statistics provided by law enforcement, and their databases provide a centralized source of criminal justice information (CJI) to agencies around the country.
Why is This Level of Protection Necessary?
Criminal justice and law enforcement agencies on the local, state, and federal levels access the Criminal Justice Information Services (CJIS) databases for information necessary to catch lawbreakers, perform background checks, and track criminal activity. Needless to say it’s important that this data not fall into the wrong hands. While the loss of business intelligence can mean a major financial hit, the security of CJIS data could mean the difference between thwarting a criminal operation and allowing another to occur.
How is CJIS Compliance Determined?
The Security Policy defines 13 areas that private contractors (such as cloud service providers) must evaluate to determine if cloud services can be used consistent with CJIS requirements. The policies set forth by CJIS cover best practices in wireless networking, remote access, data encryption, and multiple authentication.
Some basic rules include:
- Weekly audit reviews
- Active account management moderation
- Session lockout after 30 minutes of inactivity
- A limit of 5 unsuccessful login attempts by user accessing CJIS
- Event logging various login activities
Where do I start with my agency’s compliance effort?
The CJIS Security Policy document covers the precautions that your agency must take to protect CJI. In addition, Newtek Solutions Experts are here to help.
Newtek Technology Services provides robust solutions to the small business owner, the enterprise customer, federal clients, and governmental agencies alike. Our solutions help organizations comply with CJIS,HIPAA, PCI DSS, FISMA, SSAE 16, and GLBA regulatory requirements.