How Law Enforcement Can Guarantee CJIS Compliance | BLOG
Intelligence is perhaps the single greatest tool in the fight against crime. Look at any major criminal incident brought to justice and you can be almost certain outside intelligence played a pivotal role. In the wake of the Boston marathon bombing tragedy in 2013, for example, FBI agents used intelligence in the form of on-the-scene interviews and reviews of surveillance footage to swiftly release photos of the suspects to the public. Additionally, in the trial of the online black market site Silk Road's founder, Ross Ulbricht, multiple agencies combined intelligence to create a pool of data on Ulbricht, which ended up proving central to his conviction on all counts with which he was charged. Whether it's a bombing or a major cyber crime incident, intelligence compiled by law enforcement is instrumental to the solution.
The Federal Bureau of Investigation sits atop the information hierarchy in the U.S. Within its network is a massive repository of data spanning the entire country. But while the FBI is privy to the most protected, valuable intelligence in the United States, it's not the only entity with this privilege.
In the past few decades, information sharing between law enforcement agencies at every level has increased, which paves the way for more expedient law enforcement across the country. However, alongside the broadening exchange base of criminal justice information (CJI) came inherent vulnerabilities.
That's why, in 1998, the FBI rolled out an expansion of its security management structure. This expansion was meant to account for the access to and sharing of intelligence within the law enforcement community. What this amounted to was the creation of the FBI's Criminal Justice Information Services (CJIS) Security Policy, which, according to its executive overview, "integrates presidential directives, federal laws, FBI directives and the criminal justice community's APB decisions along with nationally recognized guidance from the National Institute of Standards and Technology." For law enforcement agencies, maintaining compliance with CJIS boils down to several key factors, including:
Identification and authentication of information: One of the key concerns of CJIS standards is that compliant agencies have processes in place that reliably authenticate the identity of individuals attempting to access data. For all data, but particularly for information in transit, such measures are vital. Entrust offers advanced authentication solutions that ensure compliance with CJIS standards regulating the security of CJI. Among the host of CJIS-compliant authenticators offered by Entrust are biometrics systems, hardware tokens and user-based PKI.
Securing of email correspondence: When cybercriminals are looking to orchestrate a hack, email is one of the first channels they'll try to intercept. That's because traditionally, email messages aren't afforded the same level of security as data not in transit. Fortunately, Entrust has a solution to account for this: Entelligence Messaging Server. This service gives its law enforcement users the ability to send information between each other - and other agencies - with data-in-transit encryption. A solution like this is central for full compliance with CJIS.
Proper protection for mobile: As a rule, cybercriminals hone in on the network areas organizations are most likely to overlook. These days, mobile devices are one such area. With the increasing push toward mobility in law enforcement, many agencies haven't implemented the security solutions necessary to defend this burgeoning network entry method. This failure to defend on the mobile front makes mobility a prime target. But that doesn't have to be the case. Thanks to Entrust IdentityGuard, an organization's leaders have the peace of mind knowing that mobile devices in the network are protected.
Here at Entrust, we're at the forefront of providing enterprises with cutting-edge protection in both the virtual and physical realms. Our CJIS Compliance Solutions are trusted by agencies and departments of all sizes. That's because Entrust IdentityGuard, as a platform, meets the advanced security standards of CJIS while allowing user agencies to benefit from significant cost savings and consolidation of digital identities. As far as this kind of work goes, here at Entrust we're a leader in the field, thanks to over 15 years of helping law enforcement agencies maintain security standards.