Policy Version 5.8 (CJIS)

In the following Security Awareness Training Document, you will find a list of ideas that will be discussed. Please revert to the Overview page of the CJIS slide presentation. The CJIS Security Policy provides Criminal Justice Agencies (CJA) and Noncriminal Justice Agencies (NCJA) with a minimum set of security requirements for access to Federal Bureau of Investigation (FBI) Criminal Justice Information Services (CJIS) Division systems and information and to protect and safeguard Criminal Justice Information (CJI). This minimum standard of security requirements ensures continuity of information protection. The essential premise of the CJIS Security Policy is to provide the appropriate controls to protect CJI, from creation through dissemination; whether at rest or in transit. The CJIS Security Policy integrates presidential directives, federal laws, FBI directives, the criminal justice community’s Advisory Policy Board (APB) decisions along with nationally recognized guidance from the National Institute of Standards and Technology (NIST) and the National Crime Prevention and Privacy Compact Council (Compact Council). 

This Information Security Awareness Training is designed to equip those accessing the agency's data with basic tools to protect computers and networks interconnecting with Criminal Justice Information Services (CJIS). At the consent of the advisory process, and taking into consideration federal law and state statutes, the CJIS Security Policy applies to all entities with access to, or who operate in support of, FBI CJIS Division’s services and information. The CJIS Security Policy provides minimum security requirements associated with the creation, viewing, modification, transmission, dissemination, storage, or destruction of CJI. Entities engaged in the interstate exchange of CJI data for noncriminal justice purposes are also governed by the standards and rules promulgated by the Compact Council. 

To ensure compliance with federal and state policies, security awareness training is required within six (6) months of employment and every two (2) years thereafter for all employees who may access CJIS data. This requirement applies to vendors also who work with networking equipment and/or software which stores, processes, or transmits CJIS Data. 

For additional readings and resources, please visit the U. S. Department of Justice Federal Bureau of Investigation Criminal Justice Information Services Division - Criminal Justice Information Services (CJIS) Security Policy by clicking --> CJIS Security Policy Resource Center.