CJIS Compliance
CJIS SECURITY POLICY COMPLIANCE
Law enforcement agencies and prosecutors across the United States can confidently utilize 365Labs solutions knowing that 365Labs is their partner in meeting Criminal Justice Information Services (CJIS) Security Policy requirements.
365Labs security practices, services and solution architecture are designed to meet or exceed CJIS Security Policy requirements.
CJIS Security Policy
The Federal Bureau of Investigation’s CJIS Security Policy provides Criminal Justice Agencies (CJA) and Noncriminal Justice Agencies (NJCA) with the minimum security requirements for access to CJIS systems and information to protect the full lifecycle of Criminal Justice Information (CJI). CJI refers to all of the FBI’s CJIS-provided data necessary for law enforcement agencies to perform their mission and enforce the laws. CJI includes biometric, identity history, person, organization, property and case/incident history data.
CJIS and Cloud Services
Law enforcement and other government agencies in the United States must ensure that their use of cloud services for the transmission, storage, or processing of CJI complies with the CJIS Security Policy. Agencies must make informed decisions on whether or not a provider can offer services that maintain compliance with CJIS requirements.
365Labs SaaS products and services are designed and operated to ensure that they are compliant with the FBI CJIS Security Policy. Client data hosted by 365Labs is protected by a robust information security program designed to exceed the CJIS security requirements as well as provide protection against current and emerging threats. 365Labs utilizes infrastructure that is FedRAMP certified and adheres to security controls for ISO 27001, ISO 27018, SOC 1, SOC 2, SOC3, HITRUST, MTCS, IRAP, and ENS.
To assist our clients with validating compliance, a 365Labs SaaS CJIS Compliance Report is available which outlines how 365Labs services comply with the specific CJIS security policy requirements.
365Labs's CJIS Commitment
365Labs is committed to the following CJIS compliance elements:
CJIS Security Addendum
The CJIS Security Addendum is a uniform addendum to an agreement between a government agency and a private contractor, approved by the Attorney General of the United States, which specifically authorizes access to criminal justice information, limits the use of the information to the purposes for which it is provided, ensures the security and confidentiality of the information is consistent with existing regulations and the CJIS Security Policy, provides for sanctions, and contains such other provisions as the Attorney General may require.
Personnel Adjudication
As mandated by the CJIS Security Policy, all law enforcement agency contractors who perform criminal justice functions shall meet the same training and certification criteria required by governmental agencies performing a similar function and shall be subject to the same extent of audit review as are local user agencies. All private contractors who perform criminal justice functions shall acknowledge, via signing of the CJIS Security Addendum Certification page, and abide by all aspects of the CJIS Security Addendum.
Fingerprint-Based Record Checks
Authorized 365Labs personnel are available for state of residency and national fingerprint-based record checks at either the state or local level.
Personnel Security Addendum Certifications
365Labs maintains signed CJIS Security Addendum certification pages for 365Labs personnel that can be provided to customer agencies.
CJIS Security Awareness Training
365Labs maintains a comprehensive security awareness program for all employees. 365Labs has partnered with Peak Performance Solutions to enroll authorized 365Labs personnel in Peak Performance’s CJIS Online training solution. This training provides CJIS-specific training for personnel working on 365Labs SaaS services. Authorized 365Labs personnel are required to complete Level 4 CJIS Security Training upon assignment and biennially thereafter.
Law enforcement agencies can access the CJIS Online portal to validate 365Labs personnel training status. Completion reports can also be provided by 365Labs to client agencies upon request.
Data Sovereignty Within The United States
365Labs contractually commits with United States clients that agency data stored in 365Labs SaaS Suite remains within the United States including any backup data, replication sites, and disaster recovery sites. 365Labs utilizes infrastructure that is FedRAMP certified and adheres to security controls for ISO 27001, ISO 27018, SOC 1, SOC 2, SOC3, HITRUST, MTCS, IRAP, and ENS.
Providing Detailed Security, Privacy And Compliance Information Or CJIS Assistance
365Labs’ SaaS CJIS Compliance Report outlines the specific security policies and practices for 365Labs SaaS services and how they comply with the CJIS Security Policy. Responses to questions posed in the CJIS Security Policy Appendix G.3 Cloud Computing are also provided within the report. The report can be used by law enforcement agencies as detailed information to assist in CJIS assessment or audit activities.
365Labs can provide additional security, privacy and compliance information beyond what is communicated on the 365Labs website and the SaaS CJIS Compliance Report.
365Labs SaaS services CJIS compliance status has been reviewed by numerous US law enforcement agencies. 365Labs employs dedicated Information Security and Compliance professionals that are available to directly assist clients in any CJIS audit that includes 365Labs SaaS services.
Please reach out to your 365Labs Account Manager with questions or requests for CJIS related documentation, 365Labs personnel documentation, or CJIS audit or compliance assistance.