CJIS compliance and the cloud

 

CJIS compliant with Gmail? You bet. 

For a while, Gmail and CJIS data simply didn't mix. Today you can you enable end-to-end encryption, ensuring that only authorized parties can decrypt your content. Whether you or your organization needs to comply with regulations like HIPAA, FERPA, CJIS, or to protect sensitive personal or corporate information, it's straightforward with Umzuzu partner Virtru. Virtru can be installed into any Google for Work, Government, or Education domain within a few minutes. 

 

Installing Virtru for Gmail takes about a minute. When you install Virtru for Gmail you gain the ability to easily encrypt emails and files, and your users gain the ability to revoke and control forwarding of their sensitive content, and gives administrators central control and monitoring.

 

Understanding CJIS

CJIS is the largest division of the Federal Bureau of Investigation. CJIS monitors criminal activities in local and international communities using analytics and statistics provided by law enforcement, and their databases provide a centralized source of criminal justice information (CJI) to agencies around the country. This data makes it harder for the bad guys to pretend they're good guys just by moving across state lines or to other countries. 

Criminal Justice Information Services (CJIS) data is extremely sensitive for obvious reasons. The core of the American criminal justice system is the presumption of innocence. In the United States a person is, by law, innocent until proven guilty. The FBI has massive reach. Certainly many people they gather data on are actually innocent. Their privacy should be protected. 

We also don't want the bad guys getting access to CJIS data. Even if they weren't able to tamper with anything, simply understanding the data could provide intelligence they need to avoid responsibility for their actions. 

CJIS compliance and the Cloud

New technologies always bring along new questions. On-premises hardware and software computer systems were the only option before modern cloud computing. One aspect of CJIS compliance is the ability to authorize, control, and monitor all forms of remote access to CJIS data. Well, for their own security requirements, Google and other cloud computing vendors are not going to allow your agency that level of access to their data centers or employees. Cloud computing vendors are also not going to continuously submit their employees for FBI background checks and fingerprinting should a government agency be audited for CJIS compliance. 

Police Departments want to use Gmail

"We had a goal of increasing our mobility, reducing the reliance on paperwork as well as increasing our productivity and collaboration. Google Apps has assisted us with to reach our goals" - Dan Doyle, Chief of Police at Lake Havasu City, Arizona

In our experience, interpretation of CJIS compliance requirements and the implementation of CJIS compliant policies and procedures varies from agency to agency. Police Departments have an extremely tough job to do. Many of them are being asked to be more efficient. And they want to use the same powerful tools available to the rest of the team. Cloud computing often has more to offer the Police Department than any other agency team. Their jobs are inherently mobile and on-demand. Many officers share workspaces. They answer the call each day to Serve and Protect, not do paperwork.