CRIMINAL JUSTICE INFORMATION SERVICES
CJIS (Criminal Justice Information Services)
Many organizations are struggling with how to work towards and maintain CJIS cybersecurity compliance.
First Call Computers Solutions has worked for many years in highly regulated industries across Montana like banking, credit unions and Department of Defense manufacturing.
First Call has the people, processes and tools to help organizations align with the needed controls.
cRIMINAL JUSTICE INFORMATION SERVICES
This same framework is CJIS’s “guiding light”. NIST stands for the National Institute of Standards and Technology.
The NIST cyber security framework:
- Identify: assets
- Protect: assets
- Detect: incidents
- Respond: incidents
- Recover: incidents
In addition to NIST, Criminal Justice Information Services organizations require additional, specific security controls both for people inside and outside their organization who operate in or access criminal justice services or information.
Montana Operations Manual (MOM)
MOM, provided by the State of Montana outlines, 20 baseline security controls which are ALSO based off the NIST Cybersecurity Framework. Said differently, focus on NIST, and make MOM happy. (so many acronyms).
First Call works with the agency and the CJIS’s Information Security Officer to achieve and maintain compliance. First Call provides a virtual Chief Information Security Officer (vCISO) giving our CJIS clients the high level person they need to guide and steer them. First Call also provides ongoing security auditing services so that the gaps are clear, closed and maintained proactively.
In the event of audits: (FBI or CSA) First Call is the main technical point of contact, completing any pre-audit questionnaires and is physically available for the onsite audit and to review/explain any audit follow up recommendations.
First Call is providing general security awareness training as part of its standardized services.
All personnel must also be formally trained on the rules, responsibilities and behavior around usage of CJIS.
The FBI and the State have provided incident response guides and procedures that must be followed in the event of an incident. First Call also has robust incident response management experience spanning multiple industries.
Proper event logging is put in place so that evidence requirements are met both for the types of logs and the length of retention.
Access control requirements including MFA are critically important to CJI security and compliance. First Call has a complete team to help implement and maintain these solutions.
Network Diagrams, secured storage of network documentation and access controls are all provided to meet this requirement as part of NIST compliance
First Call provides regulatory compliance certificates for any media or storage services provided and certificates of destruction for records on disposal of physical media containing CJI.
First Call can work with your facilities team and a variety of 3rd party vendors and systems to help organizations align their buildings, rooms, policies and work flow.
SYSTEMS & COMMUNICATIONS PROTECTION & INFORMATION INTEGRITY
This is the most importany and deepest, widest portion of the CJIS effort from an IT Standpoint. Many technologies and considerations have to be considered from local IT, cloud, VOIP etc
First Call does the screening requirements of its own staff before granting access
First Call can help establish the policies and procedures needed for their own staff and contractors/vendors for CJIS compliance and records.
CJIS has established comprehensive polices that apply to all mobile devices to help organizations establish the required controls.
Request time to meet with a First Call vCISO (virtual Chief Information Security Officer) to discuss your needs, progress and ways we can help you through this journey of protecting criminal justice information.