A look inside the CJIS Security Policy and how to comply with the new advanced authentication mandate
As mandated by the updated FBI CJIS Security Policy, Advanced Authentication will be required for all law enforcement personnel accessing NCIC criminal justice information outside of a secure location.
The term “Authentication” refers to the process of verifying a user’s identity when requesting secure access to CJIS systems. Typical “One-Factor Authentication” is when a user logs in with only a username and password.
“Advanced Authentication” or “Two-Factor Authentication” requires an additional separate factor or credential in order to complete the log-in process. This second credential is often sent as a one time PIN (OTP) that is obtained by something that the user physically has in his or her possession (e.g. an app or SMS text to a cell phone, a hard token or a paper token). These OTPs cannot be memorized like standard passwords because they are designed to change every time the user logs in.
See Figure 1 (right) for a simple three step explanation of the process.
Whether or not your agency requires CJIS Advanced Authentication boils down to one key question… Do you have officers who access NCIC criminal justice information from a mobile data terminal or handheld device, or are they trying to remote access from an unsecure location? If the answer is “Yes”, then those officers will require an Advanced Authentication system to be compliant.
DCI has developed the eAgentX2 Advanced Authentication solution specifically for law enforcement agencies to be compliant with this FBI CJIS Security Policy. We have over 100 years of combined experience with CJIS and keeping law enforcement agencies up to date with new FBI security standards, so you can rest assured knowing that our eAgentX2 solution meets the mandate. We understand what a headache it can be to keep up with all of the new security policies. Let us deal with the government mandates… you have enough to worry about.
As technology evolves, people are able to access sensitive information from more locations with a variety of devices, and in doing so, are opening themselves up to the risk of data breaches, fraud and inappropriate access to critical information. These factors have led to many organizations requiring multi-factor authentication or two step authentication as a part of their security policy.
eAgentX2 is an easy-to-implement solution that features flexible methods of strong authentication including OTP token authentication and SMS two factor authentication. This solution includes three levels of access (user, manager and admin) to allow the organization to create a smooth authentication procedure for each user. It can be installed easily without any hardware, and it can guard critical data from all major mobile devices. This is a complete solution that enables organizations to keep costs down while implementing an easy-to-use, multi-factor authentication solution.
eAgentX2 Advanced Authentication is scalable and integrates with all major virtual private networks (VPNs). It will allow you to administer a variety of strong authentication methods in a well-organized manner. It allows for multi-factor authentication methods through an OTP Token on your phone or in your hand, and it complies with the Criminal Justice Information Services (CJIS) security policy that all law enforcement and government agencies adhere to.
OTP Token based authentication offers your agency a simple way to block fraud and protect access to sensitive information. This solution has a variety of two-factor methods that provide end users with a secure OTP. It is highly configurable and cost-effective with several two-factor methods available directly as free applications on smart devices.