top of page

Edith Kowalik

Oct 1, 2024

Pumpkin spice and CJIS Compliance fright

Hay everyone, 


We are officially into October which means it is Cybersecurity Awareness Month and time for our annual Fall pun newsletter. Don’t worry, we’ll creep it short. 


A number of controls from the CJIS Security Policy are now sanctionable from the following control families:

  • Access Control (AC-2)

  • Identification and Authentication (IA-2, IA-5,)

  • Configuration Management (CM-2, CM-6, CM-7, CM-8,)

  • Systems and Communications Protection (SC-7)

  • System and Information Integrity (SI-2, SI-3, SI-4, SI-7, SI-10)

  • Risk Assessment (RA-5)


You can find the full Requirements Companion list here. Anything marked with an “existing” or “P1” priority level is now in effect. 


If you’re feeling stumped, the CJIS ACE team is all about #beingCJISsmart and making sure CJI is being secured. In a CJIS ACE Assessment, we can go over all of the requirements now in place, help you understand how they apply, if you’re meeting them, and have you breathing a sigh of re-leaf knowing where you stand with CJIS Compliance. If you’d like to hit the gourd running, reach out to us at info@cjisace.com.


Have a spice day,

Edith Kowalik 

bottom of page