So, you want to know about CJIS Certification.
-From the Desk of Senior Security Analyst, Larry Coffee
I’ve got good news and bad news. You see, in all of my years working with the FBI and in law enforcement, no one has developed an official CJIS Certification. It just doesn’t exist. But the good news is: CJIS Readiness does exist!
While at the Florida Department of Law Enforcement, I used to get calls all the time from agencies asking me, “Is this vendor CJIS Certified?” or telling me, “My vendor says they are CJIS Certified.” My response, the response from the FBI, and the other ISOs from around the country was, “There is no CJIS certification.”
CJIS Audit & Compliance
So what can you do? You need a contractor or vendor who can comply with the CJIS Security Policy.
If there is no certification process, how do you know you or your vendor can meet the Security Policy standards? This is where CJIS ACE comes in.
CJIS ACE gets you as close as possible to CJIS certification — we call it “CJIS Ready.” CJIS ACE has specifically designed a five-step process to help agencies, businesses, and service providers become CJIS Ready:
1. Knowledge Transfer – Development of an in-depth compliance profile tailored to your organization’s business operations;
2. Process Evaluation – Completion of an extensive review of your organization’s physical and electronic security controls to identify compliance gaps;
3. Compliance Mitigation – Creation of a detailed mitigation roadmap needed to achieve CJIS Readiness;
4. Remediation Development – Consultation with your organization to discuss how to fix any identified compliance issues;
5. Continued Assessment – Follow up with your organization to ensure up-to-date CJIS Readiness.
We use the Requirements and Tiering Document as our foundation for this process. So, we are going through each and every “shall” statement to determine applicability and compliance gaps.
At completion of our process, your organization or business is ready to meet the compliance requirements defined in CJIS Security Policy. It’s the closest thing to CJIS Certification that you’re going to find.
This process applies to any entity that uses criminal justice information: criminal justice agencies, non-criminal justice agencies, private organizations, businesses, and vendors.
Find out more at cjisace.com