What Does CJIS Stand For?

CJIS means Criminal Justice Information Services, which is a division of the Federal Bureau of Investigation (FBI) in the United States that provides a wide range of information services to support law enforcement agencies at the federal, state and local levels. CJIS certification is a requirement for organizations that access or use criminal justice information. The certification is administered by the FBI and is designed to ensure that organizations have the necessary security measures in place to protect CJI.

What Does CJIS Compliance Mean?

CJIS compliance requirements protect national security while safeguarding the civil liberties of individuals and businesses and shielding private and sensitive information. It is an integral part of securing organizations for law enforcement and civil agencies, with access to criminal justice information (CJI) and ensuring they do not become victims of cybercriminals looking to exploit CJI for ransom or cause public damage.

CJI refers to all the FBI CJIS-provided data needed for law enforcement and civil agencies to conduct their missions, including but not limited to, biographic, biometric, identity history, property and case or incident history data.

Since it was established, CJIS has become the biggest division of the FBI and the main source of information and services for all national security, law enforcement and intelligence community partners. FBI CJIS is a division that provides a comprehensive database that helps law enforcement, national security and intelligence community partners across the country and comprises several departments:

• Integrated Automated Fingerprint Identification System (IAFIS): The IAFIS houses the most extensive collection of digital representations of fingerprint images, features from the digital fingerprint images and criminal history information in the world.
• Law Enforcement Enterprise Portal (LEEP): The LEEP provides web-based investigative tools and analytical resources that support the strengthening of case development for investigators and enhance sharing between agencies.
• National Crime Information Center (NCIC): The NCIC stores data on criminals and missing people.
• National Instant Criminal Background Check System (NICS): The NICS is used for background checks on people who want to own a firearm or explosive.
• Uniform Crime Reporting (UCR): The UCR compiles statistics for use in law enforcement, students of criminal justice, researchers, media and the public.

Each state or territory has a CJIS Systems Agency (CSA) that oversees the administration and usage of the CJIS Division programs within a state, district, territory or country.

Why Is CJIS Important?

State and local government and non-criminal justice agencies (NCJAs) are becoming frequent targets for compliance issues due to several reasons:

• Small local agencies may provide malicious actors with a portal into sensitive data in CJIS databases.
• Government agencies are considered an easy target by malicious actors.
• Law enforcement and public safety agencies, as well as their third-party vendors, are increasingly using mobile devices, many containing unauthorized use, to transmit and store CJIS data.
• State and local governments are typically less secure and less funded than their federal counterparts.
• With the increase in remote work, IT personnel are facing more challenges to secure endpoints for remote workers.

A data or infrastructure breach can damage national security and the civil liberties of individuals and businesses. Not prioritizing CJIS requirements and the policies that pertain to your organization could lead to sanctions, penalties, suspension, revocation or monitoring of access to CJIS.

The CJIS Security Policy (CSP) offers a set of security standards for all organizations, including cloud vendors, local agencies and corporate networks, to protect CJIS data from cybersecurity threats. Failing to follow the CSP means you could lose access to CJIS systems or FBI databases. You may also be subject to fines and criminal charges.

There have been several cases of non-compliance with CJIS. In April of 2021, a Lanesborough, MA, police officer was fired for improper use of the criminal records database. In September of 2022, a Freehold, NJ, officer illegally accessed information from a law enforcement (LE) database for personal use and was put on probation and fined. Fort Worth, TX, also had an incident whereby employees with criminal convictions were allowed access to a confidential FBI criminal database.