FBI’s Criminal Justice Information Services (CJIS) Mandate
Law enforcement agencies need timely, secure access to systems that provide information from anywhere at any time to prevent and decrease cyber crime.
In response to these needs, the Federal Bureau of Investigation (FBI) introduced the Criminal Justice Information Services (CJIS) mandate that integrates presidential directives, federal laws, FBI directives, and the criminal justice community’s decisions. Presented at both strategic and tactical levels, this policy is periodically updated to reflect the security requirements of evolving business models.
On a technical level, the CJIS mandate requires strong, two-factor authentication when accessing the criminal justice database. Strong security is essential irrespective of where access to the data occurs, whether on mobile devices or desktops at law enforcement agencies and headquarters.
What Is CJIS Compliance?
CJIS compliance is what keeps professionals in criminal justice and law enforcement (at local, state, and federal levels) in agreement about standards for data security and encryption.
CJIS databases contain all necessary information for detaining criminals, performing background checks, and tracking criminal activity. According to the FBI’s Advanced Authentication Requirement, organizations are obligated to use multi-factor authentication (MFA) if employees are accessing criminal justice information systems. This is similar to using a debit or credit card that requires PIN input.
A recurrent strategy for MFA is to use software applications or physical devices that generate unique, one-time passwords with time limits. Multi-factor authentication is a key policy area that should be on every business’ CJIS checklist along with data encryption.
MFA Use Cases for CJIS Compliance
Law Enforcement Officers:
Field police officers are always on the move in their squad cars. These field officers need immediate access to the criminal justice information systems in order to verify an individual’s identity or a driver’s record.
An MFA solution with support for multiple authentication methods helps police departments satisfy the CJIS requirement. Law enforcement officers are prompted for a second-factor authentication (2FA) when logging into their mobile data terminals (MDTs). The officer uses their smart card or a hardware token to fulfill the 2FA, allowing access to the CJI database.
Justice Department Officials:
Prosecutors from the office of the District Attorney often visit a correctional facility and need to access their email, which contains CJIS information. When the prosecutor uses a secure terminal to access their email, MFA software detects that the user is logging in from a new device and prompts for second-factor authentication.
Many MFA solutions also capture the device information and maintain a comprehensive audit trail. They can integrate with complementary CJI data sharing solutions to provide advanced authentication capabilities for secure access.
First Responders:
It is imperative to deploy fast, one-touch authentication for first responders such as police officers and firefighters, as time is of critical importance. First responders need secure, speedy access to machines, VPN, and CJIS systems like criminal databases, license plate databases, and more.
With an MFA solution, first responders get fast and easy access to protected systems and data via reliable hardware security that does not require a battery or network connectivity. It offers strong one-touch security and is much faster than typing in an OTP.
uTrust FIDO2 Security Keys
FIDO2 is the umbrella term for FIDO Alliance’s newest set of specifications. It enables users to capitalize on common devices to authenticate online services in both desktop and mobile environments. FIDO2 helps organizations achieve a seamless and passwordless login experience from all devices.
Identiv’s uTrust FIDO2 Security Keys are strong near field communication (NFC) MFA devices, providing a simple, strong authentication experience that eliminates the need for passwords. With multi-protocol FIDO U2F, FIDO2, smart card (PIV), OpenPGP, and OTP support, these security keys are resistant to phishing attacks, safeguarding your credentials and accounts.
You can use uTrust FIDO2 Security Keys as credentials for:
- Government employees or contractors (desktop and mobile)
- Citizen access to government services
- Public safety and first responders
- Emergency communications personnel
Benefits of uTrust FIDO2 Security Keys for CJIS Compliance
Hardware security keys are increasingly being recognized as the practical and responsible way to solve the CJIS compliance challenge. The best part about this approach is the one-touch authentication process.
For example, when users sign into their email or apps, they enter their password and click “sign in”. However, the process does not end there. They are required to provide a second authentication factor to prove their identity and are then authorized to sign in to the account. Next, the user simply inserts their unique, personal key into their device, presses the button, and receives access instantly.
In the background, a challenge-response exercise is initiated using public-key cryptography between the security key and the service provider. This removes the risk of users’ accounts being accessed via compromised credentials or a phishing attack.
Here are a few benefits of using Identiv’s uTrust FIDO2 Security Keys:
- Simple and secure as there are no server-side shared secrets to steal
- Protects against phishing, man-in-the-middle, and replay attacks
- FIDO certified
- Cost-effective and user-friendly solutions
- Lower development/maintenance costs and little-to-no provisioning costs
- Faster time to market and future-proof
- Multi-protocol and multiple connectivity support
- TAA compliant
Authentication Solutions for Criminal Justice Information Services
uTrust FIDO2 NFC Security Keys protect critical network infrastructure and keep law enforcement agencies and citizens safe with mandated MFA cybersecurity.