.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
CJIS Compliance Services
Our CJIS compliance services are designed for individuals and organizations with access to Criminal Justice Information (CJI) through the FBI's Criminal Justice Information Services (CJIS). Ensuring compliance with the CJIS Security Policy (CSP) is vital for any entity that accesses, processes, stores, or transmits CJI, aiming to protect this sensitive data from unauthorized access, use, and mishandling.
.webp?width=152&height=43&name=TALK_BIG.D-74cdb226%20(1).webp){kind=small}
%20(1).webp?width=188&height=38&name=UMass_Logo_300ppi_Stacked%20reduced%20for%20(1)%20(1).webp){kind=logo}
.webp?width=190&height=37&name=LoanDepot_log%20(1).webp){kind=small}
What is the CJIS Security Policy (CSP)?
The CJIS Security Policy (CSP) is a comprehensive set of guidelines and standards designed to safeguard Criminal Justice Information (CJI) managed by the FBI's Criminal Justice Information Services (CJIS) Division. It applies to all federal, state, local, and tribal law enforcement agencies, as well as private contractors and other non-criminal justice entities that have access to CJI. The policy covers a wide range of security protocols, including access control, authentication, encryption, audit and accountability, incident response, and physical security, among others. Its purpose is to protect CJI from cyber threats, unauthorized access, and misuse while ensuring that the integrity and privacy of the information are maintained. Compliance with the CJIS Security Policy is mandatory for all entities that access, process, store, or transmit CJI.
Compass IT Compliance conducts IT risk assessments in alignment with the CSP, identifying all applicable policy areas essential for Criminal Justice Agencies (CJAs) and non-criminal justice agencies (NCJAs) to assess for adherence to CJIS standards. These policy areas align closely with NIST 800-53, the foundational framework for the Federal Risk and Authorization Management Program (FedRAMP).
Multi-Industry Cybersecurity Solutions
Compass IT Compliance provides services across a broad spectrum of industries. Whether you are a local government agency, a managed service provider looking for a white label solution, involved in software development, a cybersecurity firm, or operating in the legal sector, we are here to help. Our expertise extends to supporting organizations that work within the criminal prosecution and defense areas, ensuring comprehensive support for a diverse range of business needs. Other industries we service with include:
Why Choose Compass?
Compass IT Compliance stands as a beacon for organizations across all sectors looking to fortify their IT security, achieve compliance, and manage risk effectively. Since our founding in 2010, we've been unwavering in our mission to partner with organizations of every size, helping to mitigate information security risks with the highest level of customer service.
However, our expertise goes beyond mere compliance. At Compass IT Compliance, we're about building resilient security frameworks tailored to your unique needs, ensuring that your organization is not only protected against the evolving landscape of cyber threats but also positioned for seamless adherence to industry-specific regulations. Choosing Compass IT Compliance means opting for a partner dedicated to safeguarding your operations, data, and reputation with unmatched professionalism and expertise.
CJIS Compliance Frequently Asked Questions
CJIS stands for Criminal Justice Information Services. It is a division of the FBI that manages and protects criminal justice information, including fingerprints, criminal background records, and other sensitive data. CJIS compliance ensures that organizations handling this data follow strict security protocols to safeguard it from unauthorized access or breaches.
CJIS requirements are a set of security standards established by the FBI to protect criminal justice information, covering data encryption, access management, user authentication, network security, and auditing. Organizations handling this sensitive data must comply with these standards to ensure its confidentiality, integrity, and availability, preventing unauthorized access or breaches. Since the standards are updated periodically, it’s important to review the latest version of the CJIS Security Policy for exact requirements.
CJIS certifications are not issued by a specific entity or agency. Instead, organizations demonstrate compliance with the FBI’s CJIS Security Policy by meeting its requirements, often verified through audits or assessments conducted by authorized state or local agencies. These agencies ensure that organizations handling criminal justice information adhere to the policy's security standards to safeguard sensitive data.