Each day, criminal justice and law enforcement agencies on the local, state and federal levels access the Criminal Justice Information Services (CJIS) databases for information necessary to catch lawbreakers, perform background checks and track criminal activity. Obviously, it’s important that this data not fall into the wrong hands — while the loss of business intelligence can mean a major financial hit, the security of CJIS data could mean the difference between thwarting a criminal operation and allowing another to occur.
CJIS describes its Security Policy as a minimum set of standards. A local government may adopt it just as it stands, or it may augment the CJIS provisions with more stringent requirements. In either case, the CJIS Security Policy applies to all organizations and individuals that access CJI or support criminal justice services. These include contractors, private organizations and noncriminal justice agencies, along with criminal justice agencies themselves.