<img src="https://ad.doubleclick.net/ddm/activity/src=11631230;type=pagevw0;cat=pw_allpg;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=${GDPR};gdpr_consent=${GDPR_CONSENT_755};ord=1;num=1?" width="1" height="1" alt="">
CJIS Compliance

CJIS Compliance for Emails and Files

Encrypt and control criminal justice information (CJI) stored and shared via Google Workspace and Microsoft 365 for CJIS compliance (Criminal Justice Information Services).

CJIS Compliance-1

CJIS Compliance: What Security Leaders Need to Know

What is CJIS compliance? Criminal Justice Information Services (CJIS) analyzes criminal justice information (CJI) from law enforcement centers around the country and provides a centralized database to store and access CJI. To use CJIS databases, organizations must comply with government regulations:

  • Section When CJI is transmitted outside the boundary of the physically secure location, the data shall be immediately protected via encryption that is FIPS 140-2 certified.
  • Section When CJI is at rest (i.e. stored digitally) outside the boundary of the physically secure location, the data shall be protected via encryption with the same standard mentioned above or use a symmetric cipher that is FIPS 197 certified (AES) and at least 256-bit strength.

Enable CJIS Compliance in the Cloud with End-to-End Encryption

The cloud enables on-demand access to CJI for state and local governments and agencies that maintain public safety. To protect criminal history record information (CHRI) and other CJI, organizations must comply with strict government regulations to mitigate CJIS compliance risks. When CJI is transmitted or at rest (i.e. stored digitally) outside the boundary of the physically secure location, the data needs immediate protection via encryption that is FIPS 140-2 certified.

Support your need to collaborate internally and with external agencies, and unlock digital workflows to support remote government workers and distributed agency teams. Virtru’s data-centric, end-to-end encryption and granular access controls help you:

  • Protect CJI stored in or shared via email and file systems like Gmail, Google Drive, and Outlook from access by unauthorized users with AES-256 bit encryption, FIPS 140-2 compliant modules, and two-factor authentication.
  • Host your own encryption keys so you never have to trust anyone (including cloud providers) with access to your data.
  • Prevent human error by automatically enabling encryption for users who handle CJIS-protected data to protect emails and files.
  • Revoke access and add/adjust access controls at any time. Enable data loss prevention (DLP) rules to identify potential CJI.
  • View when and where messages and files have been accessed to complete detailed audits.
  • Use Virtru Secure Share for protected file exchanges and collaboration.
A screenshot of Virtru's Outlook Add-In protecting background check information

“By enabling full compliance for our law enforcement agency, Virtru gave us a path toward a complete cloud migration.”

Susan Lyon
Google Cloud Team Manager, State of Maryland

Unlock CJIS Compliance for Digital Workflows


Privacy and Compliance

End-to-end encryption prevents unauthorized access to email and files containing CJI and maintains the privacy of citizens’ PII, supporting CJIS compliance.


Secure Sharing

Persistent protection to govern access throughout the data lifecycle, with the option to host your own encryption keys.

Ease of Use

Boost user adoption and deliver simple recipient access that naturally fit into workflows between users, admins, and agency partners.

Virtru hosts everything in the U.S., uses encryption algorithms that comply with FIPS 140-2, is FedRAMP authorized at the moderate impact level, and adheres to the security controls defined by NIST SP 800-53. Virtru cannot access your protected data at any time.

Keep CJI Protected and Under Your Control,
Everywhere It’s Shared

Simplified-Screenshots_Microsoft-highlight-dropshadow (1)

Easy End-to-End Encryption for CJIS-Compliant Cloud Workflows

Without end-to-end encryption, use of cloud services requires CJIS-specific background screening and training for cloud vendor personnel and specialized SLAs and/or contractual clauses that compound costs and delay deployments.

Virtru’s end-to-end encryption streamlines CJIS compliance in the cloud by preventing vendor personnel from accessing CJI. Transparent key exchanges avoid complexities of other end-to-end encryption approaches like PGP and S/MIME for enhanced adoption and usage

Power Internal and External Agency Collaboration While Supporting CJIS Compliance

Provide law enforcement agency employees and administrators easy-to-use data protection, embedded in existing applications. Complement user protections with DLP rules that automatically enforce encryption and control.

Enable seamless access for recipients and collaborators at external agencies and departments, without requiring new accounts, passwords, or software, for digital sharing workflows that support rapid delivery of services that support public safety.


Maintain Control and Persistent Visibility

Enable secure data sharing, aligned with CJIS compliance, across agencies with attribute-based access controls (ABAC) for CJI that enable instant access revocation, expiration, disable forwarding, and document watermarking capabilities.

Audit who has accessed CJI, when, where, and for how long. Export event logs for analysis, or integrate with your SIEM for advanced threat analysis.

Maintain ultimate control of the encryption keys protecting all sensitive CJI stored and shared in the cloud with the Virtru Customer Key Server.

Schedule a demo with Virtru today.

Trusted by State and Local Governments, Federal Agencies, and Thousands of Other Organizations.