Virtru FAQ: CJIS Compliance

Is Virtru FIPS 140-2 compliant?

Virtru's encryption complies with FIPS 140-2, but not always by default. Customers should make sure to request Virtru with FIPS mode enabled to ensure FIPS 140-2 compliance across all Virtru platforms.

We use 3rd party AES-256 encryption libraries that have been certified by or for companies such as Google, Apple and Microsoft (more details below). As such, Virtru has not been required to go through a validation directly.

The Certificates for the certified Cryptographic Libraries are all listed here. The certificate numbers in question depend on platform and are listed below:

- # 1329 - Outlook for Desktop - Windows 7
- # 2357 - Outlook for Desktop - Windows 8
- # 2021 - iOS
- # 1747 - Android, Chrome*

*Upon request, we can enable FIPS mode in Virtru's Chrome extension, but that platform does not use a FIPS module by default today.

Is Virtru Basic CJIS compliant?

To allow an agency to be fully CJIS compliant requires detailed audit logs to be made available to the customer, which is only available to our paid tiers.

How is Virtru CJIS compliant?
  • Virtru’s encryption meets or exceeds all CJIS requirements (i.e. FIPS 140-2).
  • Virtru encrypts criminal justice information (CJI) at rest and in-transit.
  • Client-side encryption prevents third party vendors from having to handle unencrypted CJI.
  • Virtru DLP, when properly configured, enables detection of CJI before it leaves secure locations.