<img src="https://ad.doubleclick.net/ddm/activity/src=11631230;type=pagevw0;cat=pw_allpg;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=${GDPR};gdpr_consent=${GDPR_CONSENT_755};ord=1;num=1?" width="1" height="1" alt="">
Datasheet

Protect Criminal Justice Information and Support CJIS Compliance

Virtru’s end-to-end encryption, security settings, granular access controls, and customer-hosted key management capabilities prevent unauthorized access to regulated data.

CJIS Data Security Requirements

Criminal Justice Information Services (CJIS) analyzes criminal justice information (CJI) from law enforcement centers around the country and provides a centralized database to store and access CJI. To use CJIS databases, organizations must comply with government regulations:

  • Section 5.10.1.2.1 When CJI is transmitted outside the boundary of the physically secure location, the data shall be immediately protected via encryption that is FIPS 140-2 certified.
  • Section 5.10.1.2.2 When CJI is at rest (i.e. stored digitally) outside the boundary of the physically secure location, the data shall be protected via encryption with the same standard mentioned above or use a symmetric cipher that is FIPS 197 certified (AES) and at least 256-bit strength.

Virtru hosts everything in the U.S., uses encryption algorithms that comply with FIPS 140-2, is FedRAMP authorized at the moderate impact level, and adheres to the security controls defined by NIST SP 800-53. Virtru cannot access your protected data at any time.

Virtru is a Crucial Part of Your Solution to Help Meet CJIS Compliance

End-to-End Encryption

Protect CJI and any sensitive data you need to share and store with AES-256 bit encryption, FIPS 140-2 compliant modules, and two-factor authentication.

Encryption Key Management

Host your own keys so you never have to trust anyone (including cloud providers) with access to your data. Integrate with existing processes and Hardware Security Modules.

On-Demand Access Controls

Revoke access and add/adjust access controls at any time. Enable data loss prevention (DLP) rules to identify potential CJI and alert users to add encryption.