CJIS Data Security Requirements
Criminal Justice Information Services (CJIS) analyzes criminal justice information (CJI) from law enforcement centers around the country and provides a centralized database to store and access CJI. To use CJIS databases, organizations must comply with government regulations:
- Section 18.104.22.168.1 When CJI is transmitted outside the boundary of the physically secure location, the data shall be immediately protected via encryption that is FIPS 140-2 certified.
- Section 22.214.171.124.2 When CJI is at rest (i.e. stored digitally) outside the boundary of the physically secure location, the data shall be protected via encryption with the same standard mentioned above or use a symmetric cipher that is FIPS 197 certified (AES) and at least 256-bit strength.
Virtru hosts everything in the U.S., uses encryption algorithms that comply with FIPS 140-2, is FedRAMP authorized at the moderate impact level, and adheres to the security controls defined by NIST SP 800-53. Virtru cannot access your protected data at any time.
Virtru is a Crucial Part of Your Solution to Help Meet CJIS Compliance
Protect CJI and any sensitive data you need to share and store with AES-256 bit encryption, FIPS 140-2 compliant modules, and two-factor authentication.
Encryption Key Management
Host your own keys so you never have to trust anyone (including cloud providers) with access to your data. Integrate with existing processes and Hardware Security Modules.
On-Demand Access Controls
Revoke access and add/adjust access controls at any time. Enable data loss prevention (DLP) rules to identify potential CJI and alert users to add encryption.