How to meet the FBI's CJIS Security Policy mandate while gaining operational efficiencies
Learn what you can do to comply with the FBI’s Criminal Justice Information Systems (CJIS) Security Policy to maintain access and avoid penalties.
The FBI’s Criminal Justice Information Systems (CJIS) has mandated that entities accessing its databases must comply with the CJIS Security Policy (CSP) by October 1, 2024.
Failure to do so can result in denied access to any FBI database or CJIS system, along with fines and criminal charges.
Even if the deadline has passed, it’s imperative that government entities understand the requirements for compliance and are prepared to evaluate solutions with both security and user adoption in mind.
Imprivata delivers low-friction access control that meets CJIS compliance
Imprivata is at the forefront of helping organizations achieve and maintain compliance with the CJIS mandate through solutions like single sign-on (SSO) and multifactor authentication (MFA) for both shared workstations and legacy apps.
Here are two recent examples of how Imprivata helped customers meet CJIS security requirements and get their jobs done effectively and efficiently.
U.S. city meets compliance requirements for its police force while improving operational performance
The police force of a city with over 200,000 citizens sought out Imprivata to help them with a CJIS-compliant system that was user-friendly and didn’t hinder efficiency. When considering how to comply with CJIS Security Policy requirements, the police officers were frustrated by the prospect of constantly logging in and out of devices and applications, particularly with workstations that locked every 10-15 minutes – serious obstacles for patrol cruisers out responding to emergencies. Furthermore, the workstations in the cruisers were shared devices, used by multiple officers.
The city ultimately selected Imprivata Enterprise Access Management (formerly Imprivata OneSign and Confirm ID) because it is a holistic solution that encompasses MFA, SSO, password reset, password manager, 20+ pre-built reports, and more. This wasn't the case for other solutions evaluated, which could only address specific use cases such as MFA for remote workers on single-user devices, and without supporting legacy applications.
The Imprivata team first set up a Proof of Concept that allowed the city to evaluate the solutions value while police officers could experience how much easier it would be to do their jobs. The fact that SSO let officers access any application with a simple badge tap resulted in an enthusiastic stamp of approval from the Chief of Police. In fact, the city ultimately selected Imprivata Enterprise Access Management (EAM), not only for the police force, but across the board for all its secure access needs.
Imprivata EAM allows officers to quickly access workstations and applications, even while on patrol in their cruisers, by simply tapping their badges to log in or out of any endpoint. This significantly streamlines their workflows by eliminating the need for repeated logins, so officers can easily access crucial tools without compromising security.
EAM not only enhances operational efficiency, but also aligns with CJIS compliance requirements, ensuring that access to sensitive information is securely managed. Using Imprivata supports the city’s broader goal of maintaining public safety and justice system integrity.
U.S. county’s 911 division overcomes tech challenges to meet CJIS requirements
One U.S. county’s 911 division was finding it particularly challenging to comply with the CJIS mandate due to a complex technical environment. This included two domains and two Active Directories (ADs) with the same users across both domains in many instances.
Having already piloted competitors in the MFA/SSO space, the county’s 911 division realized the options from other providers weren't able to function effectively within their tech environment. Then Imprivata was brought into the process and was able to demonstrate how EAM could streamline 911 workflows across both AD domains. Furthermore, Imprivata successfully delivered an EAM Proof of Concept while the customer was in the middle of moving to a new facility.
Imprivata offered the county a workflow using one physical badge and dual badge frequencies, so a single badge could work across both domains. This solution assisted the county’s CJIS initiative without sacrificing security or ease of access for their end users.
Leveraging its deep understanding of the needs of frontline workers, and the ability to solve for complex IT environments, Imprivata exceeded the customer’s expectations. EAM capabilities plus the expertise and strategy of the Imprivata team combined to offer an elegant solution that complemented the county’s multiple-domain environment.
Learn how Imprivata Enterprise Access Management can help your organization meet CJIS compliance
Imprivata continues to work with several other U.S. government entities to meet CJIS compliance with a goal of improving efficiency while overcoming technical challenges. We're prepared to meet the unique needs of each customer with simple, secure solutions that make work easier.
Interested in learning more? Contact us to request a demo.