<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=217513&amp;fmt=gif">

DSM’s Security Policy for Criminal Justice Information Services (CJIS)

DSM adheres to the US Criminal Justice Information Services Security Policy.

About DSM's CJIS Security Policy

DSM and its employees have signed the FBI's CJIS Security Addendum. By doing so, DSM agrees to comply to all CJIS security policies, including how we handle CJIS data, and that fingerprint-based background checks are performed on all personnel with logical and/or physical access to CJI.

DSM has assessed the operational policies and procedures of our offerings including: DRaaS, DPaaS, Hybrid Cloud, Private Cloud, Public Cloud (in Azure Gov), and VPC. and will attest in the applicable service agreements to their ability to meet FDLE requirements for the use of in-scope services. This enables law enforcement and criminal justice management entities to implement cloud-based solutions and comply with CJIS Security Policy V5.8.

As of 2019, DSM has a signed memorandum of understanding (MOU) with HSMV-FHP, providing Leading Agency Sponsorship for DSM. This agreement allows law enforcement and criminal justice management entities to sign an inter-agency agreement with HSMV instead of having to vet DSM's facilities and personnel directly.  This process has already been completed and is maintain by HSMV.

security-shield_248028896

 

Audits, Reports, and Certificates

The FDLE does not offer certification of DSM compliance with CJIS requirements. Instead, DSM’s lead agency sponsor (HSMV) provides the interagency agreement, and DSM provides a letter of attestation to its clients.  DSM will also work directly with client to submit all paperwork in Florida to FDLE to obtain final approval.

*FIPS Certificate Available 


How to Implement

DSM has created a comprehensive checklist on the 3 ways to implement CJIS in your organization. You can download that here: DSM CJIS Checklist

security-tech-lines_270975571

 

About the CCSL

The Criminal Justice Information Services (CJIS) Division of the US Federal Bureau of Investigation (FBI) gives state, local, and federal law enforcement and criminal justice agencies access to criminal justice information (CJI) such as, fingerprint records and criminal histories. Law enforcement and other government agencies in the United States must ensure that their use of cloud services for the transmission, storage, or processing of CJI complies with the CJIS Security Policy, which establishes minimum security requirements and controls to safeguard CJI.

In addition, all private contractors who process CJI must sign the CJIS Security Addendum, a uniform agreement approved by the US Attorney General that helps ensure the security and confidentiality of CJI required by the Security Policy. It also commits the contractor to maintaining a security program consistent with federal and state laws, regulations and standards, and limits the use of CJI to the purposes for which a government agency provided it.

Frequently Asked Questions

Where can I request more compliance information?

How does DSM demonstrate that its cloud services are CJIS Compliant?

  • DSM’s lead agency sponsor provides the interagency agreement and DSM provides a letter of attestation to its clients. 

Are all of DSM’s offerings compliant or only specific ones?

  • All of DSM’s Cloud offerings and colocation are CJIS compliant.

Can I encrypt my data with any vendor and be compliant?

  • Yes, but the data must still reside within the U.S. and the vendor cannot possess the encryption keys.  This is only possible for solutions like off-site backups. IaaS solutions can require the data to be unencrypted to process and handle live.  This restricts which cloud vendors you can work with when it comes to certain cloud solutions.

Where do I start with my organization's own compliance effort?

  • CJIS Security Policy covers the precautions that your agency must take to protect CJI. In addition, you can reach out to DSM for more tips/guidance on how to get started.

DSM has always been very responsive to our needs and has brought innovative ideas to the table. We have been very pleased with the company and service we have received. They have always been responsive; professional and a pleasure to work with.

Craig W. VollertsenFlorida Department of Agriculture and Consumer Services

DSM was integral in being able to actually save our business when we had a fire and our building burned down. We would have lost our business without DSM. They came to our rescue.

Luis CampanoJerue

Market experts...and their team has a heart of a teacher to help clients understand complex issues regarding technology. Facility secure, and they offer reasonable recurring engagements.

Steve Madden

Contact an Expert Today!

Talk to a cloud expert and learn how to utilize the services you need.