How Government and Law Enforcement Can Be CJIS Compliant While Mobile

Mobile Devices and CJIS ComplianceThe internet has gone on a permanent ride-along. It wasn’t long ago when gathering information and getting online meant that police officers and other law enforcement officials needed to get to a secure desktop computer at HQ, logon through a car-mounted device, or rely on radio information from a dispatcher connected at the station. But today, just like nearly 80% of Americans, law enforcement officials are performing many of their job functions on a mobile device. While this offers a host of benefits, it does leave concerns regarding Criminal Justice Information Services (CJIS) compliance.

 

Benefits of Mobile Devices for Law Enforcement

By utilizing their smartphone or other handheld technologies, police officers and law enforcement officials can stay connected, even after leaving the confines of their office or vehicle. They’re able to maintain access to critical information, in addition to being able to engage with the general public and solve challenges much more effectively. Some of the ways that mobile devices improve law enforcement effectiveness and efficiency include:

  • Capturing photos, video, or audio

  • Access to Computer-Aided Dispatch (CAD) applications

  • Access to departmental policies and resources

  • Issuing electronic citations

  • Identifying individuals through biometrics (facial recognition, fingerprinting, or iris scanning)

  • Language translation

  • Drug identification

  • License plate scanning and identification

  • Driver’s license scanning and verification

  • Breathalyzing suspects (no need for a separate unit)

  • Two-way communication with fellow officers

That’s not all. Mobile devices can also improve situational awareness through location services, improving officer safety (it can also be used for officer in duress alerts, i.e. SOS messaging).

 

Rolling Out a Law Enforcement Mobile Program

When accessed in the cloud through a mobile device, criminal justice information needs to be properly secured. While some smaller agencies may have a “bring your own device” (BYOD) policy, it can often be a recipe for disaster. BYOD may be acceptable for the most basic phone functions, but it simply is not secure enough to meet most CJIS compliance regulations regarding the access of sensitive government information. Instead, law enforcement agencies should provide agency-issued phones connected to a strong enterprise mobility management (EMM) infrastructure that operates through a secure virtual private cloud (VPC). This requires a few steps:

  1. Software Assessment. A review of existing software components and their compatibility with mobile devices.

  2. Mobile Carrier. “No service” is not acceptable! Agencies need to find a carrier that offers the “three C’s”—coverage, customer support, and cost benefits.

  3. Cloud Provider. Agencies will want to find a provider offering high levels of security and complete CJIS compliance.

Once these steps have been taken, agencies can begin their rollout (possibly utilizing a test group before deploying mobile technology department-wide). Devices will need to be properly configured, and PINs, passwords, and biometrics will need to be installed to unlock certain functions in compliance with CJIS regulations. A written policy explaining the benefits of the mobile program and expectations (what is and what is not allowed) should also be provided to each user. Training to provide an understanding of cybersecurity and data breaches is also a must, as individual’s understanding of these potential threats may vary.

 

CJIS Compliance Regulations for Mobile Programs


CJIS regulations affect almost every aspect of data management within law enforcement agencies; and compliance is mandatory when accessing CJIS-controlled databases. Despite its relative newness, strict protocols are already in place regarding the use of mobile devices. This is to protect the criminal justice database systems and the sensitive data associated with personal information, such as an individual's criminal and identity history, biometrics, and property possession.


When rolling out a mobile program and selecting software, mobile carrier, and cloud provider, agency administrators should pay close attention to CJIS Policy Section 5.13, which specifically covers mobile cellular devices. Within this section, the following minimum standard requirements are detailed. Mobile devices must have the following capabilities:

  • Remote wiping of device

  • Remote locking of device

  • Setting and locking device configuration

  • Detection of "rooted" and "jailbroken" devices

  • Enforcement of folder- or disk-level encryption

  • Application of mandatory policy settings on the device

  • Detection of unauthorized configurations

  • Detection of unauthorized software or applications

  • Ability to determine the location of agency-controlled devices

  • Prevention of unpatched devices from accessing CJIS systems

  • Automatic device wiping after a specified number of failed access attempts

CJIS Compliance for Cloud Usage

CJIS compliance also gets specific when it comes to the use of the cloud and cloud storage within CJIS Security Policy Section 5.10. Despite the abundance of cloud providers out there, law enforcement organizations taking advantage of the cloud’s storage capacity benefits will want to find a provider that meets CJIS requirements. Be wary of providers claiming they are “CJIS certified,” as no central certification or accreditation exists for CJIS. A good rule of thumb is to find a provider that has services available for purchase through a General Services Administration (GSA) contract. The GSA was established in 1949 and helps support the basic functions of federal agencies.


Today’s smartphones and mobile devices offer a wealth of benefits for police officers and other law enforcement officials, but it’s important to remain CJIS compliant to protect yourself, the agency, and the public at large. By working with carriers and cloud providers that meet CJIS requirements, and remaining on top of their ever-changing regulations, government agencies and law enforcement organizations can take advantage of the benefits and avoid negative consequences.

Considering a mobile program rollout within your organization? Then consider DSM’s G-Cloud. G-Cloud is the first and only Florida-based VPC solution designed for national, state, regional, and local government agencies. We ensure strict security protocols, 99.99%+ uptime, and a complete compliance package, meeting the requirements for CJIS. DSM’s G-Cloud is also available for purchase through the GSA contract, and we’re already working with government organizations such as the Florida Department of Agriculture. Learn more about the G-Cloud difference and the GSA advantage here, or contact one of our IT experts today for a free consultation.

Florida Southern College Disaster Recovery Case Study

Related posts