CJIS Security Posture
The exponential growth of Criminal Justice data over the past few decades has presented some unique challenges for those who have the responsibility of protecting and serving it. Not only has the volume of data grown significantly since the turn of the century, but the variety of structured, unstructured, semi-structured, photographic, audio and video formats have advanced as well. Add to this, the fact that the velocity of this data is flowing into law enforcement systems faster than ever before and the question of security becomes paramount.
As the largest network of state and local law enforcement data in the country, we have a fundamental responsibility to our customers and the communities they serve, to ensure that their data is safe, secure, accurate and available regardless of the evolving complexities of our landscape. Along with our partners at Microsoft Azure Government and the National Law Enforcement Telecommunications System (NLETS) we are proud to have developed a comprehensive CJIS Security Posture, addressing all aspects of the FBI CJIS Security Policy (CSP), the supplemental Cloud Control Catalog published on FBI.gov, as well as additional provisions commonly requested by our customers.
Forensic Logic has deployed its LEAP/COPLINK data sharing platform across CJIS Compliant facilities provided by NLETS and Microsoft.
Microsoft Azure Cloud
By partnering with Microsoft, our Azure GovCloud Applications are well positioned to provide world class security, scalability, high-availability, disaster recovery and dynamic, high-volume compute resources in a proven and trusted environment. Microsoft has negotiated CJIS Compliant Management Agreements with 34 States across the US.
“Azure Government services handle data that is subject to certain government regulations and requirements, such as FedRAMP, NIST 800.171 (DIB), ITAR, IRS 1075, DoD L4, and CJIS. In order to provide you with the highest level of security and compliance, Azure Government uses physically isolated data centers and networks (located in U.S. only).”
Our partnership with NLETS has grown since our initial deployment, in 2015. The expansion of our data integration framework across the NLETS network will help to better serve our customers by simplifying the migration process. NLETS provides the unique capability of message-key access to all 50 states for the purpose of querying wants/warrants, driver and vehicle registration information to their strategic partners. This enhancement will be added to our next-generation COPLINK X platform once the product is released. (To receive updates on the Coplink X release, sign up here).
The following diagram represents a basic overview of components and interconnections between cloud based services and virtual deployments at NLETS and Azure GovCloud.
In the process of migrating the existing Forensic Logic LEAP application to Microsoft Azure, we worked closely with Azure Architects and Engineers as well as CJIS Security Specialists in the development of our own comprehensive posture paper. The paper addresses the CSP in its entirety, and provides detailed documentation to state and/or agency level administrators who have right-to-know, need-to-know auditing responsibilities for our customers.
The posture paper specifically references the following aspects of the CSP:
- Personnel Screening, Training and Administration
- Device Authentication
- User Authentication
- User Authorization
- Encryption of Data in Transit
- FIPS 140-2 Certificates
- Encryption of Data at Rest
- Web Application Firewall (WAF) Services
- Security Information & Event Management (SIEM) Services
- Malware, Bot, DDoS, etc. Detection and Prevention
- Monitoring and Alerting
- User Behavior Analytics
- External Vulnerability Scanning
- Internal Port/Protocol Restriction
- Logging and Aggregation
- Mobile Device Management (MDM)
The Customer Perspective
The primary source of data from local agencies are CAD, RMS and various local agency records. The data from these systems must be Extracted Transformed and Loaded (ETL), as well as indexed into the platform. Upon the initial data load, each source must be subsequently connected to upload new records and update or delete existing ones. As the Forensic Logic/COPLINK platform is not considered a system of record, updates do not need to occur in real-time, however each system should be configured to update as often as is necessary depending on the context and criticality of the data. Data sources can be set to update anywhere from every hour to every week or so depending on performance considerations and importance.
In order to share data into the Forensic Logic COPLINK environment, each agency will sign a standardized Memorandum of Understanding, (MoU) which allows other CJIS certified law enforcement personnel or authorized staff to view their data and allows them to see data shared by others. All data contributed to the Forensic logic COPLINK platform remains the exclusive property of the contributing agency and can be withdrawn, removed or deleted at the request of the owner-agency at any time.
Forensic Logic Position
Forensic Logic’s position with regard to CJIS Security includes a highly proactive posture to provide the tremendous performance and cost benefits of cloud computing with the highest possible level of security. Modern agencies clearly understand that they can solve cases faster, keep officers safer and disrupt crime and terrorism more effectively by sharing data with their peers, and it is our job to allow that to happen within the context of a highly secure environment. We take the protection of this data very seriously and are a trusted security partner to thousands of law enforcement agencies in our network.