Free Download     |     Resource Center    |     Customer Login
1.877.No.Token (1.877.668.6536)
Live Chat

Criminal Justice Information System (CJIS) Security Policy

The Criminal Justice Information System (CJIS) is the largest division of the FBI. CJIS provides state, local, and federal law enforcement and criminal justice agencies with access to centralized information such as fingerprint records, criminal histories, and sex offender registrations. Due to the extremely sensitive nature of the data warehoused in the CJIS, a Security Policy was instated that set forth minimum requirements for securing access to CJIS data. The policy requires “Advanced Authentication” be deployed for all users accessing CJIS data from a remote location. The deadline for compliance is September 30, 2010.

The Role of User Authentication in the CJIS Security Policy

The CJIS Security Policy requires that additional authentication (beyond a user name and password) be used when CJIS data is accessed from a remote location. This would include a police officer performing a background check during a traffic stop, VPN access by agency employees, and a number of other use cases. The policy requires that Advanced Authentication methods, such as two-factor authentication, be used in these cases to verify the identity of the individual accessing the data.

Each agency accessing CJIS data is responsible for complying with the CJIS Security Policy. All technology needed to meet the Policy’s requirements must be implemented by September 30, 2010. The CJIS Audit Unit will perform routine audits to ensure compliance. Penalties include administrative sanctions, individual criminal penalties, and termination of service.

The PhoneFactor Solution

With PhoneFactor, there are no devices, software, or certificates to deploy and maintain – it works with the user’s existing phone (landline or mobile) – making it ideal for field personnel. Because users require very little training and almost no ongoing support, PhoneFactor is significantly less expensive to setup and maintain than other two-factor solutions.

PhoneFactor offers instant integration with all leading business systems and synchronizes with AD and LDAP Servers for centralized user management. Easy, automated self-service options are available through the phone and web, which helps to expedite deployment and minimize overhead.

PhoneFactor is trusted by thousands of organizations, including government organizations at every level, to secure access to their critical data and systems. The system meets all requirements for compliance with the CJIS Security Policy directives regarding Advanced Authentication.

 

 

Solutions

   Legal  |  Sitemap  |  Support  |  Contact               

PhoneFactor, Inc provides secure two-factor authentication services to leading companies worldwide. PhoneFactor's multifactor out-of-band authentication software is a cost effective, user friendly alternative to security tokens, fobs, certificates, and other 2 factor authentication methods.
Secure User Authentication: SSL VPN Authentication | Citrix Authentication | Web Authentication | Terminal Services Authentication | Tivoli Authentication | Online Banking Authentication
Two-Factor Authentication for Regulatory Compliance: Payment Card Industry Data Security Standards (PCI DSS) Compliance | FFIEC Compliance | HIPAA Compliance | NIST 800-63
Compare Phone Authentication to: Security Tokens | SMS Authentication | Biometric Authentication | Soft Tokens | Smart Cards | Certificates