Criminal Justice Information (CJI) is data used in the practice of criminal justice, including the investigation and prosecution of crimes. Modern mobile and cloud technologies present law enforcement with new opportunities to capture and communicate CJI, potentially speeding investigations, building better cases, and handling more cases with limited staff.
These technologies however create new risks: data breaches can put investigations in jeopardy and individuals at risk. New technologies can also be difficult to use. Law enforcement can’t be tasked with time consuming technical work or extra documentation to ensure or demonstrate the chain of custody. Information sharing therefore needs to be intuitive and efficient so officers can focus on their jobs instead of the technology. Fortunately, standards and tools are keeping pace.
Recognizing that CJI must be protected from tampering and data leaks, the FBI, as long ago as 1998, began work on a security policy for managing CJI and controlling any IT systems that store or transmit CJI. Over the years, the Criminal Justice Information System (CJIS) Security Policy has become more thorough and detailed, accounting for new types of security threats and for new technologies such as cloud computing and personal mobile devices (BYOD). The most recent version of the CJIS Security Policy, version 5.5, was issued in June 2016.
In the words of the FBI:
The essential premise of the CJIS Security Policy is to provide appropriate controls to protect the full lifecycle of CJI, whether at rest or in transit. The CJIS Security Policy provides guidance for the creation, viewing, modification, transmission, dissemination, storage, and destruction of CJI. This Policy applies to every individual—contractor, private entity, noncriminal justice agency representative, or member of a criminal justice entity—with access to, or who operate in support of, criminal justice services and information.
While protecting CJI in compliance with the CJIS Security Policy, today’s law enforcement agencies need to:
The Accellion kiteworks Solution and CJIS
kiteworks by Accellion is an enterprise-class, CJIS-compliant content collaboration platform that leverages a private cloud deployment to enable secure content sharing with internal and external parties. With kiteworks, enterprises and government agencies can seamlessly access, share and collaborate on content stored in legacy ECM platforms without having to duplicate or migrate files, which is costly, risky and creates a disruption to workflows and processes.
kiteworks leverages a law enforcement agency’s existing investments in ECM and email platforms with a content access and collaboration layer that supports authoring, collaboration, and workflow, and implements data governance including enterprise search for all content under management. In addition, all content is audited, and can optionally be held to collect information for use in industry-standard eDiscovery tools.
With kiteworks, law enforcement professionals can securely capture and transfer CJI with their mobile phones. For example, photos are secured and automatically uploaded to the kiteworks server, bypassing the phone’s camera roll entirely. With no evidence available on the device, the risk of data leaks is eliminated, however a complete audit trail of the chain of custody remains. Similarly, officers can remotely access, view, edit and share content stored in on-premise and cloud repositories, without having to download any files onto their phones. Once again, with no CJI stored on the phone, a lost, stolen, or hacked phone doesn’t present any security issues. Lastly, staff can collect, organize and share content with other departments, jurisdictions and attorneys general through web, office and email tools, again without leaks and with a full audit trail.
Government and law enforcement agencies such as the City of Pleasanton, Abbotsford Police Department, South Carolina Attorney General’s Office, Texas Juvenile Justice Department, the County of Sacramento and others rely on Accellion to ensure maximum information security and compliance for internal and external information sharing from any location, using any device. Strong security controls and the industry’s broadest deployment options enable organizations to ensure the protection of CJI, intellectual property, and other sensitive information. In addition, comprehensive management and control over all information sharing activities allow for the highest levels of data security and compliance.
The kiteworks platform includes a number of capabilities for law enforcement agencies, including:
kiteworks currently meets CJIS security requirements in all applicable critical policy areas, including:
In total, the kiteworks private cloud content collaboration platform enables law enforcement agencies to take full advantage of the latest advances in mobile devices and cloud computing, while meeting strict CJIS requirements.
To learn more about kiteworks and its features for CJIS compliance, please contact us.