Criminal Justice Information Services (CJIS)

The GSWG recommends that all justice and public safety wireless device users follow the currently proscribed policies in the Criminal Justice Information Services (CJIS) Security Policy.

The CJIS Security Policy is considered to be Sensitive But Unclassified (SBU) material and cannot be disclosed in this publication nor posted to a public Web site, and discretion shall be exercised in sharing the contents of the policy with individuals and entities who are not engaged in law enforcement or the administration of criminal justice. 

All agencies required to adhere to the CJIS Security Policy should be aware that it contains specific requirements for wireless networking, including encryption, certification of cryptographic modules, and minimum key lengths. These agencies should become familiar with the requirements set by the CJIS policy prior to procurement and deployment of wireless devices.

 A CJIS Systems Agency (CSA) has been designated to establish and administer an information technology (IT) security program for the state’s network systems that access the National Crime Information Center (NCIC) and the CJIS systems.  Agencies planning or operating such networks should coordinate their IT security plans with the CJIS Systems Officer (CSO) in the CSA.  A list of CSOs is maintained on the Law Enforcement Online (LEO) Web page.