What is CJIS Security Policy? How to Easily Meet Advanced Authentication Requirements Using Duo
What is Criminal Justice Information Services (CJIS) Security Policy?
Law enforcement officers, first responders, district attorneys and officials from other justice agencies need timely access to criminal justice information (CJI). The Federal Bureau of Investigation (FBI) in collaboration with other government agencies have put together the Criminal Justice Information Services (CJIS) Security Policy. The policy provides a minimum set of security requirements to access the CJI data.
How Duo Can Help:
The CJIS security policy lists control requirements across 13 policy areas. Duo can specifically help criminal and justice agencies meet the advanced authentication requirements under policy area 6.
Policy Area 6: Identification and Authentication
18.104.22.168 Advanced Authentication:
“Advanced Authentication (AA) provides for additional security to the typical user identification and authentication of login ID and password, such as: biometric systems, user-based digital certificates… or “Risk-based Authentication” that includes a software token element comprised of a number of factors, such as network information, user information, positive device identification…”
Duo provides easy to use multi-factor authentication products to help meet CJIS authentication requirements. Duo’s granular access control policies and supports secure authentication methods such as Universal 2nd Factor (U2F), biometrics, push notification, passcodes, smart cards and hardware tokens.
In addition, admins can use Duo’s policy engine to implement risk-based authentication based on factors such as user location, network address ranges, device security status and more. For example: If an access is attempted from outside the country, Duo can block access based on policy controls that deem access outside the country is not permitted.
Further, Duo uses Federal Information Processing Standards (FIPS) 140-2 validated cryptographic modules to achieve FIPS 140-2 compliance. Duo Push and Duo Mobile passcode authentication methods are FIPS 140-2 compliant by default with no configuration required by administrators. Duo Push and Passcode authentication methods are built in-alignment with NIST 800-63-3 AAL2 requirements.
A Typical Use Case For Law Enforcement Officers:
Field police officers are always on the move in their squad cars. These field officers need to access the criminal justice information systems in order to verify an individual’s identity or a driver’s record. Duo’s MFA solution with support for multiple authentication methods and easy integration NetMotion VPN helps police departments satisfy the CJIS requirement. With Duo, law enforcement officers are prompted for a second factor authentication when logging into VPN on their mobile data terminals (MDTs). The officer uses his smart card or a hardware token to fulfill the 2FA and is allowed to access the CJI database.
A Typical Use Case For Justice Department Officials:
A prosecutor from the office of District Attorney visits a correctional facility and needs to access his email, which contains CJIS information. When the prosecutor uses a secure terminal to access his email. Duo detects that the user is logging in from a new device prompts for a second factor authentication. Duo also captures the device information and maintains a comprehensive audit trail. Duo’s solution integrates with complementary CJI data sharing solutions to provide advanced authentication capabilities for secure access.
Duo Is FedRAMP In Process
Duo is FedRAMP authorized and and works with federal, government, local and state organization to meet compliance regulations and stay secure.
Sign-up for a free trial to experience the product and see how Duo empowers Public Safety and Justice Agencies with secure and compliant access to criminal inform.