Earlier in May, I had the opportunity to co-host Microsoft’s Criminal Justice Information Services (CJIS) Summit where we hosted 26 leading law enforcement regulators including the Federal Bureau of Investigation CJIS Division, 13 states, and other local officials.
The FBI CJIS Division gives state, local, and federal law enforcement and criminal justice agencies access to criminal justice information (CJI) such as fingerprint records and criminal histories. US law enforcement and other government agencies must ensure that their use of cloud services for the transmission, storage, or processing of CJI complies with the CJIS Security Policy Version 5.4.
The recurring message we heard from regulators at the summit is that their ability to trust cloud service providers (CSP) and their execution of applicable policy controls are the most important criteria when selecting a CSP. One example is the personnel screening process for employees who have access to CJI. That is a critical policy control, and when executed efficiently and accurately, meets the requirements and instills law enforcement agencies confidence in CSPs.
Developers should keep in mind that developing and hosting applications in a cloud service that meets the applicable CJIS controls allows solution providers to offer solutions that allow agencies to be certified CJIS compliant.
Microsoft is committed to meeting the applicable controls of the CJIS Security Policy and other regulations such as IRS 1075, HIPAA, and FedRAMP. It was great to hear during the summit that this enables regulators to feel confident that their critical data is secure while meeting their regulatory obligations. To learn more about CJIS and Microsoft’s government cloud, visit the Microsoft Trust Center.