Microsoft has signed agreements with 26 states – contractually committing to CJIS requirements for more than 2/3rds of the US Population
Do you ever wonder why we have government regulation? Do you have to deal with regulations to get your job done? My family runs a hog farm and there are a number of regulations that have confused me. In the 25 years my family has been raising livestock, I have become more aware of the regulations we have to comply with. Some of them have caught me off guard, such as needing to document that we feed the hogs. Seriously? Of course, we feed them, they are our revenue source!
I could not help but wonder why regulations exists. No doubt because someone, somewhere, didn’t take adequate care of their livestock. Regulations are designed to protect something and/or someone. In my family’s farming example, they are designed to protect the animals, the environment, and the food supply.
In my day job, I have the privilege of working with professionals involved in justice and public safety. In law enforcement, the CJIS Security Policy sets a minimum set of security requirements to protect and safeguard Criminal Justice Information. At Microsoft, we not only adhere to the regulations, but we validate and prove to the regulators that we are executing on our commitments.
So, what is more important - to meet the controls of the CJIS Security Policy so you pass an audit or to have a robust, holistic, agile, security platform to meet the regulation and secure the sensitive data? I believe execution is as important as passing an audit. This why implementation of the 13 Policy Areas in the CJIS Security Policy is critical. “Checking the box” for CJIS compliance is irrelevant if execution is not implemented at the highest levels.
Below are some questions law enforcement professionals should ask?
- Have you and your cloud provider reviewed audit results of the CJIS controls? As a law enforcement agency, do you have access to continuous monitoring reports?
- Have you or your state CJIS Systems Agency done fingerprint based background checks and approved your employees and your cloud provider’s employees with potential access to Criminal Justice Information?
- Have individuals with potential access to Criminal Justice Information completed CJIS security awareness training?
- Have you confirmed mobile device access is secured per the requirements of the CJIS Security Policy?
Meeting the applicable regulatory controls of the CJIS Security Policy is a long-term commitment for Microsoft. We don’t consider it a checkbox, it is a commitment. As part of this commitment Microsoft recently added Missouri as one of 26 states with a CJIS Information Agreement.
For additional implementation information, review the Microsoft CJIS Implementation Guidelines. This document provides guidelines and resources to assist criminal justice entities in implementing and utilizing Microsoft Government Cloud features.
We welcome your comments and suggestions to help us continually improve your Azure Government experience. To stay up to date on all things Azure Government, be sure to subscribe to our RSS feed and to receive emails, click “Subscribe by Email!” on the Azure Government Blog. To experience the power of Azure Government for your organization, sign up for an Azure Government Trial.