New Whitepaper: CJIS Compliance on AWS

AWS is an attractive environment for regulated data, including Criminal Justice Information (CJI) subject to the Criminal Justice Information Services (CJIS) Security Policy. AWS customers have used the AWS cloud for a wide range of sensitive federal and state government workloads, including CJI data. Law enforcement customers and partners who manage CJI are taking advantage of AWS services to both comply with the Federal Bureau of Investigation’s policy and dramatically improve the security and protection of CJI data by using:

• The advanced security services and features of AWS such as activity logging (AWS CloudTrail).
• Encryption of data in motion and at rest (Amazon S3 server-side encryption with the option to bring your own key).
• Comprehensive key management and protection (AWS Key Management Service and AWS CloudHSM).
• Integrated permission management (IAM federated identity management and multi-factor authentication).

Our latest whitepaper, CJIS Compliance on AWS, details how AWS services can be utilized to comply with CJIS requirements, what AWS services make possible within the framework of CJIS, and the portioning of responsibilities between AWS and CJIS customers.

Additionally, AWS has evaluated the 13 policy areas along with the 131 security requirements and has determined: 10 controls can be directly inherited from AWS; both AWS and the CJIS customer share 78 controls; and 43 controls are customer-specific controls. AWS has documented these requirements within a detailed control workbook, which can be requested under an NDA: AWS CJIS Security Policy Workbook.

Additional resource

• CJIS Compliance Summary and FAQ Page