CJIS Compliance for Email and File Sharing

CJIS Compliance: What Security Leaders Need to Know

What is CJIS compliance? Criminal Justice Information Services (CJIS) analyzes criminal justice information (CJI) from law enforcement centers around the country and provides a centralized database to store and access CJI. To use CJIS databases, organizations must comply with government regulations:

Section 5.10.1.2.1: When CJI is transmitted outside the boundary of the physically secure location, the data shall be immediately protected via encryption that is FIPS 140-2 certified.

Section 5.10.1.2.2: When CJI is at rest (i.e. stored digitally) outside the boundary of the physically secure location, the data shall be protected via encryption with the same standard mentioned above or use a symmetric cipher that is FIPS 197 certified (AES) and at least 256-bit strength.

Enable CJIS Compliance in the Cloud with End-to-End Encryption

Cloud-Native CJI and CHRI Security

The cloud enables on-demand access to CJI for state and local governments and agencies that maintain public safety. To protect criminal history record information (CHRI) and other CJI, organizations must comply with strict government regulations to mitigate CJIS compliance risks. When CJI is transmitted or at rest (i.e. stored digitally) outside the boundary of the physically secure location, the data needs immediate protection via encryption that is FIPS 140-2 certified.

Collaborate Securely with Distributed Teams

Support your need to collaborate internally and with external agencies, and unlock digital workflows to support remote government workers and distributed agency teams.

Virtru’s data-centric, end-to-end encryption and granular access controls help protect CJI stored in or shared via email and file systems like Gmail, Google Drive, and Outlook from access by unauthorized users with AES-256 bit encryption, FIPS 140-2 compliant modules, and two-factor authentication.

Photo of a woman sending a secure message on her phone

Control Your Private Encryption Keys

Host your own encryption keys with the Virtru Private Keystore, so you never have to trust anyone (including cloud providers) with access to your data. This provides heightened data sovereignty and residency to support additional compliance with GDPR, CCPA, and other location-specific privacy regulations. A woman stands in a data center holding a laptop. There

A woman stands in a data center holding a laptop. There

Automatically Encrypt CJI Emails and Files

Human error — particularly when it comes to email — is one of the leading factors in data breaches. With the Virtru Data Protection Gateway and DLP, you can automatically encrypt sensitive emails and attachments shared by users who handle CJIS-protected data.

A view of an automatically encrypted email sent through the Virtru Data Protection Gateway

Securely Share Large Files with External Partners

With Virtru Secure Share, you can both send and receive CJI files while keeping them secure with end-to-end encryption. Virtru's military-grade security is FedRAMP-authorized and FIPS 140-2 validated, and it provides your users and admins with total data control at all times, even after sending data externally. A view of Virtru Secure Share, Virtru

Unlock CJIS Compliance for Digital Workflows

Privacy and Compliance

End-to-end encryption prevents unauthorized access to email and files containing CJI and maintains the privacy of citizens’ PII, supporting CJIS compliance.

Secure External Data Sharing

Persistent protection to govern access throughout the data lifecycle, with the option to host your own encryption keys.

Ease of Use

Boost user adoption and deliver simple recipient access that naturally fit into workflows between users, admins, and agency partners.

Data Stays in the U.S.

Virtru hosts everything in the U.S., uses encryption algorithms that comply with FIPS 140-2, is FedRAMP authorized at the moderate impact level, and adheres to the security controls defined by NIST SP 800-53. Virtru cannot access your protected data at any time.

CJIS Compliant Data Workflows

With Virtru, you can keep CJI protected and controlled, without sacrificing the ability to collaborate.

A team of police officers sorts through paperwork at a desk.

Easy End-to-End Encryption for CJIS-Compliant Cloud Workflows

Without end-to-end encryption, use of cloud services requires CJIS-specific background screening and training for cloud vendor personnel and specialized SLAs and/or contractual clauses that compound costs and delay deployments.

Virtru’s end-to-end encryption streamlines CJIS compliance in the cloud by preventing vendor personnel from accessing CJI. Transparent key exchanges avoid complexities of other end-to-end encryption approaches like PGP and S/MIME for enhanced adoption and usage

A man in black glasses and a sweater sits at a desktop monitor in a dimly lit room, deploying code.

Easy, Secure Collaboration to Get the Job Done

Provide law enforcement agency employees and administrators easy-to-use data protection, embedded in existing applications. Complement user protections with DLP rules that automatically enforce encryption and control.

Enable seamless access for recipients and collaborators at external agencies and departments, without requiring new accounts, passwords, or software, for digital sharing workflows that support rapid delivery of services that support public safety.

A woman in a camel trenchcoat walks outside of an office building. She

Control and Visibility For CJI Data Sharing

Enable secure data sharing, aligned with CJIS compliance, across agencies with attribute-based access controls (ABAC) for CJI that enable instant access revocation, expiration, disable forwarding, and document watermarking capabilities.

Audit who has accessed CJI, when, where, and for how long. Export event logs for analysis, or integrate with your SIEM for advanced threat analysis.

Maintain ultimate control of the encryption keys protecting all sensitive CJI stored and shared in the cloud with the Virtru Private Keystore.