CJIS Security Policy Compliant Environments for Law Enforcement

Secure, Network, Law Enforcement

Secure In-Vehicle Cloud Networking While Out in the Field

Today, within agencies, many records management systems are moving to a digital format. Vehicles can now transfer data — such as surveillance video and images — from their vehicles directly to the data center at headquarters. Officers can also collect data at the scene of a crime with a tablet or MDT and send it back to headquarters for faster report filing.  With this fundamental change in information sharing and storing, agencies must follow proper cyber security governance and manage networking risks to protect sensitive information regarding operations, personal information, criminal records, and to keep information accurate for the purpose of developing cases.

Criminal Justice Information Services (CJIS) Security Policy

The Criminal Justice Information Services (CJIS) Security Policy was designed to ensure the protection of criminal justice information (CJI), for this reason, agencies must be conformant with CJIS Security Policy within their agency operations. CJIS Security Policy keeps CJI safe by providing a minimum set of security requirements for the access to CJI stored on FBI systems. The main idea of the CJIS Security Policy is to provide the appropriate methods to protect CJI from unauthorized disclosure —from creation through dissemination, whether it is being stored or transferred.

With this duty in mind, many law enforcement agencies question whether sensitive data remains secure and if they can be compliant with CJIS Security Policy while transferring and storing data digitally or utilizing the cloud. The answer to this question is yes because the CJIS Security Policy is device and architecture independent. For example, Cradlepoint’s network management service, NetCloud, is only concerned with securely transporting and storing router management data. No customer network data, including CJI, encrypted or otherwise, is sent to NetCloud.

Gigabit LTE Solutions & Cloud Networking

Agencies can leverage and manage Cradlepoint’s secure, Gigabit LTE router solutions, that conform with CJIS Security Policy guidelines to easily extend and manage network connectivity to their policing vehicles, stations, and surveillance locations. Cradlepoint’s solutions and NetCloud Service can also deliver significant ROI by reducing IT overhead costs, minimizing network downtime, and maximizing the effectiveness of law enforcement activities.

Cradlepoint’s solutions are designed with security in mind and include the use of advanced security protections like, intrusion detection and prevention, content filtering/anti-malware protection, IPSec VPN, private LTE networks, activity logging and alerting, FIPS 140-2 certified cryptographic modules, integrated permission management, and SD-WAN features to maximize uptime.

Cradlepoint also delivers purpose-built networks for branch, mobile vehicle, and IoT, and can manage all use cases in a single service — assisting lean IT teams. To remain CJIS conformant, law enforcement also must have secure connectivity within their vehicles. CJIS Policy requires that any enclosed mobile vehicle — where law enforcement conduct the majority of their work on devices such as Mobile Data Terminals/Computers (MDT/MDC) — with an in-vehicle network connection must ensure data that is stored or transferred is safeguarded.

Cradlepoint Reference Architectures for CJIS Conformancy

To help law enforcement achieve these measures, Cradlepoint has identified reference architectures that allow law enforcement to utilize secure connectivity inside their vehicles to access applications, such as Computer Aided Dispatch (CAD), Automatic Vehicle Location (AVL), or any application that stores and transfers data and remain CJIS conformant.

One reference architecture leverages the Cradlepoint routers that include a FIPS-validated cryptographic module built into NetCloud Operating System (NCOS). Cradlepoint FIPS routers are compatible with most VPN head end routers/firewalls and support most major routing protocols. A site-to-site or spoke-to-hub VPN network connection can be established by configuring VPN connections between the law enforcement in-vehicle network and the Cradlepoint router.

In another reference architecture scenario, law enforcement agencies that use Cradlepoint devices may also deploy VPN clients on their MDTs. Most MDT manufacturers include FIPS certified modules within their products, this restricts the requirements of the CJIS Security Policy solely to the MDT, mitigating the need for a FIPS validated router and minimizing exposure of the agency’s internal network to only the MDT itself.

Cradlepoint has a long and successful track record of customers using Cradlepoint routers and NetCloud Service for securely transporting a wide range of sensitive federal, state, and local government workloads, including CJI data. Law enforcement customers (and partners who manage CJI) utilize Cradlepoint Gigabit LTE enabled routers and NetCloud Service to easily extend and manage secure network connectivity to their policing vehicles, stations, and surveillance locations while maintaining CJIS compliance.

Learn more about Cradlepoint and CJIS Security Policy in our CJIS Security Policy Compliant Networking Environments white paper.