All Blog Posts

CJIS Compliance

February 8, 2019

"CJIS Compliance" is a buzzword when it comes to public safety software, but what does that really mean when it comes to body worn cameras and evidence management?

CJIS

CJIS stands for "Criminal Justice Information Services" and the latest security policy guidelines can be found here. Some states, such as Minnesota, consider all body camera footage to be CJIS data. Even in states where there are no laws in place, some agencies wish to follow some or all of the CJIS guidelines as a best practice. On the flip side, some agencies would argue that body camera footage isn't CJIS data at all. Regardless of one's position, choosing a body camera solution that meets CJIS requirements in terms of both storage and software is a wise choice.

"Certification"

The FBI does not issue a "CJIS Certificate" to a company. Instead, each state sets its own procedures to vet vendors for CJIS compliance. In general, the state agency will verify the cloud storage system used, the software infrastructure and functionality, and perform a background check on key vendor personnel. Furthermore, these employees must take an online training class and pass an exam to demonstrate proficiency in the CJIS security policies. A public safety agency wishing to implement a CJIS compliant body camera program should verify that the potential vendor has been vetted by the respective state authority, if such vetting is required.

Key CJIS Features

For CJIS compliance, all footage must be stored in a special storage facility. When it comes to cloud storage, the most common CJIS compliant storage systems are the Microsoft Azure Government cloud followed by the Amazon Web Services (AWS) Government cloud. Vetted personnel support these cloud servers, which are located in the Continental United States. All files are encrypted using FIPS-2 standard and there are redundant storage locations and power supplies.

While having CJIS compliant storage is key, agencies wanting to follow all CJIS guidelines must make sure their body camera vendor has implemented additional features in their evidence management software. Some examples include:

Example: Minnesota

As mentioned above, Minnesota has some of the most stringent laws when it comes to body camera footage management. In 2016, the legislature passed state statute 13.825, which requires vendors to "protect the data in accordance with the security requirements of the United States Federal Bureau of Investigation Criminal Justice Information Services Division Security Policy". Visual Labs has numerous clients in Minnesota. "We appreciate Visual Labs' adherence to CJIS guidelines. Even with the required security features, the website is very easy to use and has allowed us to readily comply with Minnesota BCA [Bureau of Criminal Apprehension] audits," said Commander Andy Ellickson of the Washington County, Minnesota Sheriff's Office.

Conclusion

Regardless of one's stance on body camera footage as CJIS data, choosing a BWC vendor that complies with CJIS guidelines should bring peace of mind to agencies, and in some cases, is required by law.

Please contact team@visuallabsinc.com with questions or comments about CJIS compliance.

Next Post:
Samsung Galaxy S10 Release
As "the body camera company that does not make body cameras," Visual Labs is always researching the latest smartphone and smart device technology. Fo...
Previous Post:
Cloud Storage vs. Local Storage
There is a lingering debate within public safety about the benefits of cloud storage vs. local storage. For a long time, there was skepticism and misu...