Eclypsium helps ensure Criminal Justice Information Services compliance
The Criminal Justice Information Services (CJIS) is the largest division of the US Federal Bureau of Investigation (FBI) and a centralized source of criminal justice information (CJI) for state, local, and federal law enforcement and criminal justice agencies and authorized third parties. To ensure the protection of CJI, including fingerprint records, criminal histories, and other pertinent sensitive data, the FBI created the CJIS Security Policy document — a set of guidelines and regulations agencies utilizing CJI and the vendors that work with them must adhere to in order to meet the security requirements of handling protected information.
In the latest CJIS Security Policy, the FBI is now requiring that IT firmware be verified for integrity and monitored for unauthorized changes. Firmware is the software embedded in hardware devices, including laptops, servers, routers, and storage devices, that controls how they operate. Failure to update firmware promptly can result in vulnerabilities that may expose sensitive information, making updates crucial for the security, privacy, and compliance requirements of the devices and the CJIS information they handle.
Eclypsium is the only company that has a solution that can validate the integrity of IT firmware and monitor for unauthorized changes. The Eclypsium Platform identifies and verifies the current firmware on endpoints, servers, and networking equipment. It then continuously monitors for changes and vulnerabilities to detect any compromises, unexpected implants, or backdoors and fortify the devices through patching, configuration hardening, and updates.
Eclypsium is also the solution for the cross-vendor platform integrity validation system by NIST in SP 1800-34, which demonstrates how organizations can verify that the internal components of computing devices are genuine and have not been tampered with, ensuring the integrity of the cyber supply chain and its products and services.
CJIS compliance is one of the most stringent and comprehensive cybersecurity protocols, and its requirements help proactively defend against cyberattacks. Failure to comply with it can lead to denial of access to information in the CJIS system, as well as monetary fines and possible criminal charges. If you’d like to discuss how Eclypsium can help you meet CJIS requirements, contact us.
Download the complete CJIS Security Policy now.
