<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=YOUR_ID&amp;fmt=gif">

CJIS Security Policy

Supported across every VIDIZMO product and every deployment option, not just Azure Government Cloud.

What It Is

The FBI’s Criminal Justice Information Services (CJIS) Security Policy sets the minimum security requirements for any organization that accesses, transmits, or stores Criminal Justice Information (CJI), including systems used by law enforcement, courts, and prosecution agencies.

What CJIS Majorly Requires, and How VIDIZMO Supports It

The CJIS Security Policy is organized into policy areas covering identity, encryption, auditing, incident response, and personnel. Here is how VIDIZMO’s platform maps to the areas that come up most, across the entire platform, not limited to Azure Government Cloud:

  • Advanced authentication for anyone accessing Criminal Justice Information: Single Sign-On and Multi-Factor Authentication are enforced on a least-privilege basis, with Role-Based Access Control limiting what each user can see.
  • Encryption of CJI at rest and in transit, using FIPS-validated cryptography: AES-256 encryption at rest and TLS 1.2 minimum (1.3 supported) in transit, through FIPS-compliant cryptographic modules.
  • Audit logging of all access to CJI: real-time audit logging of all activity, retained in tamper-evident, immutable storage.
  • Ongoing vulnerability management and incident response: weekly automated vulnerability scans, quarterly independent penetration testing, and a documented incident response plan with breach notification within 2 business days of confirmation.
  • Secure sanitization of media and data at end of life: VIDIZMO’s platform runs on a configurable software lifecycle purge policy. The default retention period is 30 days, and customers can adjust it to their own requirements at any point. Once the retention window elapses, data is sanitized in line with NIST SP 800-88 and permanently deleted.

Scope & Limitations

CJIS also requires background checks for personnel with access to CJI, including hands-on delivery staff. VIDIZMO's standard delivery model is offshore-staffed; background-checked onshore personnel are available, but require advance planning and lead time to hire and onboard. If your organization needs infrastructure-level CJIS authorization, for example on Azure Government Cloud, confirm that against your exact deployment directly with VIDIZMO.

back to top