Jump to Content
Public Sector

Google Public Sector achieves CJIS compliance in Florida

April 10, 2023
Bryce Buffaloe

Senior Product Manager, CJIS Security Lead

Brent Mitchell

Vice President, US State & Local Government and Education

Google Public Sector has completed the process with Florida Department of Law Enforcement (FDLE) to ensure Google Cloud supports the requirements necessary to store, process, and support criminal justice information (CJI). As part of this process, Google Public Sector worked with FDLE to conduct physical audits of facilities nationally and technical audits of our National Institute of Standards and Technology Special Publication 800-53 (NIST 800-53) security controls to ensure the highest level of protection for Criminal Justice Information Services (CJIS) workloads are supported by Google Cloud.  

Google Cloud compliance commitments extend to Google support services and FDLE was able to background check and approve the Google support personnel that will support CJIS workloads in Florida while also confirming that support personnel who have not been approved through Google Cloud’s personnel access controls are restricted from accessing CJIS data. 

Assured Workloads supports multiple compliance regimes, including CJIS compliance as required by the CJIS Security policy. Assured Workloads allows Google Cloud customers to easily configure and maintain controlled environments that operate within the parameters of a specific compliance regime. 

Assured Workloads is a modern cloud solution that allows public sector customers to run regulated workloads on Google Cloud's public cloud infrastructure. As a result, public sector customers benefit from compliance and reduced cost of ownership for regulated workloads. Agencies storing sensitive data that must be configured to meet a regime such as  CJIS, International Traffic in Arms Regulations (ITAR), or the Department of Defense (DoD) Impact Level 5, can configure and maintain compliant environments using Assured Workloads in just a few clicks.

https://storage.googleapis.com/gweb-cloudblog-publish/images/maxresdefault_zMbW6h1.max-1300x1300.jpg

Configuring Assured Workloads to support CJIS requirements

Step 1: Assured Workloads is enabled at the folder level of an organization, allowing for specific controls to be applied and enforced selectively for cloud workloads deployed in that folder. The first step in creating an Assured Workloads folder is to choose where data will be stored:

https://storage.googleapis.com/gweb-cloudblog-publish/images/image2_d5V8uUD.max-1500x1500.png

Selecting the United States for jurisdiction provides CJIS as one of the compliance type options for the Assured Workloads folder.

Step 2: Select the CJIS compliance type to ensure that technical controls that support CJIS compliance are applied to the folder.

https://storage.googleapis.com/gweb-cloudblog-publish/images/image1_QSVzKW6.max-1500x1500.png

When an agency selects CJIS, Assured Workloads applies the following controls to the folder as guardrails and protections for the sensitive data being stored within:

  • Restricts resources to US-based data centers, restricting CJIS workloads to  the US

  • Restricts technical support staff to employees screened by both Google and the state CJIS agency. 

  • Restricts developers to only using compliant services, ensuring agencies are not accidently thrown out of compliance

  • Ensures Federal Information Processing Standards (FIPS 140-2) compliant encryption

  • Allows agencies to use Customer Managed Encryption Keys (CMEK), ensuring agencies are in control of their encryption keys

Step 3: Assured Workloads monitors CJIS compliance regimes and showcases violations if a change to a resource is non-compliant. You can then resolve these violations, or create exceptions for them as appropriate.

https://storage.googleapis.com/gweb-cloudblog-publish/images/image4_J79JTTW.max-1600x1600.png

Take the next step

Get started today with a free trial of Assured Workloads and take advantage of our differentiated offering that allows customers with CJIS requirements to adopt the public cloud with ease, so they can innovate efficiently and at scale. To learn more about Assured Workloads, you can visit our webpage and watch our Assured Workloads video playlist.

Posted in