Criminal Justice Information Services (CJIS)
The U.S. Federal Bureau of Investigation’s (FBI) Criminal Justice Information Services (CJIS) Division provides federal, state, and local agencies with guidance on how to protect criminal justice information (CJI) when using cloud service providers (CSPs) like Google Cloud.
Google Cloud offers security controls to protect and store CJI through Assured Workloads for Google Cloud and Assured Controls for Google Workspace. Law enforcement agencies can achieve compliance with the CJIS Security Policy by implementing these controls for in-scope Google Cloud services.
Google’s CJIS Compliance
The FBI CJIS Program Office has published numerous artifacts that provide guidance on protecting CJI. The primary document, the FBI CJIS Security Policy, details a minimum set of security requirements that must be met to protect and safeguard CJI. The FBI also provides a mapping of CJIS requirements to the security controls found in NIST SP 800-53.
Google Cloud Platform and Google Workspace customers can use Assured Workloads and Assured Controls to achieve compliance with the CJIS Security Policy. Contact the Google Cloud sales team through our contact form to learn more about Google’s CJIS compliance.
Hosting CJIS Workloads on Google Cloud
Google Cloud’s investment in security-by-default for our infrastructure ensures that security controls are built-in and pre-configured to enable customers to achieve various compliance levels without a traditional isolated government cloud architecture.
Customers looking to deploy CJIS solutions using Google Cloud can use Assured Workloads to achieve compliance with the CJIS Security Policy. Assured Workloads allows customers to confidently secure and configure sensitive workloads to support compliance and security requirements using Google Cloud services. It does not rely on physical infrastructure distinct from its public cloud data centers, and instead delivers a Software Defined Community Cloud with cost, speed, and innovation advantages.
Assured Workloads also provides visibility into the compliance state of CJIS workloads via Assured Workloads Monitoring. This tool can help you spot and remediate compliance violations, and provide control attestations to auditors of your compliance state.
In addition to the controls satisfied by the Google Cloud infrastructure, state, local, and federal law enforcement and criminal justice agencies (and their contractors) can use Assured Workloads to:
- Set guardrails to restrict CJIS workloads to be stored within the US,
- Implement personnel security and access controls to restrict CJI access to US persons located in the US who have completed state fingerprint-based FBI background checks and criminal background checks,
- Enforce FIPS-140-2 encryption at rest and in transit,
- Use customer-managed encryption keys (CMEK),
- Implement logical controls that segment networks and users from in-scope sensitive data, and more.
Hosting CJIS Workloads on Workspace
Assured Controls for Google Workspace allows organizations to meet organizational and compliance requirements, whether that involves limiting Google personnel access to customer data, or dictating where customer data is located at rest.
Customers looking to deploy CJIS solutions using Google Workspace can use Assured Controls to set policies in alignment with the CJIS Security Policy. A configuration guide for CJIS solutions on Google Workspace can be found here.
In addition to the controls satisfied by Google Workspace infrastructure, state, local, and federal law enforcement and criminal justice agencies (and their contractors) can use Assured Controls to:
- Set guardrails to restrict CJIS workloads to be stored within the US,
- Implement personnel security and access controls to restrict CJI access to US persons located in the US who have completed state fingerprint-based FBI background checks and criminal background checks,
- Enforce FIPS-140-2 encryption at rest and in transit, and more.