CJIS Compliance

Security Compliance for FBI CJIS Connected Systems


Aerstone Services

Aerstone offers an array of CJIS compliance services to both justice and non-justice entities:

  • Security Policy. Aerstone can help both justice and non-justice entities implement a security policy that is compliant with CJIS security policy.
  • Audit Preparation. Aerstone can conduct a CJIS audit of your infrastructure, in advance of a formal audit, to validate that your operation is in CJIS compliance.
  • Staff Training. Aerstone can conduct security training seminars for your staff, to help ensure ongoing compliance with CJIS security policy, as well as industry best practices for data privacy and protection.

CJIS Background

The FBI’s Criminal Justice Information Services (CJIS) division hosts an array of services that are a lifeline to law enforcement. Some of these mission-critical services include:

  • UCR – the Uniform Crime Reporting Program, a treasure trove of crime statistics
  • LEEP – the Law Enforcement Enterprise Portal, including Law Enforcement Online (LEO)
  • NICS– the National Instant Criminal Background Check System, enabling safe and legal purchases of weapons and explosives
  • N-DEx – The National Data Exchange, an automated system for sharing investigative information
  • NCIC – the National Crime Information Center, an electronic clearinghouse of crime data

CJIS Security Policy

The CJIS Security Policy provides both law enforcement and non-law enforcement entities with a minimum set of security requirements for access to CJIS systems and information. The CJIS Security Policy itself identifies security controls across thirteen (13) policy areas, ranging from access control and incident response, to physical protection and personnel security. These security controls helps ensures continuity of information protection, from creation through dissemination, whether at rest or in transit. CJIS Security Policy applies to all entities with access to, or who operate in support of, FBI CJIS services and information – including entities engaged in the interstate exchange of CJI data for noncriminal justice purposes. CJI data includes all of the data necessary for law enforcement and civil agencies to perform their missions, including biometric, identity history, biographic, property, and case/incident history data.

CJIS Audits

CJIS Division is authorized to conduct audits, once every three (3) years as a minimum, to assess compliance with applicable statutes, regulations and policies. Per the CJIS Security Policy, “Audits may be conducted on a more frequent basis if the [triennial] audit reveals that an agency has not complied with applicable statutes, regulations and policies.” The FBI CJIS Division also has the authority to conduct unannounced security inspections of contractor facilities. Failing a CJIS audit may result in a higher degree of CJIS scrutiny, which can dramatically increase the cost of compliance, and could ultimately result in a termination of access to CJIS services.

Services By Type




Services By Environment



Our Experience Sets Us Apart

Aerstone is an NSA-certified vulnerability assessor, and a service-disabled veteran-owned small business.
We approach each engagement with the highest levels of professionalism, determination, and creativity, honed by years of working with
security professionals across the military, intelligence community, civilian government, and private industry.

Contact our sales team at sales@aerstone.com for more information.