March 22, 2023
2 Min Read
With rising cyber threats, public safety agencies must act fast. Learn how to strengthen your compliance and security posture to safeguard vital information.
The ability to securely exchange information is vital for law enforcement agencies.
Timely information about suspects can make or break investigations and either help or hinder emergency response. But if that information is shared or stored insecurely, data leaks can occur and prevent police from doing their jobs effectively.
There have been over 59 public safety cyber-attacks and more than 204 local government cyber-attacks (disclosed) in the USA in the past 24 months (a rolling quantity, often higher).
To reduce risk, organizations that access criminal justice information (CJI) have to ensure that data is protected. Achieving this goal is the purpose of the Criminal Justice Information Services Security Policy (CJIS Security Policy). The policy provides criminal justice agencies and noncriminal justice agencies with a set of minimum security requirements for access to FBI Criminal Justice Information Services Division systems and data and to safeguard CJI. Meant to protect the entire lifecycle of CJI, the rules call for the information to be secured, whether at rest or in transit.
As part of a series of reports on the subject of compliance, we are releasing a mini-report focused on the CJIS Security Policy and how organizations can meet its demands. The rules span several policy areas, such as configuration management, access control, and the development of information exchange agreements with other organizations. While CJIS Security Policy sets forth the minimum requirements organizations are expected to meet, local agencies may also have more stringent policies of their own. In this way, the CJIS Security Policy represents a critical baseline for the cybersecurity strategies of public safety agencies.
The price of non-compliance can be significant. Failing to comply with the rules can lead to agencies being denied access to critical CJIS data. But there is also the risk of sensitive information falling into the wrong hands. In recent years, sophisticated threat actors have targeted multiple public safety agencies across the country. All it takes is one ransomware infection, and evidence and other information can become compromised. An agency can even be shut down entirely. Unpatched, lost, or stolen devices also pose a threat, making the ability to maintain control and visibility into the security posture of endpoints a must.
Without the safe exchange and storage of information, law enforcement agencies can place both their investigations and personnel at risk. For this reason, it is critical for public safety agencies and other parties authorized to access CJI to keep security at the forefront of their activities and prioritize compliance.
Public safety agencies can no longer afford to take a passive approach to security. The growing sophistication of cyber threats demands a bold, proactive strategy—one that seamlessly blends compliance with cutting-edge cybersecurity practices. To truly protect sensitive data and ensure uninterrupted service, agencies must move beyond bare minimum standards and commit to building a resilient, adaptable security infrastructure.
The consequences of overlooking cybersecurity are severe, not only in terms of regulatory penalties but in the risk to public trust and the integrity of law enforcement. With cyberattacks becoming more frequent and more destructive, the cost of complacency is too high.
Agencies that integrate comprehensive compliance measures with dynamic cybersecurity solutions can mitigate these risks and stay ahead of ransomware threats, ensuring critical operations continue without disruption.
Now is the time to act. By fortifying their compliance and security posture, public safety agencies can stand firm against the evolving threat landscape and ensure they are prepared for whatever comes next.
For more information about complying with CJIS Security Policy, download the mini-report here.
Want to stay connected? You’ve got options. Explore our resource library, follow us on LinkedIn, or book a demo to see our solutions in action.
Simply put: we’re undeletable. Embedded in more than 600 million devices, our cyber resilience platform delivers endpoint-to-network access security coverage, ensures automated security compliance, and enables operational continuity. Nearly 21,000 global customers rely on Absolute to protect critical assets and keep security applications running smoothly. Building lasting cyber resilience is our promise — are you ready?
Share this article
