The Problem
- In order to adhere to the FBI's Criminal Justice Information Services (CJIS) security standard, law enforcement professionals must now use advanced authentication when accessing criminal records.
- For years, law enforcement has relied on officers using a username and password to access online information. A cop would have signed into their laptop, for instance, by typing their login and password on the screen when they got into their car. The need for an additional layer of protection to safeguard digital information, including details about criminals, suspects, and other police officers, has increased as a result of a number of recent digital security breaches showing that the login and password combination is weak.
- The risk of bad actors breaking into computers can become life-threatening if a burglar takes a laptop from an officer's car and is able to access all its information. Securing the computers of sheriff's offices with more reliable identity management software is becoming increasingly important.
The Solution
- The solution is to use smart cards as a replacement for usernames and passwords. Officers can now complete the two-factor authentication required by the FBI by using a smart card (the HID Crescendo card) and a PIN number. This is the same solution that US federal agencies use to safeguard their workers and contractors, but it has been packaged and configured to be simple to implement on smaller scales while still maintaining a high level of security.
- HID has successfully implemented MFA in accordance with CJIS in police departments across America. The Columbus County Sheriff's Office employs the
HID ActivID® Credential Management System (CMS), which enables IT staff to manage the smart cards and digital certificates, to keep control of the digital access rights of the more than 180 users on the network. Another advantage is that the smart cards issued are printed in such high quality that they are being used as the official ID cards for department employees.
HID Global - CJIS Case Studies
Phoenix Police Department
“The sheer size of our network places a tremendous strain on our Department’s IT staff as they work to enable secure access to criminal justice information,” said Bob Erdely, network security administrator, Phoenix Police Department. “The HID DigitalPersona solution helps us comply with the CJIS requirements, while making it easier for our users to create and manage secure passwords.”
Columbus County Sheriff's Office
“The nice thing about using HID technology for digital identity is that it’s a natural extension from HID’s physical access technology and we can use the same technology in the future for other applications, while making life easier,” said Anthony Wayne Craig, IT Director of the Columbia County Sheriff’s Office. “We will have the opportunity to expand down the road because we have built on a scalable and flexible platform for trusted identities. The CMS software is a primary reason we went with HID, which does much more than just Proximity cards and readers for physical access.”
HID Global - CJIS Whitepaper
Unpacking CJIS MFA Requirements
Safeguarding sensitive information is a challenge that cuts across industries, but the stakes are especially high for law enforcement offcials and agencies. The unauthorized access of data stored in incident reports and digital evidence can undermine criminal investigations, threaten reputations and put lives at risk. That’s why the FBI recently introduced more stringent requirements for authenticating users across different platforms and devices.
