How one cloud-based provider is helping law enforcement agencies with CJIS workloads
The AWS GovCloud (US) is designed to address specific CJIS Security Policy Areas and provides implementation guidance and support
Sponsored by Amazon Web Services
By James Careless for PoliceOne BrandFocus
The FBI’s Criminal Justice Information Services Division is an invaluable resource for all U.S. law enforcement agencies, thanks to the wealth of computerized criminal investigational information and records that the CJIS Division makes available to authorized users.
The value and sensitivity of this information cannot be overstated. This is why the FBI sets strict compliance standards for all authorized CJIS users under the CJIS Security Policy.
The CJIS Security Policy requires an ongoing commitment by authorized U.S. law enforcement agencies when operating and securing criminal justice information. To make this happen in a traditional data center environment, law enforcement agencies are tasked with performing laborious data center infrastructure development and maintenance, provisioning new servers and other infrastructure to help meet increased demand or storage/compute/database requirements, creating and accessing new products and features, and conducting background checks on covered employees.
To say the least, achieving and maintaining CJIS standards is a tall order for any law enforcement agency, particularly for smaller police departments that may not have the resources to do this in house.
This is where Amazon Web Services (AWS) can help. In order to serve the justice and public safety community's most sensitive CJIS workloads in the cloud – and to help law enforcement agencies with CJIS requirements – AWS offers a wide range of services to police agencies in the AWS GovCloud (US) Region.
The AWS GovCloud (US) Region helps law enforcement agencies follow CJIS Security Policy by providing secure processing tools and storage that meet the FBI’s requirements for accessing this mission-critical information. The AWS GovCloud (US) Region is isolated from other AWS regions and was designed to allow government agencies to move sensitive workloads into the cloud by addressing their specific regulatory and compliance requirements.
How Amazon Web Services can help
AWS services support customer CJIS requirements by addressing the CJIS Security Policy Areas. AWS infrastructure and services have been reviewed by state and federal law enforcement agencies, which confirm AWS’s competence in supporting customer CJIS workloads.
Law enforcement agencies can feel comfortable deploying workloads on AWS GovCloud (US) as the region is explicitly designed for sensitive workloads. Beyond the assurance programs available to all commercial regions, AWS GovCloud (US) allows customers at the state, local and federal level to adhere to ITAR, FedRamp/FISMA High and DoD SRG impact levels 2, 4 and 5.
Law enforcement customers (and partners who manage criminal justice information) are taking advantage of AWS services to dramatically improve the security and protection of CJI data, using the advanced security services and features of AWS, such as:
- Activity logging (AWS CloudTrail).
- Encryption of data in motion and at rest (Amazon S3’s Server-Side Encryption with the option to bring your own key)
- Comprehensive key management and protection (AWS Key Management Service and CloudHSM).
- Integrated permission management (IAM federated identity management, multi-factor authentication).
Making a quick start
AWS provides training to state CJIS systems agencies (or their functional equivalents) to get them up to speed in this new environment. To help inform new CJIS customers, AWS offers a Quick Start software package. A Quick Start is automated and helps agencies create a cloud-based work environment using customizable templates and scripts that help users build and configure CJI workloads in about 30 minutes.