Resources for Criminal Justice Agencies
Resources for Criminal Justice Agencies
If you need guidance on some of the murkier waters of the CJIS Security Policy, look no further. This page provides a library of examples of certain policies required by the CJIS Security Policy. These resources apply to Criminal Justice Agencies (CJAs) as well as any vendors/private contractors who support them.
Essential Policy Links
Interagency Agreements
- Management Control Agreement
- Appendix page D9 of the CJIS Security Policy
- Intergovernmental Agreement between Two Agencies with a Shared Vendor
- example; can be modified
- Management Control Agreement between a Criminal Justice Agency and Government IT
- example; can be modified
CJIS Security Addendum
- CJIS Security Addendum
- page H6 and H7 of the CJIS Security Policy
- CJIS Security Addendum Certification Page
- page H8 of the CJIS Security Policy
- What's the Difference Between the Security Addendum and Security Addendum Certification?
- Contract Amendment Template for Including the CJIS Security Addendum
- Contract Amendment Template for Including the CJIS Security Addendum--with Instructions
Examples of Required Policies
Considerations for CJIS Data and Cloud Computing
Personnel Security Requirements
- Fingerprinting through Colorado Applicant Background Services (CABS)
- note: criminal justice personnel are still fingerprinted at the agency itself
- Security Addendum Certification
- to be signed by each contracted vendor employee with access to CJI/CHRI--not to be incorporated into contracts
External Links
- NIST Cryptographic Module Validation Search
- needed to demonstrate compliant encryption of CJI
- Vendor Management Program
- a program that consolidates the background check process for criminal justice vendors
- CJIS Online
- a free utility providing the required Security Awareness Training for those with access to CJI/CHRI