CJIS-Compliant Managed Services

How Cerium works with Law Enforcement Agencies to Protect Criminal Justice Information

The FBI’s Criminal Justice Information Services Division (CJIS) Security Policy, is a set of standards for organizations that access criminal justice information (CJI). The CJIS Security Policy was developed to ensure appropriate controls are in place to protect the full lifecycle of CJI, whether at rest or in transit. As a managed service provider (MSP), Cerium Networks understands the security precautions that must be taken to protect and comply with CJIS Security Policies.

Security and Compliance are Shared Responsibilities

While Cerium Networks does not process, store, or transport client data, we believe that security and compliance are shared responsibilities between Cerium and our clients. Shared responsibility means that our clients remain responsible for managing their client-side environment(s) and their data; including but not limited to:

  • User identity and access management
  • Access control for Cerium Managed Services solutions
  • Security management and control of hardware, software, applications, and device rights
  • Digital and physical security for data both in transit and at rest.

 

ISO 27001 Attestation

Cerium has adopted the ISO 27001:2013 Information Security Management System (ISMS) and is working towards formal attestation by an independent auditor. We continuously evaluate our security processes, procedures, and methodologies and we remediate gaps promptly if/when they are identified. ISO 27001 Attestation represents the highest form of independent assurance available with respect to internal control, data protection, and regulatory compliance (i.e., CJIS, HIPAA, and PCI).

Security Policies, Protocols Best Practices

Cerium security policies, protocols, and best practices for accessing client systems include:

  • An agreed-upon limit of unsuccessful login attempts
  • Event logging of various login activities, including password changes
  • Monthly audit reviews
  • Active account management moderation
  • Session lock after 30 minutes of inactivity
  • Access restrictions based on physical location, job assignment, time of day, and network address

 

Information Exchange Agreements

Cerium is committed to maintaining world-class security and compliance programs in support of our clients’ needs. Cerium will sign and adhere to Information Exchange Agreements that contain clear specifications of all client services and systems we will have access to. They also detail the extent of our interaction and the relevant security policies and procedures in place between to ensure appropriate safeguards. Our agreements include audit, dissemination, quality assurance (QA), security, and validation, among others.

Personnel Security

Cerium personnel, including employees and contractors, are subject to security screenings and national fingerprint-based background checks. Cerium maintains thorough records of the results of those tests.
All Cerium Personnel working for Cerium Networks’ Philippines, are subject to extensive employment checks through the Philippine National Bureau of Investigation (the Philippine equivalent of the FBI). These screenings include a comprehensive National Criminal Record fingerprint search.

Security Awareness Training

Cerium employees (US and Philippines) are required to undertake security training within the first six months of joining Cerium and are required to complete refreshers every year. We maintain records on all individual security awareness training and specific information system security training.

Remote Monitoring and Management

Cerium remote monitoring applications and services align with CJIS requirements:

  • Auditing and Accountability: Cerium’s remote management and monitoring tools provide the ability to generate audit records of client systems for defined events, incidents, and requests.
  • Incident Response: Cerium remote monitoring solutions can detect and contain data breaches. Cerium has data recovery measures in place and all data breaches are reported to the appropriate authorities. It is important to note that Cerium Networks clients must also have their own incident response policies and procedures in place.
  • Access Control: Cerium employs multiple mechanisms for addressing login management for remote access to client systems, including access restriction based on physical location, job assignment, time of day, network address and session lock session inactivity.
  • Authentication: Access to Cerium remote monitoring applications support CJIS login credential standards, meet password requirements, and use advanced authentication methods as previously discussed.

 

Conclusion

At Cerium Networks, we take our data security and compliance responsibilities seriously. We continuously work to enhance and refine our security and compliance programs to keep pace with constantly evolving requirements. This document provides a high-level summary of how Cerium Networks Managed Services works with our clients to address CJIS compliance concerns; contact a Cerium Networks expert to learn more.

Disclaimer: This blog post is provided for informational purposes only, and it is provided “as is,” without warranties of any kind, whether express or implied. In addition, this blog post does not create any representations, contractual commitments, conditions or assurances from Cerium Networks or any of its related entities. Cerium Networks’ Managed Services responsibilities to its clients are set forth in the contract(s) it has signed with those clients, and this blog post is not a part of and does not modify any such contract. The post reflects our current CJIS compliance practices, which may be updated from time to time.

Learn more about how Cerium Managed Service's security policies and best practices protect client data.

Contact Us

Related Articles

A sampling of other articles you may enjoy if you liked this one.

Webinar Replay: Cisco SecureX, Threat Response, and APIs
Jun 25, 2020

Are you overwhelmed by too many security investigation tools? Time is a scarce resource for many or...

Read More
anyconnect
Cisco AnyConnect: Secure Remote Access for the Long Haul
Jun 17, 2020

Most of us were caught off-guard by the COVID-19 crisis and the resulting social distancing requirem...

Read More
incident response
A State and Local Government Guide to Developing an Incident Response Plan
Jun 9, 2020

Incident Response Plays a Key Role in Effective Cybersecurity Experts say that a security breach is...

Read More
For Emergency Support call: (877) 423-7486
For other support requests or to access your Cerium 1463° portal click here
Stay in the Know

Stay in the Know

Don't miss out on critical security advisories, industry news, and technology insights from our experts. Sign up today!

You have Successfully Subscribed!