Canonical FrameworkCompliance & Audit

CJIS Security Policy

CJIS Security Policy control-mapping starter for agencies and contractors handling Criminal Justice Information. It references authentication, personnel, physical, media, encryption, audit, and incident topics, while limiting gateway controls to the technical and evidence fields they can implement.

This template is a configurable starting point and control mapping. It is not certification, legal advice, or a guarantee of compliance; validate it against your obligations and environment before use.

Regions

US

References

3 references

Mapped Control Domains

7 mapped domains

Deployment

Fully Air-gapped, Sovereign Region

Referenced Frameworks, Standards & Obligations

FBI CJIS Security Policy v6.128 CFR Part 20NCIC Operating Manual

Mapped Control Domains

Access Control
Audit Logging
Data Encryption
Physical Security
Incident Response
Personnel Security
Media Protection

Deployment profiles

Fully Air-gapped
Sovereign Region

Get started in 3 steps

1

Open the template

Open the catalog entry in the Keeptrusts console and review its included controls, references, and deployment metadata.

2

Adapt the configuration

Use the template as a starting point, then adjust relevant policies, thresholds, routing, and review settings for your requirements.

3

Validate before rollout

Test every outcome you configure—such as allow, redact, block, or operator review—before deploying through a supported gateway workflow.