CJIS Security Policy Compliance

Axon has signed the CJIS Security Addendum in all states

Axon is committed to meeting the Criminal Justice Information Services (CJIS) Security Policy requirements of all of its customers. As a reflection of this commitment, Axon has contractually committed to the CJIS Security Policy within all states.

Law enforcement agencies across the United States can confidently utilize Axon cloud services knowing that Axon is a partner in meeting CJIS Security Policy requirements.

What is the CJIS Security Policy?

The Federal Bureau of Investigation’s CJIS Security Policy sets the minimum security requirements to provide an acceptable level of assurance to protect the full lifecycle of Criminal Justice Information. Agencies using cloud based services are required to make informed decisions on whether or not the cloud provider can offer services that maintain compliance with the requirements of the CJIS Security Policy.

Axon cloud based services are designed and operated to ensure that they are compliant with the FBI CJIS Security Policy. The Axon CJIS Compliance Whitepaper outlines the the specific security policies and practices for Evidence.com and how they are compliant with the CJIS Security Policy. Customers can be assured that their digital data is protected by a robust information security program that is designed to exceed the CJIS security requirements as well as provide protection against current and emerging threats.

CJIS and Cloud Services

While the CJIS Security Policy sufficiently outlines security and privacy considerations for cloud computing, it lacks in providing agencies an effective mechanism or scalable guidance to ensure compliance with the CJIS Security Policy Personnel Security requirements when utilizing large scale cloud providers such as Axon. Without recommendations for personnel security reciprocity or community-wide personnel adjudication mechanisms, each individual agency becomes burden with the execution of often times redundant personnel screening, training and adjudication activities.

Al haber más de 18.000 agencias de las fuerzas de seguridad en los Estados Unidos, Axon se ha dedicado a coordinar los procesos de requisitos de proveedores relacionados con el CJIS en las Agencias del Sistema del CJIS (CSA) a nivel estatal. Axon alienta a todas las CSA a brindar procesos o pautas estatales o comunitarias para gestionar los requisitos de los proveedores relacionados con el CJIS para agencias de las fuerzas de seguridad de su comunidad. Axon considera que los procesos organizados por las CSA fomentan la disponibilidad de las opciones de procesamiento de datos del CJI para las fuerzas de seguridad.

En consecuencia, Axon se ha unido a CJIS ACE para a las CSO, ISO y otros organismos del estado a desarrollar, identificar e implementar procesos en sus estados con el fin de perfeccionar y centralizar los requisitos del CJIS para aprovechar los consecuentes aumentos en la eficiencia, el aseguramiento de la calidad y el cumplimiento de la seguridad en general. Gracias a nuestra alianza, hemos trabajado con muchos estados y podemos ayudar a llevar esas mejores prácticas y nuestra experiencia en la materia a su estado para su consideración. Conozca más sobre este servicio gratuito aquí o comuníquese a infosec@axon.com.

Axon has performed statewide CJIS-related vendor requirements with many states including Colorado, Michigan, North Carolina, Washington, Texas, and Minnesota. Contact your Axon Sales Representative to confirm the status of centralized CJIS-related vendor requirements in your state or community.

Axon's CJIS Commitment

Axon promete los siguientes elementos de cumplimiento del CJIS para todos nuestros clientes de los EE. UU.:

Anexo de seguridad del CJIS

El Anexo de seguridad del CJIS es un anexo uniforme a un acuerdo celebrado entre un organismo gubernamental y un contratista privado, aprobado por el fiscal general de los Estados Unidos, que autoriza específicamente el acceso a información de la justicia penal, restringe el uso de la información a los fines para los cuales de brinda, garantiza que la seguridad y la confidencialidad de la información cumplan con las normas vigentes y con la Política de seguridad del CJIS, prevé sanciones e incluye las disposiciones que el fiscal considere necesarias.

Axon ha incorporado el Anexo de seguridad del CJIS a modo de referencia a los contratos de servicio Evidence.com. Este texto contractual puede obtenerse en el Acuerdo principal de adquisición de servicio de Axon.

Adjudicación de personal

As mandated by the CJIS Security Policy, all law enforcement agency contractors who perform criminal justice functions shall meet the same training and certification criteria required by governmental agencies performing a similar function, and shall be subject to the same extent of audit review as are local user agencies. All private contractors who perform criminal justice functions shall acknowledge, via signing of the CJIS Security Addendum Certification page, and abide by all aspects of the CJIS Security Addendum.

Controles de registros basados en huellas dactilares

El personal autorizado de Axon debe someterse a controles de registros del estado de residencia y nacionales, basados en huellas dactilares, ya sea a nivel estadual o local.

Certificaciones accesorias de seguridad del personal

Axon maintains signed CJIS Security Addendum certification pages for Axon personnel that can be provided to customer agencies.

Capacitación sobre seguridad del CJIS

Axon maintains a comprehensive security awareness program which includes annual computer-based training, simulated security attacks and social engineering testing. Additionally, Axon has engaged with Peak Performance Solutions and partnered with NLETS to enroll authorized Axon personnel in Peak Performance's CJIS Online training solution. This training provides CJIS-specific training for personnel working on the Evidence.com services. Authorized Axon personnel are required to complete Level 4 CJIS Security Training upon assignment and biennially thereafter.

Las agencias de las fuerzas de seguridad pueden acceder al portal de CJIS en internet para validar el estado de la capacitación del personal de Axon. Como alternativa, las agencias clientes pueden solicitar un informe de finalización brindado por Axon.

Soberanía de datos dentro de los Estados Unidos

Axon se compromete de forma contractual con clientes de los Estados Unidos a que los datos de evidencias de las agencias ingresados en Evidence.com permanecen dentro de los Estados Unidos, incluidos los datos de las copias de seguridad, los sitios de replicación y los sitios de recuperación ante desastres. Este texto contractual puede obtenerse en el Acuerdo principal de adquisición de servicio de Axon.

Providing detailed security, privacy and compliance information or CJIS assistance

Axon has created the Axon CJIS Compliance Whitepaper to outline the the specific security policies and practices for Evidence.com and how they are compliant with the CJIS Security Policy. Also, responses to questions posed in the CJIS Security Policy Appendix G.3 Cloud Computing are provided within the whitepaper. This whitepaper can be used by law enforcement agencies as detailed information to assist in CJIS assessment or audit activities.

Axon can provide additional security, privacy and compliance information beyond what is communicated on the Axon.com website and the Axon CJIS Compliance Whitepaper.

Evidence.com's CJIS compliance status has been validated independently by CJIS ACE and has been reviewed by numerous US law enforcement agencies. Axon is confident that Evidence.com will not cause a customer to fail a CJIS audit. To support customers in any CJIS audit that includes Evidence.com, Axon employs dedicated Information Security and Compliance professionals that are available to directly assist customers.

Please reach out to your Axon Sales Representative with questions or requests for CJIS related documentation, Axon personnel documentation, or CJIS audit or compliance assistance.