Criminal Justice Information Services (CJIS)

The CJIS Security Policy (Policy) provides Criminal Justice Agencies and Noncriminal Justice Agencies with a minimum set of security requirements for access to Federal Bureau of Investigation (FBI) Criminal Justice Information Services (CJIS) Division systems and information and to protect and safeguard Criminal Justice Information (CJI).

The FBI does not provide for formal CJIS certification or attestations, but instead employs a shared management philosophy with federal, state, local, and tribal law enforcement agencies. Overall, the Policy provides a baseline of security requirements to current and planned services and sets a minimum standard for new initiatives for any agency working with CJI. In addition, any agency working with third-party vendors must enter into a contract related to administration of CJI with the vendor before the vendor may begin to work on behalf of the agency if in scope for the vendor’s services.

The Policy is based in part on technical requirements and guidance from the National Institute of Standards and Technology (NIST) and FBI directives. The Federal Risk and Authorization Management Program (FedRAMP) also uses NIST guidance for its security and compliance baseline, and as such many controls align across the CJIS Security Policy and FedRAMP. SentinelOne is currently FedRAMP authorized at the Moderate impact level, and is “In Process” at the FedRAMP High impact level.

Please contact your sales representative to discuss how SentinelOne can support your CJIS efforts.