In order for XTIVIA to provide DBA managed services to governmental agencies where the FBI’s Criminal Justice Information Services Division (CJIS) Security Policy is required, CJIS compliance was necessary. CJIS is a set of standards for accessing criminal justice information (CJI).
XTIVIA, as an organization, must maintain a security program consistent with federal and state laws, regulations, and standards including the CJIS Security Policy as well as with policies and standards established by the Criminal Justice Information Services (CJIS) Advisory Policy Board (APB) relevant to supported clients. This is in addition to the SSAE 18 Type 2 Compliance XTIVIA achieves annually.
Whether in transit or at rest, the CJIS Security Policy was designed to ensure appropriate controls are established in order to protect the full lifecycle of CJI. XTIVIA understands that as a managed and professional services provider, security safeguards must be taken to protect and comply with CJIS Security Policies.
The CJIS Security Policy requires that each individual with direct, indirect, or incidental access to criminal justice information must be fingerprinted and complete CJIS Security Awareness Training (CJIS Security Policy, section 5.2).
XTIVIA takes our compliance and security responsibilities very seriously. Refining and enhancing security and compliance is a continual process that involves everyone.
Please contact us with any questions you may have or for more information.
Note: The blog post reflects a high level overview of our current CJIS relationship and practices, which may be modified from time to time. This post is provided for informational purposes only, and it is provided “as is,” without warranties of any kind. This blog post does not establish any contractual commitments, representations, conditions or assurances from XTIVIA or any of its related entities.