Virtual and Cloud Compliance for CJIS
Strong Policy and Encryption are Key
CJIS – the Criminal Justice Information Systems Compliance Specification, version 5.3, specifies Access Controls, Configuration Management and Systems Protection and Data Integrity and critical control objectives.
Many of the 100+ controls that are prescribed in CJIS specification v5.3 pertain to controls on processes and procedures for hiring and training datacenter operators, system administrators, etc. The relevant CJIS controls deal with virtual infrastructure administrator access management, separation of duties, least privilege enforcement, and logging of virtual infrastructure administrator activity.
These are areas where HyTrust’s encryption, workflow automation, and logging capabilities satisfy more than a dozen controls.
It is unusual for a single software solution to satisfy so many compliance controls simultaneously. The depth of controls in the HyTrust solution enables organizations to greatly simplify the task of architecting, testing, and deploying an audit-ready, CJIS compliance-capable virtualized infrastructure.
The Criminal Justice Information Systems (CJIS) Compliance Specification v5.3 prescribes “Access Controls”, “Configuration Management”, and “Systems Protection and Data Integrity” as critical control objectives. This document summarizes how HyTrust software can simplify CJIS compliance, by automating VM encryption and administrative controls in a virtualized datacenter running VMware vSphere on Intel processors.
Government, military, and major national civilian agencies make enticing targets for cyber crime and cyber espionage. To combat this reality, significant measures have been implemented or are underway to make networks and data safe in the federal government, the military, state and local governments, and large national organizations such as airports. Yet, there are still numerous challenges blocking an ultimate victory over cyber crime at every level.