Virtual and Cloud Compliance for CJIS
Strong Policy and Encryption are Key
CJIS – the Criminal Justice Information Systems Compliance Specification, version 5.3, specifies Access Controls, Configuration Management and Systems Protection and Data Integrity and critical control objectives.
Many of the 100+ controls that are prescribed in CJIS specification v5.3 pertain to controls on processes and procedures for hiring and training datacenter operators, system administrators, etc. The relevant CJIS controls deal with virtual infrastructure administrator access management, separation of duties, least privilege enforcement, and logging of virtual infrastructure administrator activity.
It is unusual for a single software solution to satisfy so many compliance controls simultaneously. The depth of controls in the HyTrust solution enables organizations to greatly simplify the task of architecting, testing, and deploying an audit-ready, CJIS compliance-capable virtualized infrastructure.