Understanding CJIS Compliance and Data Encryption

Criminal Justice agencies, ranging from local police departments to the FBI, document various aspects of criminal justice information (CJI). This may include fingerprints, body-worn camera footage, or a facial recognition gallery made up of mugshots and related criminal history. It’s obviously crucial that this kind of information remain safeguarded and only accessible to those who truly need such information to perform their job. Each criminal justice agency must be on the same page about protecting this data; this is where CJIS compliance and data encryption come into play.

Learn more about the relationship between data encryption and CJIS compliance, and why the right data encryption methods are essential for maintaining the confidentiality required of criminal justice information.

What is CJIS Compliance?

Every day, criminal justice and law enforcement agencies on the local, state, and federal levels access the Criminal Justice Information Services (CJIS) databases for information necessary to perform background checks and track criminal activity. It’s important that this data not fall into the wrong hands — the security of CJIS data could mean the difference between civil liberties being secured or violated.

CJIS compliance keeps networks on the same page when it comes to data security and encryption, and ensures that sensitive criminal justice intel is locked down. However, there is no nationwide, uniform certification system for CJIS compliance; instead, each state government manages CJIS compliance semi-independently through a state-appointed CJIS Systems Officer (CSO) who administers policy for computers, networks, and other parts of the CJIS infrastructure. The CSO is also tasked with ensuring that organizations are obeying regulations, documenting compliance, and reporting back to the FBI.

What Is Data Encryption?

In cryptography, or the art of writing or breaking codes, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can decipher a ciphertext back to plaintext and access the original information.

Like multi-factor authentication, data encryption adds an extra layer of security to your data — if a criminal gains access to an encrypted file or communication, that information is useless without the key to decrypt it.

The purpose of data encryption is to protect digital data as it is stored on computer systems and transmitted using the internet or other computer networks. These encryption algorithms provide confidentiality and drive key security initiatives including authentication, integrity, and non-repudiation – or the inability to refute responsibility.

Understanding How Data Encryption is an Essential Part of CJIS Compliance

Despite not having a national standard for how its information is secure, CJIS itself has established requirements for the use of data encryption when storing and using sensitive data, as well as including CJI in communications. Such regulations stipulate a minimum of 128 bit encryption be required, and keys used to decrypt data must be adequately complex – at least 10 characters long, a mix of upper and lowercase letters, numbers, and special characters – and changed as soon as authorized personnel no longer need access.

Common Data Encryption Methods

There are two types of common data encryption methods:

• Symmetric Encryption: Symmetric encryption uses a single key to encrypt as well as decrypt data; the key needs to be shared with all authorized people.
• Asymmetric Encryption: Also called public key cryptography, asymmetric encryption uses two separate keys: one that is public, or shared with everyone, and one that is private, known only to the key’s generator. The public key is used to encrypt the data and the private key helps to decrypt it.

Then there are a variety of ways to implement data encryption, such as:

Advanced Encryption Standard (AES)

Advanced Encryption Standard is a symmetric encryption algorithm that encrypts fixed blocks of data (of 128 bits) at a time. The keys used to decipher the text can be 128-, 192-, or 256-bit long. The 256-bit key encrypts the data in 14 rounds, the 192-bit key in 12 rounds, and the 128-bit key in 10 rounds. Each round consists of several steps of substitution, transposition, mixing of plaintext, and more. AES encryption standards are the most commonly used encryption methods today, both for data at rest and data in transit.

Rivest-Shamir-Adleman (RSA)

Rivest-Shamir-Adleman is an asymmetric encryption algorithm that is based on the factorization of the product of two large prime numbers. Only someone with the knowledge of these numbers will be able to decode the message successfully. RSA is often used in digital signatures but works slower when large volumes of data need to be encrypted.

Triple Data Encryption Standard (TripleDES)

Triple Data Encryption Standard is a symmetric encryption and an advanced form of the DES method that encrypts blocks of data using a 56-bit key. TripleDES applies the DES cipher algorithm three times to each data block. TripleDES is commonly used to encrypt ATM PINs and UNIX passwords.

ECC Asymmetric Encryption Algorithm

In 1985, two mathematicians named Neal Koblitz and Victor S. Miller proposed the use of elliptic curves in cryptography. After almost two decades, their idea was turned into a reality when the ECC (Elliptic Curve Cryptography) algorithm entered into use in 2004-05.

In the ECC encryption process, an elliptic curve represents the set of points that satisfy a mathematical equation (y2 = x3 + ax + b).

Like RSA, ECC also works on the principle of irreversibility. In simpler words, it’s easy to compute it in one direction but painfully difficult to reverse it and come to the original point. In ECC, a number symbolizing a point on the curve is multiplied by another number and gives another point on the curve. Now, to crack this puzzle, you must figure out the new point on the curve. The mathematics of ECC is built in such a way that it’s virtually impossible to find out the new point, even if you know the original point.

Gain Peace of Mind in Your Data Protection With Thrive!

By relying on Thrive’s unique CJIS-compliant bundled cloud solutions to provide the safest and most cost-effective cloud migration, you can eliminate uncertainty, shorten implementation time, and stay focused on achieving your organizational goals!

Our bundled cloud services package provides a single, easy-to-consume solution that combines Thrive’s local CJIS private cloud and Microsoft Azure’s CJIS cloud. This enables you to receive a maximum ROI while minimizing the financial risks and up-front investments often associated with cloud migration. Learn more and contact one of our IT experts today for a free consultation.