FREE e-Newsletter
Important News - Hot Topics
Get them Now!

Cobalt Software Platform - Mark43
Mark43's Cobalt software platform unites a set of law enforcement tools securely...

No upcoming webinars scheduled

Ask The Expert

Submit your question here

Q. To what types of data does the FBI-CJIS Security Policy apply? Does this differ for hosted solutions?

Any data that is considered criminal justice information,  or CJI. In many cases this is very clear and well-defined such as data contained in a records management system or a facial recognition gallery made up of mugshots and the related criminal history. But, some forms of data such as license plate reader (LPR) data, the lines are not as clear. It is generally accepted that LPR detection data is NOT CJI as it is anonymous in nature (it is only the alphanumerics of the plate, time/date, and location). There is no personal information or case information contained in an LPR detection. But, LPR hotlist data, depending on the source, MAY contain CJI. It is because of this possibility that many agencies desire that their LPR solution is in compliance with FBI-CJIS Security Policy.

Mark Rivera

Mark Rivera

FBI-CJIS Security Policy Compliance Officer

Mark Rivera, Customer Retention Manager and CJIS Security Compliance Officer with Vigilant Solutions, served for sixteen years with the Maryland State Police, retiring at the rank of First Sergeant with thirteen of those years at the supervisory and command level. He holds a Master of Science Degree in Management from The Johns Hopkins University and Secret clearance through the FBI, Baltimore.

Other Recent Questions

What are the biggest challenges in small rural communities for law enforcement?
With regard to security compliance the biggest challenges would be staffing and...
Should cities place the person responsible for CJIS compliance or cyber security of systems in the city under the direction of the police department?
Section 3 of the FBI-CJIS Security Policy defines Roles and Responsibilities for an...
Is case and incident information I exchange by voice over my ePTT system (Kodiak) subject to CJIS requirements for encryption and authentication?
The short answer is “No”. Case and incident information would be generated by...
What is the certification process for vendors?
In short, there isn’t one. I wrote a whitepaper recently covering this topic, among...

Police Magazine