In short, there isn’t one. I wrote a whitepaper recently covering this topic, among other items. There is no central FBI-CJIS authorization body, no accredited pool of independent assessors, nor a standardized assessment approach to determining whether a particular solution is “FBI-CJIS compliant” nationally. To be FBI-CJIS compliant requires an individual evaluation and assessment by the government agency that contracts for that specific technology or cloud service. It is important for an agency to have a collaborative effort with the service provider as well as the local, state and federal CJIS ISO(s) to discuss the issues surrounding the project. This process will be the only path forward for the agency to thoroughly evaluate the service provider’s information and make an informed decision. I’m happy to provide some questions that an agency should ask during this process.