Wasabi’s “Defense-in-Depth” Approach to CJIS Security Policy Compliance

Richard Herold, Senior Product Manager
Wasabi Technologies, Inc.
11/14/2017
Blog

Every company that stores data wants to know that data is protected—but some organizations, such as law enforcement and criminal justice agencies, have policies that require proof of much more stringent security measures.

That’s why the Criminal Justice Information Services (CJIS) Division of the FBI created the CJIS Security Policy in 1998. It contains minimum requirements for the creation, viewing, modification, transmission, dissemination, storage, and destruction of criminal justice information (CJI). That’s information like biometric data, digital fingerprint records, arrest and stolen property reports, criminal records, and digital evidence such as dashboard and body-worn camera video. As you might suspect, the full details of the security policy are outlined in a hefty document of more than 230 pages.

At Wasabi, we take every word of that policy seriously. Wasabi hot storage is a great choice for law enforcement agencies who need primary storage, secondary storage for backup or disaster recovery, and cold storage for data archival (with one low-priced, ultra-fast tier of service). We want agencies that deal with CJI to know that they can use Wasabi to store their most sensitive data in accordance with CJIS Security Policy regulations—all with confidence and peace of mind in knowing that their data is fully protected.

Wasabi Receives CJIS ACE Compliance Seal from Third-Party Expert

The federal government doesn’t issue a formal CJIS Security Policy certification or compliance assessment because it expects individual organizations to ensure their IT systems and practices comply with the policy. However, after a thorough audit, Wasabi storage services were awarded the official CJIS ACE Compliance Seal by Diverse Computing, a trusted third-party law enforcement agency solution provider with deep CJIS audit and compliance expertise.

Layers of Security for Maximum Protection

The CJIS Security Policy requires law enforcement agencies to ensure that digital information, electronic records, and personally identifiable information are not deleted improperly, corrupted, tampered with, or disclosed to unauthorized individuals. That data must be protected in transit and at rest, throughout its lifecycle, regardless of whether it’s kept on-premises, in a hosted facility or in the cloud. And those security requirements apply to every individual with access to, or who administers, criminal justice services and information—including contractors, private entities, non-criminal justice agency representatives, and cloud service providers, such as Wasabi.

The Wasabi cloud storage service is engineered to ensure the protection, privacy, and integrity of customer data. The service is built and managed according to security best practices and standards, with CJIS security guidelines in mind. To meet and exceed those guidelines, Wasabi uses a “defense in depth” approach to security, with a wide range of best practices and technologies to ensure the physical security of its facilities and to maintain the privacy, security, and integrity of electronic data and digital records.

Physical Security

The Wasabi service is hosted in premier Tier IV data center facilities that are highly secure, fully redundant, and certified for SOC-2 and ISO 27001 compliance. Each site is staffed 24/7/365 with on-site security personnel to protect against unauthorized entry. Security cameras continuously monitor the entire facility—both indoors and outdoors. Biometric readers and two-factor or greater authentication mechanisms secure access to the building. Each facility is unmarked so as not to draw attention from the outside.

Secure Network Architecture

Wasabi employs advanced network security elements, including firewalls and other boundary protection devices to monitor and control communications at internal and external network borders. These border security devices segregate customers and regulate the flow of communications between networks to prevent unauthorized access to Wasabi infrastructure and services.

Data Privacy and Security

Wasabi supports a comprehensive set of data privacy and security capabilities to prevent unauthorized disclosure of CJI. Strong user authentication features tightly control access to stored data. Access control lists (ACLs) and administratively defined policies selectively grant read/write and administrative permissions to users, groups of users, and roles.

Data Durability and Protection

Wasabi provides eleven 9s object durability, protecting data against hardware failures and media errors. In addition, Wasabi supports an optional data immutability capability that prevents data from being deleted or modified by anyone—including Wasabi—and protects data against the most common causes of data loss and tampering including accidental file deletions, viruses and ransomware.

True Security Is a Joint Effort

Of course, our customers, including law enforcement agencies, have a responsibility to maintain security protocols, too. The Wasabi storage service is typically employed as part of a larger public or hybrid cloud IT implementation that includes multiple compute, storage and networking components. To ensure CJIS Security Policy compliance, IT personnel at those agencies must ensure the storage management tools and applications they use are configured to take advantage of Wasabi security features.

Working together, Wasabi and our customer agencies can ensure the protection, privacy, and integrity of criminal justice information. We are committed to helping agencies comply with the CJIS Security Policy and have secured our physical data centers, infrastructure, and services to meet those policy objectives.