Understanding the New CJIS Cybersecurity Requirements

Criminal justice agencies oversee vast amounts of sensitive data, making them prime targets for cybercriminals. Protecting this data is crucial to prevent identity theft, compromised investigations, and threats to public safety. Ensuring the protection of electronic files and data maintains the integrity of investigations and safeguards against tampering and unauthorized access. According to Verizon’s 2023 Data Breach Investigations Report (DBIR) the public administration sector accounted for 20% of cyber incidents and 11% of breaches, the highest of any industry.

Safeguarding What Matters

Valuable to Threat Actors

1) Cyber threat actors target organizations with access to sensitive data for two reasons:

2) Sensitive information may sell at a higher value on the dark web if/when the ransom demand is not met. It can be used to commit fraud or identity theft or to extort money from victims.

New CJIS Cybersecurity Requirements

Effective Oct. 1, 2024.

With these evolving cybersecurity threats and the sensitive nature of CJIS data, the FBI has introduced key changes to the CJIS data security requirements to enhance protection and overall cybersecurity measures.

Up to 50% of the CJIS Security policy is new in version 5.9.5 with potential additional updates in the future. It is critical for agencies to act on these policy changes now and to make updates to policies to address them.

5.3 Incident Response (IR)

Annual Updates

The new requirements demand that agencies not just have an IR plan in place, but that it gets annual updates and updates after a security incident.

Testing and Run-Throughs

Agencies must provide incident response training to their staff. This equips staff with tools needed to identify a breach, respond to it, and report it. Agencies must also evaluate the effectiveness of their IR capabilities through tabletop or walk-through exercises; simulations; or other agency-appropriate tests.

By having an IR plan in place that gets regular updates and evaluation, and practicing it regularly, agencies can be prepared to handle incidences unauthorized access of CJI.

Post-Incident Assessment

A plan for IR must include the following elements. For breaches involving personally identifiable information: (a) A process to determine whether notice is necessary to individuals or other organizations, including oversight organizations; (b) An assessment process to determine what harm, embarrassment, inconvenience, or unfairness have been sustained by affected individuals and what measures have been taken to mitigate such harms; and (c) Identification of applicable privacy requirements.

5.4 Audit & Accountability

Agencies must create, share, and enforce documented security policies to ensure adherence to accountability controls and the ability to detect potentially unauthorized activities. This includes generating auditable records for significant events, such as authentication, file use, user/group management, log-on attempts, permission changes, and actions on privileged accounts. They must also log events related to attempts to access, modify, or destroy audit log files. These records should include the event type, date, source, outcome, and identity of involved individuals and must be kept for at least one year.

Maintaining security policies and audit logs is crucial for cybersecurity because they:

  • Ensure accountability across authorized users, since they know their actions will be tracked and recorded.
  • Help detect unauthorized activities, including attempts to access, modify, or delete sensitive information.
  • Facilitate incident response and forensic analysis to determine how an attack occurred, what systems were affected, and what data was compromised.

More Info On CJIS Security Policy Updates

Download our full guide to understanding the changes to CJIS security policy.

As technology advances, so do the challenges of maintaining secure, compliant systems in law enforcement. The latest update to the Criminal Justice Information Services (CJIS) requirements brings cybersecurity to the forefront, emphasizing the protection of sensitive data like never before. Our in-depth whitepaper breaks down these new requirements, offering insights and actionable steps to help you stay compliant and secure. Whether you’re an IT manager, law enforcement professional, or cybersecurity expert, this guide is your essential resource for understanding and implementing the updated standards.

Download Now

Inside This Whitepaper, You’ll Discover:

  • Key Changes: A detailed overview of the new cybersecurity mandates and how they impact your operations.
  • Best Practices: Proven strategies to meet the updated requirements while enhancing your overall security posture.
  • Actionable Steps: Practical advice on how to immediately begin aligning your systems with the new CJIS requirements.

The information provided by SecuLore regarding CJIS compliance is for general informational purposes only and does not constitute compliance or legal advice. While we strive to ensure the accuracy and relevance of the content, it may not reflect the latest regulatory developments or compliance requirements. This information should not be used as a substitute for professional compliance consultation. Always consult with a qualified compliance professional before making any decisions based on the information provided here. SecuLore is not responsible for any actions taken or not taken based on this content.

Contents

Other Resources

  • Why Mainstream Cyber Tools Miss PSAP Attacks
  • 2025 Cybersecurity Year in Review for SLED + 2026 Threat Predictions
  • Nevada’s 2025 Ransomware Incident: Case Study in Detection, Response, and Recovery
  • SecuLore Introduces CyberShapes™: AI-Enhanced Threat Detection for Public Safety & Critical Infrastructure
  • CJIS Cybersecurity Requirements: What You Need to Know