AWS Public Sector Blog
Continued innovation in CJIS compliance in both AWS GovCloud (US) and AWS US Commercial Regions
Justice and public safety agencies and their solution providers are building highly available, resilient, and secure applications on Amazon Web Services (AWS) at a rapid pace. As these solutions are built, AWS’s innovative features and security controls can help customers comply with the latest Federal Bureau of Investigation (FBI) Criminal Justice Information Services (CJIS) Security Policy updates, and align with CJIS compliance not only in AWS GovCloud (US), but also in AWS (US) Commercial regions. Customers can confidently deploy CJIS workloads in either AWS (US) region, while maintaining access to simple and powerful cloud native tools to manage the full lifecycle of sensitive data.
When AWS launched these CJIS Security compliance innovations in early 2019, we did so with reference to our AWS GovCloud (US) Regions. This approach was in-line with the cloud computing guidance from the FBI CJIS Division and was accepted by customers who were moving to cloud-based solutions for their sensitive CJIS data. In addition to AWS GovCloud (US) Regions, public sector customers are now also deploying CJIS workloads in AWS US Commercial Regions, while meeting the data residency requirements of the CJIS Security Policy. Customers who deploy CJIS workloads to AWS US Commercial Regions use the same AWS services – such as the AWS Nitro System and the AWS Key Management Service (AWS KMS) – as they would in the AWS GovCloud (US). A CJIS reference architecture found here depicts how these services can work to secure sensitive CJIS data. This straightforward approach to data security lets customers choose the AWS US Region best suited to their needs, and gives them control of the full lifecycle of their CJIS data.
Innovations in FBI CJIS compliance allow agencies and their government technology partners to implement stringent, least-privilege access controls as required by the CJIS Security Policy. Customers maintain complete ownership and control over their sensitive CJIS data. These innovations also help preserve the critical chain of custody for digital evidence in the cloud by removing cloud provider personnel from impacting the cloud digital evidence chain of custody. The AWS Nitro System virtual compute instances operate on a locked down security model prohibiting all interactive administrative access, including that of AWS employees, while the AWS KMS provides customer-controlled symmetric encryption for data at-rest. Public sector customers, like Georgia state agencies, are securing sensitive criminal justice information in AWS US Commercial Regions using the same security services as they would in AWS GovCloud (US) Regions.
“Georgia state agencies migrating CJIS workloads to AWS US Commercial Regions under the Georgia Technology Authority’s (GTA) shared IT services program,” said James Brown, State of Georgia CJIS Information Security Officer at the Georgia Bureau of Investigation. “Agencies in Georgia are using AWS Managed Services Advanced to deploy and secure sensitive CJIS workloads in AWS US Commercial regions.”
To learn more, please read these resources:
- A journey of innovation in CJIS compliance
- Confidential computing: An AWS perspective
- How the latest FBI CJIS Security Policy updates help you control your criminal justice information
Subscribe to the AWS Public Sector Blog newsletter to get the latest in AWS tools, solutions, and innovations from the public sector delivered to your inbox, or contact us.
Please take a few minutes to share insights regarding your experience with the AWS Public Sector Blog in this survey, and we’ll use feedback from the survey to create more content aligned with the preferences of our readers.