AWS Security Blog

New Whitepaper: CJIS Compliance on AWS

AWS is an attractive environment for regulated data, including Criminal Justice Information (CJI) subject to the Criminal Justice Information Services (CJIS) Security Policy. AWS customers have used the AWS cloud for a wide range of sensitive federal and state government workloads, including CJI data. Law enforcement customers and partners who manage CJI are taking advantage of AWS services to both comply with the Federal Bureau of Investigation’s policy and dramatically improve the security and protection of CJI data by using:

Our latest whitepaper, CJIS Compliance on AWS, details how AWS services can be utilized to comply with CJIS requirements, what AWS services make possible within the framework of CJIS, and the portioning of responsibilities between AWS and CJIS customers.

Additionally, AWS has evaluated the 13 policy areas along with the 131 security requirements and has determined: 10 controls can be directly inherited from AWS; both AWS and the CJIS customer share 78 controls; and 43 controls are customer-specific controls. AWS has documented these requirements within a detailed control workbook, which can be requested under an NDA: AWS CJIS Security Policy Workbook.

Additional resource


Chad Woolf

Chad joined Amazon in 2010 and built the AWS compliance functions from the ground up, including audit and certifications, privacy, contract compliance, control automation engineering and security process monitoring. Chad’s work also includes enabling public sector and regulated industry adoption of the AWS cloud, compliance with complex privacy regulations such as GDPR and operating a trade and product compliance team in conjunction with global region expansion. Prior to joining AWS, Chad spent 12 years with Ernst & Young as a Senior Manager working directly with Fortune 100 companies consulting on IT process, security, risk, and vendor management advisory work, as well as designing and deploying global security and assurance software solutions. Chad holds a Masters of Information Systems Management and a Bachelors of Accounting from Brigham Young University, Utah. Follow Chad on Twitter.