AWS Security Blog

New Whitepaper: CJIS Compliance on AWS

CJIS logo

AWS is an attractive environment for regulated data, including Criminal Justice Information (CJI) subject to the Criminal Justice Information Services (CJIS) Security Policy. AWS customers have used the AWS cloud for a wide range of sensitive federal and state government workloads, including CJI data. Law enforcement customers and partners who manage CJI are taking advantage of AWS services to both comply with the Federal Bureau of Investigation’s policy and dramatically improve the security and protection of CJI data by using:

Our latest whitepaper, CJIS Compliance on AWS, details how AWS services can be utilized to comply with CJIS requirements, what AWS services make possible within the framework of CJIS, and the portioning of responsibilities between AWS and CJIS customers.

Additionally, AWS has evaluated the 13 policy areas along with the 131 security requirements and has determined: 10 controls can be directly inherited from AWS; both AWS and the CJIS customer share 78 controls; and 43 controls are customer-specific controls. AWS has documented these requirements within a detailed control workbook, which can be requested under an NDA: AWS CJIS Security Policy Workbook.

Chad Woolf
Director, AWS Risk and Compliance

Additional resource