Sunday, 14 Jul 2024
Technology

CJIS Password Policy Requirements

which of the following is a requirement if using advanced password standards?

The Criminal Justice Information Services Division (CJIS) is a crucial division within the FBI that provides essential tools and services to law enforcement agencies nationwide. Serving as the central repository for Criminal Justice Information (CJI), which includes departments like the National Crime Information Center (NCIC), Integrated Automated Fingerprint Identification System (IAFIS), and National Instant Criminal Background Check System (NICS), the CJIS database is a comprehensive resource for detaining criminals, performing background checks, and tracking criminal activity.

What is the CJIS Security Policy?

Due to the sensitive nature of CJI, it is crucial to implement technical controls to prevent unauthorized access. The CJIS Security Policy establishes the minimum requirements for entities accessing this data while providing guidelines for protecting its transmission, storage, and generation.

To understand the technology implementation of the CJIS Security Policy, let’s delve into Section 5: Policy and Implementation. This section encompasses 13 crucial policy areas, including Information Exchange Agreements, Security Awareness Training, Incident Response, Auditing and Accountability, Access Control, Identification and Authentication, Configuration Management, Media Protection, Physical Protection, System and Communications Protection and Information Integrity, Formal Audits, Personnel Security, and Mobile Devices.

This article will primarily focus on the role of passwords in the CJIS policy, as addressed in Policy Area 6: Identification and Authentication. This particular area applies to systems that process, store, or transmit CJI, requiring each individual with access to such systems to be uniquely identified. In the identification process, passwords are listed as a standard authenticator, subject to several requirements.

Tham Khảo Thêm:  Why IT Asset Audits Are Crucial for Businesses

Basic Password Standards

When opting to follow the basic password standards, agencies must ensure that passwords:

  • Have a minimum length of eight (8) characters on all systems.
  • Are not dictionary words or proper names.
  • Are not the same as the Userid.
  • Expire within a maximum of 90 calendar days.
  • Are not identical to the previous ten (10) passwords.
  • Are not transmitted in plain text outside the secure location.
  • Are not displayed when entered.

In June 2019, the CJIS introduced updated password requirements, including a new section called Advanced Password Standards. This section provides an alternative to the Basic Password Standards, mandating that passwords must adhere to either the Basic or Advanced Standards. Combining or selecting options from both lists is not permitted.

What are CJIS Security Policy Section 5.6.2.1.1.2 Advanced Password Standards?

The newly introduced CJIS Security Policy Section 5.6.2.1.1.2 Advanced Password Standards aligns closely with the latest Digital Identity Guidelines from NIST (National Institute of Standards and Technology). Like NIST, these requirements entail increasing the minimum password length to 20 characters without additional complexity requirements. Furthermore, specific types of information (e.g., “What was the name of your first pet?”) are not allowed when selecting a password. Additionally, maintaining a list of “banned passwords” is mandatory, which includes commonly used, expected, or compromised passwords, including those obtained from previous breaches. When changing a password, the prospective password is compared against the banned password list. If a match is found, users must select a different password. For a complete understanding of the Advanced Password Standards, please consult the CJIS Security Policy.

Tham Khảo Thêm:  Privacy

Meet CJIS Password Requirements with Specops Password Policy

Specops Password Policy offers a simple and effective solution for maintaining a list of banned passwords. This solution provides a Breached Password Protection service that seamlessly integrates with Active Directory. Specops Software curates a list of leaked passwords, which is regularly updated to address new breaches. During a password change in Active Directory, the service blocks and notifies users if the selected password is found in the list of leaked passwords. By implementing Specops Password Policy, your organization can ensure compliance with the latest password banning guidelines and keep vulnerable passwords at bay.

If your organization needs to comply with the CJIS standards, it is crucial to have a robust password policy in place. Remember, every law enforcement agency utilizing CJIS undergoes an audit at least once every three years. Failure to adhere to the CJIS Security Policy may result in the loss of access to the CJIS database. Luckily, Specops Password Policy is designed to address all your password requirements, offering a reliable and compliant solution.

For more information on how Specops Password Policy can help you meet the CJIS Security Policy, visit the Eireview website.

Frequently Asked Questions

Q: What are the basic password standards in the CJIS Security Policy?
A: The basic password standards in the CJIS Security Policy require passwords to be a minimum length of eight (8) characters, avoid being dictionary words or proper names, not match the Userid, expire within 90 calendar days, not be identical to the previous ten (10) passwords, not be transmitted in plain text outside the secure location, and not be displayed when entered.

Tham Khảo Thêm:  Connect Your Thinkware Dash Cam via Wi-Fi or Hotspot

Q: What are the Advanced Password Standards in the CJIS Security Policy?
A: The Advanced Password Standards in the CJIS Security Policy align closely with NIST’s Digital Identity Guidelines. They require passwords to have a minimum length of 20 characters without additional complexity requirements and prohibit specific types of information (e.g., “What was the name of your first pet?”) when choosing a password. Additionally, it mandates maintaining a list of banned passwords, including those commonly used, expected, or compromised.

Q: How can Specops Password Policy help meet CJIS password requirements?
A: Specops Password Policy provides a comprehensive solution for maintaining a list of banned passwords. By integrating with Active Directory, it offers a Breached Password Protection service that blocks and notifies users if their chosen password matches a leaked password from a curated list. This ensures compliance with the latest password banning guidelines and enhances password security.

Conclusion

The CJIS Password Policy Requirements are essential for safeguarding Criminal Justice Information and ensuring secure access to critical data. By implementing password standards in alignment with the CJIS Security Policy, organizations can mitigate the risk of unauthorized access and maintain compliance. Tools like Specops Password Policy provide additional support, enabling organizations to enforce password policies effectively and protect sensitive information.

Remember, adhering to the CJIS Password Policy is not just a requirement but a crucial step in securing law enforcement data and maintaining public safety. With increasing cybersecurity threats, it is more important than ever to prioritize strong password practices and implement robust solutions to protect valuable information.