Meet CJIS Security Policy Requirements with Confidence
Use the CJIS Security Policy Standard in CMGRC to follow the FBI’s requirements for protecting Criminal Justice Information (CJI). This standard helps organizations check their security safeguards, prepare for audits, and stay compliant over time.
Download Datasheet
What Is the CJIS Security Policy?
The Criminal Justice Information Services (CJIS) Security Policy, published by the FBI, establishes the minimum security controls required for any organization that creates, stores, processes, or transmits Criminal Justice Information.
This includes:
- Federal, state, and local law enforcement agencies
- Court systems and justice departments
- Prosecutors’ offices
- Third-party vendors, contractors, and service providers who handle CJI
The 6.0 revision incorporates updated requirements aligned with NIST SP 800-53 Rev. 5, strengthening expectations around technical safeguards, incident response, auditing, encryption, personnel screening, and physical security.
Who Should Use the CJIS Standard in Compliance Manager GRC?
This release is designed for:
- MSPs offering cybersecurity and compliance services to law enforcement or justice-sector customers
- IT and Security leaders within agencies who need a structured way to manage ongoing CJIS obligations
- Auditors and internal assessors responsible for verifying regulatory compliance
- Third-party vendors who must demonstrate CJIS readiness as part of their contracts
Whether you’re delivering managed compliance services or assessing your own environment, the new CJIS standard provides a complete, guided workflow for understanding and implementing the policy’s requirements.
Streamlined CJIS Assessments with Compliance Manager GRC
The new CJIS Security Policy standard in Compliance Manager GRC provides all the tools needed to perform readiness and ongoing compliance assessments. With it, you can:
- Select the CJIS Standard directly from the Standards & Controls interface to begin an assessment
- Perform Rapid Baseline Assessments to quickly identify compliance gaps
- Evaluate CJIS requirements through the lens of NIST 800-53 Rev. 5 controls
- Generate Policies and Procedures aligned with CJIS expectations
- Produce Common Controls Operational Procedures for agency or vendor use
- Create and manage Plans of Action & Milestones (POA&M) to track remediation
- Generate Auditor-Ready Reports, including:
- CJIS Assessor Checklist (.xlsx)
- CJIS Security Policy Assessment Report (.docx)
From there, Risk Manager helps you prioritize and track CJIS-related risks across sites and clients, while Compliance Monitor supports continuous monitoring of endpoint configurations against baseline security expectations.
The result is a consistent, repeatable assessment process that reduces time, eliminates spreadsheet chaos, and ensures documentation is always ready for validation.
Why This Matters
Law enforcement agencies and justice organizations operate under intense scrutiny and face strict regulatory enforcement. Meanwhile, MSPs supporting these entities must be able to prove that their tools, processes, and controls align with CJIS requirements.
The new CJIS standard in Compliance Manager GRC enables users to:
- Deliver a repeatable CJIS assessment process
- Centralize all evidence, tasks, and reports
- Reduce the cost and effort of meeting regulatory obligations
- Increase transparency and security maturity across covered entities
- Strengthen trust with contracting agencies and oversight bodies
For MSPs in particular, CJIS support opens the door to deeper relationships with public-sector clients—allowing you to deliver managed compliance services with confidence.
Powerful Tools for Continuous CJIS Compliance
Within Compliance Manager GRC, two core features help you operationalize CJIS on an ongoing basis:
- Compliance Monitor — Continuously assess endpoint configuration and benchmark alignment to support CJIS-related technical controls, giving you real-time visibility into device readiness.
- Risk Manager — Aggregate findings from assessments and POA&Ms into a single risk dashboard, allowing you to score, prioritize, and report on CJIS risks with heat maps and summary reports.
As with other standards in Compliance Manager GRC, CJIS assessments can be further enhanced through integrations across the Kaseya IT Complete platform:
- VulScan – Identify vulnerabilities and generate technical evidence for CJIS controls
- BullPhish ID — Support user security awareness training requirements
- IT Glue — Link configuration data and asset records directly to CJIS evidence items
Together, these tools provide a comprehensive ecosystem for documenting, validating, and improving CJIS compliance.
Start Using CJIS Security Policy Today
CJIS Security Policy support is now available in Compliance Manager GRC.
Visit our Features page to learn more or contact us to schedule a demo. Whether you’re preparing an agency for an audit, helping a contractor meet its regulatory obligations, or expanding your MSP’s managed compliance offerings, Compliance Manager GRC—backed by Compliance Monitor and Risk Manager—makes CJIS compliance clear, efficient, and sustainable.
Request a Demo today and discover the advantages of Compliance Manager GRC — the purpose-built compliance process management platform for multifunctional IT professionals.
Overcome the Biggest IT Challenges and Responsibilities
- Reduce Risk
- Reduce Complexity
- Save Money
