Simplifying CJIS Conformance: Introducing the GovRAMP CJIS-Aligned Overlay

For service providers and third-party assessment organizations (3PAOs) supporting state and local governments, meeting Criminal Justice Information Services (CJIS) security requirements is essential but often complex. To address this challenge, GovRAMP is proud to introduce the CJIS-Aligned Overlay, an innovative approach designed to simplify CJIS conformance. Developed in coordination with CJIS advisors and experts, and guided by feedback from our members, this overlay provides clear, actionable steps to align CJIS Policy 5.9.5 with the GovRAMP Moderate Impact Level baseline controls.

What is the CJIS-Aligned Overlay?

The CJIS-Aligned Overlay is a set of enhanced security controls tailored to help service providers achieve and 3PAOs validate conformance with CJIS Policy 5.9.5 requirements. By integrating these overlay controls into the GovRAMP framework, service providers can ensure their cloud-based solutions meet the specific needs of criminal justice agencies. 

Key Highlights of the CJIS-Aligned Overlay: 

• 15 New Controls: Introduced to address CJIS-specific requirements not previously included in GovRAMP's Moderate Impact Level baseline. 

• 59 Control Parameters Added: Reflecting areas where CJIS Policy 5.9.5 is more prescriptive or restrictive, these additions strengthen alignment with CJIS standards. 

• 76 Control Parameters Modified: Adjustments ensure that baseline controls meet or exceed GovRAMP's and CJIS’s rigorous security specifications. 

How the Overlay Simplifies CJIS Conformance 

The overlay provides essential guidance for service providers by: 

• Streamlining the Assessment Process: The overlay consolidates CJIS requirements with GovRAMP's existing framework, reducing redundancy and confusion. 

• Providing Clear Direction: Each control is mapped to CJIS Policy 5.9.5, offering straightforward guidance on how to implement and assess compliance. 
• Facilitating Informed Decision-Making: By clarifying a product’s CJIS conformance, the overlay empowers agencies to evaluate cloud solutions confidently. 

Steps to Integrate the CJIS-Aligned Overlay

1. Review the Overlay Documentation: Familiarize yourself with the new, added, and modified controls. The overlay aligns with CJIS Policy 5.9.5, with further updates expected for CJIS Policy 6.0.
2. Map Overlay Controls to Your Existing Framework: Use the overlay’s guidance to identify gaps and update your security framework accordingly.
3. Conduct an Internal Readiness Assessment: Evaluate your current security posture against the overlay’s controls to identify areas for improvement.
4. Engage a 3PAO for Validation: Work with an authorized 3PAO to assess your product’s alignment and obtain GovRAMP authorization. This is easily achieved during an initial assessment or an annual assessment. For those interested in updating their authorization mid-cycle, please reach out to the GovRAMP PMO at pmo@stateramp.org.

Why It Matters 

For criminal justice agencies ensuring that cloud-based solutions meet CJIS standards is critical to protecting sensitive data. The CJIS-Aligned Overlay streamlines the path to conformance, enabling service providers to deliver secure, compliant solutions while reducing the burden on government decision-makers. 

Real-World Example: Imagine a state police department is evaluating a cloud-based case management system to store and manage sensitive criminal justice data. Using the GovRAMP CJIS-Aligned Overlay, the department can assess the provider’s compliance with CJIS standards, identify areas requiring additional security measures, and make a confident, informed procurement decision. This streamlined approach saves time, reduces risk, and ensures the selected solution aligns with both CJIS and GovRAMP requirements. 

In short, the overlay bridges the gap between GovRAMP's and FedRAMP’s robust security framework and CJIS’s stringent policies, offering a unified solution for the criminal justice community. 

Driving CJIS-Conformant Cloud Solutions Forward 

The GovRAMP CJIS-Aligned Overlay represents a significant advancement in harmonizing cloud security standards for criminal justice agencies. By simplifying CJIS conformance, the overlay strengthens security and fosters greater trust and collaboration between service providers and government agencies. Ready to take the next step? Visit the GovRAMP CJIS-Aligned Task Force website to learn more about the overlay and begin your journey toward CJIS conformance.  

Explore the CJIS-Aligned Overlay today and join us in advancing secure cloud solutions for criminal justice. Learn more.