GovRAMP Adopts CJIS-Aligned Overlay, Setting New Benchmark for Criminal Justice Cloud Security Standards

INDIANAPOLIS, IN – (January 13, 2025) – GovRAMP, the leading authority in cloud security standards for state and local governments, is proud to announce the official adoption of the GovRAMP CJIS-Aligned Overlay. This new overlay is the culmination of months of rigorous collaboration between GovRAMP's members, key state and local government stakeholders, industry leaders, and advisors from the Federal Bureau of Investigation’s Criminal Justice Information Services Division (FBI CJIS). It marks a critical advancement in harmonizing cloud security standards tailored to meet the specific needs of criminal justice agencies. 

Developed in coordination with CJIS advisors and driven by valuable member feedback, the GovRAMP CJIS-Aligned Overlay is designed to provide a unified solution for aligning the CJIS Policy 5.9.5 requirements with the GovRAMP Moderate Impact Level baseline controls. With this overlay, state and local agencies, along with their providers, gain clear, actionable guidance on a product’s likelihood of CJIS conformance—a major step in aiding government decision-makers in evaluating cloud-based solutions for the criminal justice community.

Key Highlights of the CJIS-Aligned Overlay: 

• Incorporates 15 new controls unique to CJIS Policy 5.9.5 and not previously included in GovRAMP's Moderate Impact Level baseline requirements. 

• Adds 59 control parameters for standards where CJIS Policy 5.9.5 is more prescriptive or restrictive, ensuring stronger alignment with CJIS requirements. 
• Modifies 76 control parameters to meet or exceed CJIS’s defined security specifications, enhancing the robustness of GovRAMP's baseline controls.
   

This overlay provides essential directional guidance on a product’s CJIS conformance, ultimately empowering agencies to make informed, secure cloud procurement decisions. The GovRAMP CJIS-Aligned Overlay will officially launch in January 2025 and align with CJIS Security Policy v5.9.5. Further updates are anticipated as CJIS releases new versions, including CJIS Policy 6.0, which is expected to encompass additional GovRAMP controls. 

“The GovRAMP CJIS-Aligned Overlay underscores our commitment to framework harmonization,” said Leah McGrath, Executive Director of GovRAMP. “This milestone is a testament to the dedication of our members and the invaluable guidance of our CJIS advisors, who have worked tirelessly to ensure that the overlay meets the highest standards of cloud security for criminal justice agencies.” 

In addition to advancing security standards, the CJIS-Aligned Task Force is actively engaging with auditors and consultants to support the overlay’s implementation, providing essential resources for existing and new cloud-based products seeking GovRAMP Authorization. The task force is also collaborating with public and private sector leaders to champion best practices and facilitate broad adoption of the CJIS-Aligned Overlay. 

For more information on the GovRAMP CJIS-Aligned Overlay and to explore how it supports robust, CJIS-aligned cloud security solutions, visit govramp.org.

About GovRAMP

GovRAMP is the leading authority on cloud security standards for state and local governments, providing a standardized approach to assessing and authorizing cloud services. GovRAMP empowers government agencies and their vendors to navigate the complexities of cloud security with confidence. Learn more at govramp.org.