CJIS Security Policy Version 5.8 Released!
The FBI CJIS Division has released the latest CJIS Security Policy which is now version 5.8. Along with some insignificant administrative and language updates, there are several areas that agencies should give special attention. First, is the addition of section 220.127.116.11.1.2 “Advanced Password Standards.” Keep in mind this add on section is an “OR” to section 18.104.22.168.1, which is the existing password policy. Usually, when you see this, it means they’re moving towards this being a “Shall” change in the future. This new password change adds many new requirements, including a “check/balance” type system to ensure your users are meeting the required complexity.
Secondly, they have added new requirements in section 22.214.171.124 for Intrusion Detection Tools and Techniques. The new verbiage is referring to real-time analytical detection of your devices. In short, unlike antivirus or antimalware, local device and server-side intrusion detection, if done right, analyzes ALL the behavior of the equipment and user activity, specifically through executables and logs. Then, the system doing the analytics determines if your device is compromised.
CJIS Solutions in the coming month or two will be announcing a SIEM (Security Information and Event Management) product just for this very purpose. More information will be forthcoming. But for now, know this change is out there and keep tabs on our website for more details.
For the full policy, please Click Here