IWCE is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Simplify CJIS Security Compliance with a Zero Trust Framework

Simon Hill  (VP - head of legal and compliance , Certes Networks)

Pass Type: All Access

Track: Cybersecurity, Policy and Governance

Format: Power Session

Vault Recording: TBD

Criminal justice Information (CJIS) system compliance has become more challenging than ever before as agencies migrate to cloud environments. By applying Zero Trust Architecture principles such as policy definition, micro segmentation and observability, government organizations can meet several data assurance requirements of the CJIS Security Policy.

Attendees will learn:

* CJIS - back to basics - top reasons for audit failures
* Overview of requirements for encryption of data
* Real world examples of cyber-attacks, with discussion on mitigation strategies to avoid these attacks
* Zero trust – what does it mean and how did it evolve

Attendee Take-aways:

* What are the common hurdles to meet the requirements to secure criminal justice information in transit
* Secure CJI data in transit with FIPS 140–2 certified encryption
* Create policies to drop unencrypted, unauthorized or other undesired traffic
* Overcomes security concerns with deploying VoIP
* Protect CJI when migrating to a cloud environment
* Demonstrate compliance during audits by means of automated reports to show traffic flows have complied with policy requirements
* Meet information integrity requirements by mitigating the risk of malicious behavior and ransomware
* The importance of decoupling security from the underlying network in accordance with NIST's Zero Trust Architecture recommendations