Keeping criminal justice information secure with advanced authentication

According to the FBI’s 2020 Internet Crime Report, the Internet Crime Complaint Center received 791,790 cybercrime complaints in 2020, with reported losses exceeding US$4.1 billion, a stunning 69% year-over-year increase. While the loss or theft of business information can be detrimental, just imagine the impact of compromised law enforcement or justice information.

Every day local, state, and federal law enforcement agencies access Criminal Justice Information Services (CJIS) databases to perform background checks, identify criminals, and track illegal activity. Established in 1992, CJIS is a division of the FBI that encompasses the Integrated Automated Fingerprint Identification System (IAFIS), the National Instant Criminal Background Check System (NICS), and National Crime Information Center (NCIC).

A lot has changed since 1992, including mass internet adoption along with the associated proliferation of mobile, cloud, and IoT technologies. All this digitization has also intensified the threat landscape. Since 2017, cyberattacks on state and local governments rose by 50%, with ransomware demands increasing to up to nearly a half million dollars. Additionally, multiple U.S. federal agencies, including the Departments of Justice, State, Energy, Commerce, and the U.S. Treasury were impacted by the SolarWinds breach.

To keep sensitive law enforcement and justice information secure, CJIS has a well-established security policy with control requirements in 13 areas for organizations, cloud vendors, local agencies, and corporate networks. Entrust can help criminal and justice agencies comply with CJIS across multiple policy areas including the Advanced Authentication requirement in Policy Area 6.

Entrust’s cloud-based Identity as a Service (IDaaS) solution provides easy-to-use multi-factor authentication (MFA) with support for an unrivaled number of authenticators including biometrics, digital certificates, OTP tokens, and mobile smart credentials. As well, IDaaS provides adaptive risk-based authentication delivering an added level of security when conditions warrant, like an officer logging in for the first time from a new device, or from an abnormal geolocation. Here are two typical use cases:

  • Law Enforcement – Many field officers operate out of their squad car and need to regularly access CJIS databases to verify citizen identities and their credentials like a driver’s license or passport. When they need to access CJIS, the Entrust IDaaS solution applies MFA when the officer logs into their VPN with their mobile data terminal (MDT), satisfying the CJIS requirement.
  • Justice Department – While visiting a correctional facility, a state prosecutor needs to access CJIS information from a secure terminal. Thanks to IDaaS’ adaptive risk-based authentication, when the prosecutor uses the terminal to access CJIS data, he/she is prompted for a second factor of authentication. Plus, IDaaS captures the device information and maintains a comprehensive audit trail.

Download our workforce IAM brochure to learn more about how Entrust Identity can enable secure and compliant access to criminal justice information for local, state, and federal agencies.

 

The post Keeping criminal justice information secure with advanced authentication appeared first on Entrust Blog.

Certificate Authority Digital Certificates Entrust