The Criminal Justice Information Services (CJIS) division of the FBI provides relevant data and tools to law enforcement and intelligence organizations. It is located at a high-security facility on 986 acres of land in West Virginia. Criminal justice agencies at local, state, and federal levels — as well as the general public — use CJIS databases and platforms to access and share information related to criminal operations and investigations.

History of CJIS

The predecessor to CJIS was the Identification Division (also called “Ident”). This division was established in 1924 to create a national database for fingerprints that could be searched to match crime scene evidence. As technology advanced and crime became more sophisticated, the FBI needed to cover a broader spectrum of information related to identification and criminal justice. Thus, the CJIS division was established in 1992 as an evolution of the Identification Division. It is currently the largest division of the FBI and home to many programs and ongoing projects that involve biometric data and criminal records.

CJIS programs and departments

CJIS consists of numerous databases, departments, and programs, including but not limited to:

  • National Crime Information Center (NCIC), an nationwide database of records relating to lost/stolen property, missing persons, fugitives, protection orders, identity theft, and similar crime-related incidents, documentation, and behaviors
  • Identity History Summary Checks, a program that provides individuals with background information including criminal history, federal employment, naturalization, and military service
  • Uniform Crime Reporting (UCR), a program that collects data and publishes statistical information on general crime incidents, hate crimes, active duty deaths, and use-of-force incidents 
  • Foreign Biometric Exchange (FBE), a program that collects and shares biometric data with law enforcement agencies internationally
  • Next Generation Identification (NGI), a database of biometric data including finger and palm prints, iris and facial recognition, DNA, etc.
  • National Instant Criminal Background Check System (NICS), a database used to verify a person’s eligibility to purchase firearms

What is CJIS compliance?

Given the large volume and sensitive nature of the data CJIS collects, stores, and uses, security is critical to the integrity of CJIS information. As such, the CJIS Security Policy outlines the standards for handling crime-related data under the FBI’s jurisdiction. (Note: CJIS does not require agencies to use any specific technology product to comply with this policy, but does require documentation that the stipulations of the policy have been met.) The policy is broken down into 13 areas:

  1. Information Exchange Agreements: Requires a written agreement of security compliance between organizations exchanging CJIS information
  2. Security Awareness Training: Requires regular security training for users with authorized access to CJIS
  3. Incident Response: Requires agencies to establish an incident response plan
  4. Auditing and Accountability: Requires logging for login attempts, system changes, file modifications, and similar events related to accessing CJIS data
  5. Access Control: Requires the ability to control who can access CJIS data and the actions authorized users may perform
  6. Identification and Authentication: Requires regular password updates, multi-factor authentication, and similar credential standards
  7. Configuration Management: Requires a limit on who can perform configuration changes or upgrades to an organization’s information systems
  8. Media Protection: Requires protection measures for CJIS data of all kinds at all times
  9. Physical Protection: Requires specific protocols for how physical documents or devices are stored and managed
  10. Systems and Communications Protection and Information Integrity: Requires internal security measures like encryption, endpoint protection, and network firewalls
  11. Formal Audits: Requires organizations to allow the FBI and other agencies to conduct formal audits of systems and policies
  12. Personnel Security: Requires security screening for all authorized users
  13. Mobile Devices: Requires security controls and usage restrictions on authorized users’ mobile devices


Related Links

Kaiti Norton
Kaiti Norton
Kaiti Norton is a Nashville-based Content Writer for TechnologyAdvice, a full-service B2B media company. She is passionate about helping brands build genuine connections with their customers through relatable, research-based content. When she's not writing about technology, she's sharing her musings about fashion, cats, books, and skincare on her blog.

Top Articles

List of Windows Operating System Versions & History [In Order]

The Windows operating system (Windows OS) refers to a family of operating systems developed by Microsoft Corporation. We look at the history of Windows...

How to Create a Website Shortcut on Your Desktop

Website Shortcut on Your Desktop reviewed by Web Webster   This Webopedia guide will show you how to create a website shortcut on your desktop using...

What are the Five Generations of Computers? (1st to 5th)

Reviewed by Web Webster Each generation of computer has brought significant advances in speed and power to computing tasks. Learn about each of the...

Hotmail [Outlook] Email Accounts

Launched in 1996, Hotmail was one of the first public webmail services that could be accessed from any web browser. At its peak in...


SHA-256 is an algorithm used for hash functions and is a vital component...

Document Management System

A document management system is an automated software solution businesses and organizations use...

Conti Ransomware

Conti ransomware first emerged in 2020. It uses a ransomware as a service...