Cost-Effective Compliance -- Security Today

Cost-Effective Compliance

Full CJIS compliance to be enforced by 2013

By Chris Jensen
Aug 01, 2012

The FBI established the Criminal Justice Information Services (CJIS) division in 1992, and it is now the bureau’s largest division. CJIS provides state, local and federal law enforcement and criminal justice agencies with access to all sorts of centralized information for investigations. Secure records of fingerprint identification, criminal histories and sex offender registrations are just some of the records stored at CJIS. Because this data is so critical for law enforcement, there are mandated enhanced security measures that tightly control access.

As of September 2010, these measures require any organization needing access to CJIS data to have unique IDs and strong passwords in place. Additionally, these organizations must be in full compliance with the rest of CJIS Advanced Authentication requirements by 2013.

There aren’t any shortcuts, but there are fast and cost-effective ways to achieve full CJIS compliance through advanced authentication strategies.

Simply put, advanced authentication means that organizations need security technology that’s more than a simple username and password. Any two-factor authentication solution will do, whether it’s a smartcard, biometrics, a USB token, a soft token or a cellphone-based authentication method. When law enforcement accesses information from a police vehicle or when an agency employee is connecting remotely through a virtual private network, they need a “what-you-have and what-you-know” way to securely connect to the system remotely. Without CJIS compliance, law enforcement agencies could lose access to CJIS systems, thereby losing an effective crime-fighting tool.

For the public sector, protecting access to sensitive data is imperative and also a requirement under the CJIS Advanced Authentication compliance. Two-factor authentication is a key element in a layered approach commonly deployed to mitigate risk and protect against fraud.

KBA

Knowledge-based authentication (KBA) comes in two varieties— lexical or graphical knowledge. Lexical knowledge employs passwords, PINs or answers to a challenge question; graphical knowledge uses a picture or pattern recognition for access. These solutions are very cost-efficient but are also low-assurance, weaker methods of authentication.

With KBA, the responsibility is on public employees to maintain strong passwords, remember answers to questions they made up weeks or months before or recognize patterns in what could be critical situations. Oftentimes, employees write down their password on a note and keep it under their keyboard. This defeats the purpose of this type of security. Frequent calls to the help desk regarding forgotten strong passwords also add to the cost of this “low-cost” solution.

Tokens

Tokens come in a variety of forms that range from high assurance to medium assurance, and their cost can vary just as dramatically. Tokens provide excellent end-point independence but also can be costly and offer a poor user experience because users have to carry another piece of hardware for system access. High-assurance tokens such as X.509 tokens are available, but they may require a middleware reader. High-assurance tokens can be the right solution if the user base adopts them and if the highest assurance is more important than the cost of provisioning, installation and maintenance.

Biometrics

Biometric two-factor authentication typically includes fingerprints, vein structure, facial recognition or retinal scan. There are even behavioral biometrics that use voice and typing rhythm recognition. True biometric authentication can be high assurance but comes with a price tag to match. Behavioral biometrics are promising but are still in the more experimental phase, and industry analysts warn that they are not yet proven. They offer medium to high assurance but need specialized capture devices to work correctly.

Phone-based Authentication

Phone-based authentication is an emerging technology that is fast becoming a favorite option for banks, enterprises and globally distributed online services. A number of vendors offering phone-based authentication solutions have emerged in the past few years.

These solutions provide medium- to high-assurance authentication and are low-cost options because users are already provisioned with a phone. Instead of carrying a token, users receive onetime PIN codes to their phone via SMS or voice call. Typically, the only cost associated with phone-based authentication is a per-transaction fee or a per-user fee to cover the cost of placing the call.

For those who lose their phone, many of these authentication schemes can centrally manage the device to find it or easily replace their authentication credentials for a new phone.

Choosing the Right Solution

For fast and cost-effective CJIS compliance, organizations need five things:

a good authentication solution;
risk-appropriate strength;
low total cost of ownership;
good user experience; and
end-point independence. When choosing the type of authentication, remember:
All solutions are not created equal. What two-factor authentication solution is the right one for your workforce?
Which solution is best used in the field, and what implementation challenges exist?
What might change on your network in the next few years, and can your authentication solution scale for security, ease of use and functionality as your company grows?

Balance of Security and Ease of Use

As more employees in your organization interact with CJIS data, the importance of choosing an efficient authentication solution increases. Phone authentication lets users take advantage of a technology that is already part of their everyday life: the cellphone.

With no extra devices to carry, phone authentication is quick and seamless. Consider the effort it takes to install and maintain a token-based solution. Phone authentication can often help organizations keep costs low and security compliance high because it is easy to deploy and maintain.

This article originally appeared in the August 2012 issue of Security Today.

i-PRO Certified as a 2025 Great Place to Work Around the World
11/20/2025
Allied Universal Named to Forbes List of America’s Best Companies
11/19/2025
Motorola Solutions Acquires Blue Eye
11/19/2025
SIA Names Jonathan Aguila as 2025 Insightful Practitioner Award Honoree
11/13/2025
Allied Universal Receives Top 50 Learning and Development Team Award
11/13/2025
PSA Network Joins the Foundation for Advancing Security Talent (FAST) as an Exclusive Member
11/12/2025
IPTECHVIEW Launches AI Orchestrator Cloud Video Management Platform
11/12/2025
barox Appoints Industry Veteran Reinhard Florin as Vice President of North America Sales
11/06/2025

Featured

From Surveillance to Intelligence

Years ago, it would have been significantly more expensive to run an analytic like that — requiring a custom-built solution with burdensome infrastructure demands — but modern edge devices have made it accessible to everyone. It also saves time, which is a critical factor if a missing child is involved. Video compression technology has played a critical role as well. Over the years, significant advancements have been made in video coding standards — including H.263, MPEG formats, and H.264—alongside compression optimization technologies developed by IP video manufacturers to improve efficiency without sacrificing quality. The open-source AV1 codec developed by the Alliance for Open Media—a consortium including Google, Netflix, Microsoft, Amazon and others — is already the preferred decoder for cloud-based applications, and is quickly becoming the standard for video compression of all types. Read Now
Cost: Reactive vs. Proactive Security

Security breaches often happen despite the availability of tools to prevent them. To combat this problem, the industry is shifting from reactive correction to proactive protection. This article will examine why so many security leaders have realized they must “lead before the breach” – not after. Read Now
- Facility Security
Achieving Clear Audio

In today’s ever-changing world of security and risk management, effective communication via an intercom and door entry communication system is a critical communication tool to keep a facility’s staff, visitors and vendors safe. Read Now
- Facility Security
Beyond Apps: Access Control for Today’s Residents

The modern resident lives in an app-saturated world. From banking to grocery delivery, fitness tracking to ridesharing, nearly every service demands another download. But when it comes to accessing the place you live, most people do not want to clutter their phone with yet another app, especially if its only purpose is to open a door. Read Now
- Access Control
Survey: 48 Percent of Worshippers Feel Less Safe Attending In-Person Services

Almost half (48%) of those who attend religious services say they feel less safe attending in-person due to rising acts of violence at places of worship. In fact, 39% report these safety concerns have led them to change how often they attend in-person services, according to new research from Verkada conducted online by The Harris Poll among 1,123 U.S. adults who attend a religious service or event at least once a month. Read Now
- Facility Security

Security Today eNews

Sign up today for essential industry news and product information that can help you stay afloat in the fast-paced world of security.

Email Address*Country*

Please type the letters/numbers you see above.

Webinars

Whitepapers

New Products

A8V MIND

Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.
ResponderLink

Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.
AC Nio

Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.