Close

New Workspace Modernization Research from CDW

See how IT leaders are tackling workspace modernization opportunities and challenges.

Click Here to Read the Report
Nov 21 2025
Security

Criminal Justice Information: Leveling Up Your Protection Against Cyberattacks

Securing and protecting CJI is critical to maintaining trust in the criminal justice system.
Kevin E. Greene
by

Kevin E. Greene is chief security strategist for public sector at BeyondTrust.

Threat actors are using ransomware and sophisticated cyber campaigns as the primary attack vectors for accessing criminal justice information (CJI) and systems.

Accessing this mission-critical data lets threat actors disrupt agency capabilities, threatening confidentiality, data integrity, availability of law enforcement systems and those involved in legal cases.

The Office of the Attorney General of Virginia was targeted with a sophisticated ransomware attack that shut down email, file sharing and VPN access systems in February. This was followed by two separate cyberattacks in August: a ransomware attack aimed at extorting the Pennsylvania Office of the Attorney General by encrypting files and disabling network access, and a sophisticated attack on the U.S. Courts case management system, which compromised sensitive data and the identities of informants.

Click the banner below to manage the security risks of machine identities.

x_security_q325_animated_click_desktop_02 x_security_q325_animated_click_mobile_02

 

Criminal Justice Information and Why It Matters

Technology is becoming a huge enabler for the utilization of CJI and is an essential resource in the modern justice system. CJI refers to the data used by law enforcement agencies and is not limited to textual data. It also includes visual and audio information, such as crime scene photographs, surveillance videos and recorded interviews that are used to safeguard society and administer justice fairly.

CJI data spans several categories, to include the following:

Investigative and Case-Related Data

  • Criminal history record information: Data regarding arrest history, dispositions, convictions and sentencing
  • Incident and case history: Comprehensive reporting on criminal incidents, evidence logs and statements from witnesses
  • Biometric and personal data: Face recognition, fingerprints, DNA samples and evidence
  • Property data: Information relating to property linked to crime, such as personally identifiable information, firearms and stolen vehicles

 Legal and Court-Related Data

  • Discovery materials: Evidence and documents shared with defense teams that may include information and items from the previous category
  • Grand jury records: Highly confidential information presented to a grand jury that may include transcripts, evidence and other materials
  • Pleadings and motions: Summaries or condensed information processed in legal documents

Click the banner below for the latest federal IT and cybersecurity insights.

ft_newsletter_animated_q125_signup_desktop ft_newsletter_animated_q125_signup_mobile

 

Criminal Justice Information System

  • Case management systems: Databases or data warehouses used for tracking all aspects of a legal case
  • Cloud services: Cloud services used to support criminal justice activities
  • Email and file-sharing services: Systems used to communicate, transmit and store sensitive information to support criminal justice activities

Securing and protecting CJI is critical to maintaining trust in the criminal justice system and ensuring safety for persons of interest. Exposed CJI data could compromise investigations, affect the chain of custody, and erode confidence in law enforcement and the judicial system.

CJIS Compliance: Overview and Requirements

The FBI established a policy for securing and protecting CJI called the CJIS Security Policy, which defines the minimum set of security requirements for agencies who store, transmit and process CJI information. At the core of the CJIS security policy is the National Institute of Standards and Technology’s Special Publication 800-53 security control catalog, used to provide protection mechanisms for CJI data. The CJIS Security Policy categorizes these security controls as follows:

P1: This defines the most critical security controls that should be implemented, and noncompliance will result in penalties such as revocation of access to CJIS systems. These security controls should be implemented without delay to address the most urgent security risks.

P2, P3 and P4: The FBI encourages agencies to implement the remaining security controls in phases, referred to as “zero cycle,” which means noncompliance is noted but not sanctioned. The phased implementation should serve as a roadmap to onboarding additional security controls to reach full implementation and compliance.

UP NEXT: Inherited controls simplify cyber compliance.

The CJIS Security Policy is organized into 20 policy areas, each outlining specific security requirements as shown in figure 1.

Codifying these security controls into operational workflows, zero-trust strategy and architecture and cloud modernization efforts are essential for safeguarding and protecting CJI data. While these security controls satisfy a minimal set of security requirements, agencies must ensure commensurate protection mechanisms are in place to enforce least privilege and just-in-time access and remove standing privileges to prevent privileged identity-related attacks.

The cyberattacks mentioned earlier were all the result of identity management weaknesses, allowing threat actors to compromise user accounts and elevate privileges to gain unauthorized access to sensitive CJI data. Protecting CJI data requires successful implementation of the CJIS Security Policy and leveling up protection with strong identity security practices to disrupt cyberattacks targeting mission-critical data.

witsarut sakorn/Getty Images

More On

Related Articles