The latest Criminal Justice Information Services (CJIS) Security Policy, which took effect on October 1, 2024,  requires any system or application that generates or stores U.S. criminal justice information (CJI) to implement multi-factor authentication (MFA). The mandate aims at ensuring only authorized individuals access arrest records, digital evidence, and other sensitive CJI data.  

This recent change has police agencies trying to navigate their options to achieve compliance. Small agencies face funding limits and lack specialized expertise, while larger agencies often find it challenging to determine what needs to be done and when. The right path to meet MFA requirements for CJIS compliance will depend on agencies’ unique needs in the field and the office, as well as the existing devices and systems used by police officials.

In order to access the rest of the article sign in with your IACP or Subscriber credentials.