Checklist for CJIS-Compliant Access Management

This document is a checklist that outlines ten essential steps for achieving compliance with the FBI’s Criminal Justice Information Services (CJIS) 6.0 Security Policy. The policy introduces stricter requirements for access control, multifactor authentication, continuous monitoring, and oversight of third-party access. The checklist begins with enabling multifactor authentication for all users, emphasizing the importance of implementing at least two authentication factors for accessing criminal justice data. It continues by detailing the need to secure shared devices, limit user privileges according to the least-privilege principle, and control third-party access through policy-based measures. Additionally, it stresses the necessity of logging every access event, monitoring for anomalous behavior, and unifying authentication across devices and applications. Training users on policy changes and planning for a phased rollout of these measures are also highlighted as critical steps. The checklist aims to assist agencies in meeting CJIS 6.0 compliance effectively.