CJIS | Blue Voice Inc

BlueVoice CJIS Compliance Program

BlueVoice is dedicated to helping officers make safer, faster decisions. As a result, BlueVoice supports law enforcement with technology that meets Criminal Justice Information Services (CJIS) Security Policy requirements established by the FBI's CJIS Advisory Policy Board. Founded by top engineers from Google and Harvard, BlueVoice is committed to implementing industry-leading protocols.

BlueVoice operates within a shared responsibility framework with our clients to ensure proper protection of sensitive information. We understand that protecting criminal justice data requires a collaborative approach. As a trusted agency partner of departments nationwide, BlueVoice complies and exceeds the CJIS policy guidelines that outline how agencies and their technology partners safeguard sensitive information from creation and storage to transmission and eventual disposal.

BlueVoice works hand-in-hand with agencies to create a security ecosystem where responsibilities are clearly defined. While we provide a secure technology infrastructure, our client agencies maintain control over their data management practices, user access, and operational security procedures.

Our Commitment

BlueVoice values our continued partnership with customers to enable them to achieve compliance with Criminal Justice Information Services (CJIS) Security Policy. We approach compliance as a shared responsibility, working closely with our customers to meet their specific security needs.

Please reach out to our team with any questions about our CJIS Compliance Program or view our security controls in place at security.bluevoice.io.

Our CJIS Compliance Framework

BlueVoice has implemented a comprehensive CJIS compliance framework built on the following pillars:

Multi-Factor Authentication (MFA)

BlueVoice’s Authentication and Advanced Authentication standards match CJIS Security Policy (v6.0). Our approach enables agencies to have full control over MFA enforcement to match their operational needs.

All super-administrator user accounts are required to use Multi-Factor Authentication (MFA) or Single Sign-On (SSO) with MFA enforcement.
Departments have control of MFA settings and may request to enable additional authentication protection on each individual account.
Department administrators are empowered to mandate MFA for all department users based on local security policies and risk assessments.
BlueVoice does not store, transmit, or process Criminal Justice Information (CJI); accordingly, BlueVoice's CJIS compliance is designed to align with CJIS best practices for authentication security.
Federal guidelines define CJI as
- Biometric data (e.g. fingerprints, iris scans, facial recognition data)
- Identity history: textual data that corresponds with an individual's biometric data, providing a history of criminal and/or civil events for the identified individual
- Biographic data: information about individuals associated with a unique case and not necessarily connected to identity data
- Property data: information about vehicles and properties associated with crime when accompanied by any personally identifiable information (PII)
- Case/Incident history: information about the history of criminal and/or civil events
BlueVoice continuously supports security upgrades, including optional SSO integrations, to meet agency-specific authentication and access control requirements.

Personnel Security for Sensitive Data Access

BlueVoice has strict personnel security requirements that ensures that only properly vetted personnel can access sensitive information.

All employees who access, process, or maintain sensitive data are fingerprinted U.S. citizens who have undergone thorough background checks.
Personnel screening procedures comply with all applicable CJIS Security Policy requirements for individuals with access to sensitive systems.
Periodic revalidation of personnel clearances occurs in accordance with policy requirements.
BlueVoice maintains strict access control protocols limiting data exposure based on job responsibilities and need-to-know principles. Regular reviews of responsibilities and data access take place.
Comprehensive security training reinforces the importance of personnel security in maintaining CJIS compliance.

FIPS Compliance and Encryption Standards

All sensitive department data is encrypted according to federal standards:

All applicable endpoints utilized for sensitive data processing are FIPS 140-2 compliant, meeting federal standards for cryptographic modules.
End-to-end encryption is implemented for all data in transit and at rest according to CJIS specifications.
Regular security assessments and penetration testing verify the integrity of encryption implementations.
Technical safeguards include FIPS-validated cryptographic modules for all applicable data processing operations.
BlueVoice maintains continuous security monitoring and immediate response protocols for potential encryption vulnerabilities.

CJIS Security Awareness Training

BlueVoice has CJIS training requirements for all employees; security awareness is embedded in our organizational culture.

All employees who handle sensitive data complete comprehensive CJIS Security Awareness Training.
Training materials cover all aspects of CJIS Security Policy relevant to BlueVoice operations and services.
Role-specific advanced training is provided for technical, administrative, and management personnel.
Regular refresher courses ensure continued awareness of policy updates and emerging security threats.
BlueVoice maintains detailed training records to demonstrate ongoing compliance with CJIS requirements.

Security Agreements and Non-Disclosure

BlueVoice supports and aligns with the CJIS Security Policy (v6.0) confidentiality requirements. This approach ensures the confidentiality of all sensitive information is protected according to federal standards.

All BlueVoice personnel who work on systems connected to CJIS complete and sign the required Individual Agreement of Non-Disclosure (AOND).
All personnel have executed the FBI CJIS Security Addendum prior to accessing any systems or data connected to CJIS networks.
Documentation of all executed agreements is maintained and available for audit or inspection by authorized agencies.
Our security agreement procedures are reviewed annually to ensure continued compliance with evolving requirements.

Maintenance and System Viability

BlueVoice performs continual maintenance to confirm all BlueVoice systems remain secure and fully operational over time.

A comprehensive maintenance approach is implemented to ensure uninterrupted functionality and security of all systems connected to CJIS networks.
Regular software updates and security patches are deployed according to a documented schedule to address vulnerabilities.
Hardware components are monitored and maintained according to manufacturer recommendations to prevent service disruptions.
BlueVoice employs a dedicated technical team responsible for ensuring ongoing system reliability and performance.
Maintenance activities are scheduled during pre-approved windows to minimize operational impact for criminal justice agencies.
Comprehensive documentation is maintained for all system modifications and maintenance activities.

Annual Reporting and Ongoing Compliance

BlueVoice completes ongoing compliance verification, ensuring transparent verification of continued compliance.

A comprehensive annual reporting process ensures continuous compliance with all CJIS requirements.
Detailed records of all personnel with access to CJIS-connected systems are maintained and regularly updated.
Any system modifications or functionality changes are documented and submitted for review prior to implementation.
BlueVoice maintains current contact information for all key personnel responsible for CJIS compliance.
We actively monitor and adapt to CJIS system changes and policy updates to ensure continued alignment.