CJIS COMPLIANCE AUTHENTICATION SYSTEM

Making it easier for law enforcement to be compliant while on duty.

ADVANCED CJIS AUTHENTICATION

Active MFA for modern CJIS compliance.

Accessing CJIS databases requires strict adherence to Criminal Justice Information Services (CJIS) standards, such as activity monitoring and securing inactive workstations. Automate session lockouts, dynamic password settings, and password lengths.

Police-grade MFA made automatic, easy, and secure for critical data protection. GateKeeper password manager and access control system is a practical, cost-effective solution for compliance needs.

Meet strict password and PIN requirements of CJIS

MFA that doesn't slow you down but makes you faster

Does not require physical contact with computer

No data on the token, so don't worry if you misplace it

Automatic activity logging for painless audits

correctionalnews_logo_gatekeeper_wireless_proximity_authentication

"Halberd is a Bluetooth proximity–based, access-control device that permits the user to their computer and have it automatically lock as they depart. Upon their return, Halberd restores the screen — all with no pins and passwords. The device saves computer security from breach as soon as a user leaves the immediate area as well as saves any lost work time logging on and off computers. Personal security is also greatly enhanced by the automatic lock and unlock capability based on proximity. Industries such as medicine, law, security, transportation and logistics will get a competitive advantage, as their competitors waste time, manpower and put themselves at potential of serious and costly data breach."

Correctional News

GateKeeper Enterprise Video

LESS TIME
AUDIT LOGGING

Minimize time spent collecting audit logs - GateKeeper automates this for every user and PC.

GateKeeper Enterprise Video

PROACTIVE CJIS
COMPLIANCE

Auto-lock unattended PCs - complying with CJIS Advanced Authentication Section 5.6.2.2.

GateKeeper Enterprise Video

SIMPLIFY SHARED CREDENTIALS

Easily set access to multiple computers, simplifying the complex tasks of managing multiple credentials.

reporting-icon

REAL-TIME LOCATION & REPORTING

Valuable time and motion data. Know exactly who accessed each computer in real time.

Automation of policy and password. Let GateKeeper police passwords.

GateKeeper Enterprise CJIS Compliance Summary

Prevent unauthorized users from gaining access to data and systems they are not privy to. Comply with multiple policy areas of CJIS automatically or with ease.

SectionKey ActivityPerformance CriteriaGateKeeper Solution
5.5.1Account ManagementAccount Management includes the identification of account types (i.e., individual, group, and system), establishment of conditions for group memberships, and assignment of associated authorizations. The agency shall identify authorized users of the information system and specify access rights/privileges.
The agency responsible for account creation shall be notified when:
(1) A user's information, system usage or need-to-know or need-to-share changes.
(2) A user is terminated or transferred or associated accounts are removed, disabled, or otherwise secured.
GateKeeper Hub allows administrators to tie individual accounts to users and group accounts to computers to distinguish between them. Accounts with different privileges can be allowed/restricted access to different computers. The logs maintained in the Hub application record all the changes made to a user's account and permission roles.
5.5.2Access EnforcementThe information system shall enforce assigned authorizations for controlling access to the system and contained information. The information system controls shall restrict access to privileged functions (deployed in hardware, software, and firmware) and security-relevant information to explicitly authorized personnel. Explicitly Authorized Personnel include, for example, security administrators, system and network administrators, and other privileged usurers with access to system control, monitoring, or administration functions.
Access control policies (e.g., identity-based policies, role-based policies, rule-based policies) and associated access enforcement mechanisms (e.g., access control lists, access control matrices, cryptography) shall be employed by agencies to control access between users in the information system.
The administrator can create access control policies on GateKeeper Hub to only allow authorized personnel to access computers with sensitive information using their GateKeeper token. Adding, updating, and deleting these policies can only be done by users with administrative privileges to the GateKeeper Hub application.
5.5.5Session LockThe information system shall prevent further access to the system by initiating a session lock after a maximum of 30 minutes of inactivity, and the session lock remains in effect until the user reestablishes access using appropriate identification and authentication procedures. Users shall directly initiate session lock mechanisms to prevent inadvertent viewing when a device is unattended.GateKeeper desktop application triggers lock/unlock events on the computer based on the user's proximity. As soon as the user walks away, the computer locks to prevent inadvertent data exposure on unattended terminals.
5.6.1Identification Policy and ProceduresEach person who is authorized to store, process, and/or transmit CJI shall be uniquely identified. A unique identification shall also be required for all persons who administer and maintain the system(s) that access CJI or networks leveraged for CJI transit. The unique identification can take the form of a full name, badge number, serial number, or other unique alphanumeric identifier. Agencies shall require users to identify themselves uniquely before the user is allowed to perform any actions on the system. Agencies shall ensure that all user IDs belong to currently authorized users. Identification data shall be kept current by adding new users and disabling add/or deleting former users.The administrator. Each user on the network needs to have a user account associated with their full name and token's serial number. Even in a shared credential environment, users can be uniquely identified along with the session count and time on each computer.
5.6.2.1.2Personal Identification Number (PIN)When agencies utilize a PIN in conjunction with a token for the purpose of advanced authentication, agencies shall follow the PIN attributes described below.
1. Be a minimum of six (6) digits.
2. Have no repeating digits (i.e. 112233).
3. Have no sequential patterns (i.e. 123456).
4. Not be the same as Userid.
5. Expire within a maximum of 365 calendar days.
6. Not be identical to the previous three (3) PINs.
7. Not be transmitted in the clear outside the secure location.
8. Not be displayed when entered.
GateKeeper Hub allows Administrators to set custom PIN complexity settings adhering to CJIS requirements for all users on the network.
5.6.2.2.1Advanced Authentication RequirementOrganizations must use multi-factor authentication if employees are accessing CJI. This is alike to using a debit or credit card that requires PIN input.GateKeeper allows administrators to auto-enforce multi-factor authentication login requirements on each computer on the network, restricting the use of Windows credentials for logging in.
Capterra Best Value for Authentication Jun-20
Capterra Ease of Use for Authentication Jun-20

See GateKeeper proximity access control in action.

Take a self-guided tour of how you can evolve from passwords. Then you're really saving time with automation.

Enterprise 2FA and password manager. One key for all your passwords. Experience fully automated login and security. Faster 2FA, auto-OTP, password manager, and worry-free workflow with proximity-based privileged access management for Windows 11, 10, 8, 7, macOS, desktop applications, and websites.

Download the free Android app.

Proximity-based passwordless 2FA

Active Directory integration with admin console

Automatic lock for all workstations

Continuous authentication password manager

Automatic OTP on websites for 2FA

Wireless login for PC, Mac, web, and software

or call 240-547-5446