Schedule a Demo of GateKeeper Enterprise or call 240-547-5446

CJIS

A Practical Way to Implement CJIS Compliance Security Mandates

ADVANCED CJIS AUTHENTICATION

Active MFA for modern organizations and CJIS compliance.

Accessing CJIS requires strict adherence to Criminal Justice Information Services, or CJIS standards, such as activity monitoring and securing inactive workstations. Password strength and multi-factor authentication made easy, secure, and automatic for critical data protection.

Control data physically and logically

Meet strict password and PIN requirements of CJIS

MFA that doesn't slow you down but makes you faster

Does not require physical contact with computer

No data on the token, so don't worry if you lost it

Automatic activity logging for painless audits

“I love it. No password or code needed for me to log onto my computer and it keeps others out. This thing is just too cool. My other question is, why don’t the big companies that are losing customer’s information have something like this on their computers?”

Slimboli, Brentwood CA

GateKeeper Enterprise CJIS Compliance Summary

Gatekeeper Enterprise allows an organization to enable access control systems to prevent unauthorized users from gaining access to data and systems they are not privy to see. Comply with multiple policy areas of CJIS with GateKeeper.

SectionKey ActivityPerformance CriteriaGateKeeper Solution
5.5.1Account ManagementAccount Management includes the identification of account types (i.e., individual, group, and system), establishment of conditions for group memberships, and assignment of associated authorizations. The agency shall identify authorized users of the information system and specify access rights/privileges.
The agency responsible for account creation shall be notified when:
(1) A user's information, system usage or need-to-know or need-to-share changes.
(2) A user is terminated or transferred or associated accounts are removed, disabled, or otherwise secured.
GateKeeper Hub allows you to tie individual accounts to users and group accounts to computers to distinguish between them. Accounts with different privileges can be allowed/restricted access to different computers. The logs maintained in the Hub application record all the changes made to a user's account and permission roles.
5.5.2Access EnforcementThe information system shall enforce assigned authorizations for controlling access to the system and contained information. The information system controls shall restrict access to privileged functions (deployed in hardware, software, and firmware) and security-relevant information to explicitly authorized personnel. Explicitly Authorized Personnel include, for example, security administrators, system and network administrators, and other privileged usurers with access to system control, monitoring, or administration functions.
Access control policies (e.g., identity-based policies, role-based policies, rule-based policies) and associated access enforcement mechanisms (e.g., access control lists, access control matrices, cryptography) shall be employed by agencies to control access between users in the information system.
The administrator can create access control policies on GateKeeper Hub to only allow authorized personnel to access computers with sensitive information using their GateKeeper device. Adding/updating/deleting these policies can only be done by users with administrative privileges to the GateKeeper Hub application.
5.5.5Session LockThe information system shall prevent further access to the system by initiating a session lock after a maximum of 30 minutes of inactivity, and the session lock remains in effect until the user reestablishes access using appropriate identification and authentication procedures. Users shall directly initiate session lock mechanisms to prevent inadvertent viewing when a device is unattended.GateKeeper desktop application triggers lock/unlock events on the computer based on the users proximity. As soon as the user walks away, the computer locks to prevent inadvertent data exposure.
5.6.1Identification Policy and ProceduresEach person who is authorized to store, process, and/or transmit CJI shall be uniquely identified. A unique identification shall also be required for all persons who administer and maintain the system(s) that access CJI or networks leveraged for CJI transit. The unique identification can take the form of a full name, badge number, serial number, or other unique alphanumeric identifier. Agencies shall require users to identify themselves uniquely before the user is allowed to perform any actions on the system. Agencies shall ensure that all user IDs belong to currently authorized users. Identification data shall be kept current by adding new users and disabling add/or deleting former users.The administrator. Each user on the network needs to have a user account associated with their full name and device serial number. Even in a shared credentials environment, users can be uniquely identified along with the session count and time on each computer.
5.6.2.1.2Personal Identification Number (PIN)When agencies utilize a PIN in conjunction with a token for the purpose of advanced authentication, agencies shall follow the PIN attributes described below.
1. Be a minimum of six (6) digits.
2. Have no repeating digits (i.e. 112233).
3. Have no sequential patterns (i.e. 123456).
4. Not be the same as Userid.
5. Expire within a maximum of 365 calendar days.
6. Not be identical to the previous three (3) PINs.
7. Not be transmitted in the clear outside the secure location.
8. Not be displayed when entered.
GateKeeper Hub allows Administrators to set PIN complexity settings adhering to CJIS requirements for all user devices on the network.
5.6.2.2.1Advanced Authentication RequirementOrganizations must use multi-factor authentication if employees are accessing CJI. This is alike to using a debit or credit card that requires PIN input.GateKeeper allows administrators to enforce two-factor login policies on each computer on the network, restricting the use of Windows credentials for logging in.

See GateKeeper Enterprise in action

Take a self-guided tour of GateKeeper Enterprise, the proximity-based centralized access management platform. 

GateKeeper Enterprise 45-Day Trial

GateKeeper offers special pricing so you or your organization can try Enterprise before implementing on your entire network. All test packages include deployment assistance, premium support, and additional subscription discounts.

5 or more GateKeeper wireless keys

45 days of Enterprise subscription

Premium support & deployment assistance

Discounted subscription for the rest of the year

or call 240-547-5446

Pin It on Pinterest