The FBI’s CJIS Program and Two-Factor Authentication: A Match Made in Logic
-- Originally published July 9th on StateScoop --
Every now and then, state and federal government agencies will collaborate on a project so sensible and logical, that it’s hard to find much—if any—opposition.
The FBI’s Criminal Justice Information Services Division (CJIS) might be one of those projects—a focal point and central repository for gathering and compiling intelligence from local, state, and federal criminal justice agencies.
But there’s another issue pertaining to CJIS that’s practically just as logical and obvious. And yet for some reason, we’re still struggling to put it into practice.
That issue is access control. Once we’ve gotten all of this information compiled, shouldn’t we take the necessary steps to secure it?
The problem isn’t the technology. (Strong authentication systems are readily available.) And it’s not a lack of desire. (It’s hard to imagine anyone wanting a common criminal who breaks into a police cruiser to be able to access a federal crime database.)
The hesitation to implement access control is almost certainly caused by the cost and effort involved with adding strong authentication systems to numerous endpoints.
So in response to this inaction, the Federal Government recently issued a directive mandating state agencies to build strong, two-factor authentication into their CJIS-interfacing systems. And the consequence of failing to do so by September of this year will be losing full access to the database.
That’s a pretty serious incentive—even if it isn’t 100% enforceable at the moment. Eventually, the FBI will be able to effectively cut-off state entities it feels aren’t taking the necessary security precautions. And states should make their investments now, rather than wait for their operations to be disrupted.
Implementing two-factor authentication might not be as simple as flipping a switch, but it doesn’t have to be arduous or even expensive. Companies like Symantec who have experience working with state government agencies can suggest the perfect solution based on your individual needs and requirements.
Ultimately, there’s more than enough reason to make the investments today, instead of waiting for the costs of inaction to outweigh the costs of compliance.
Truly, whenever it comes to the security of your critical information, compliance is a practically a no-brainer.