CJIS: Safeguard criminal justice information with Tresorit


Entities that transmit, store, or process criminal justice information (CJI), such as fingerprints and criminal history records, must abide by certain standards when using cloud service providers like Tresorit. These standards are principally addressed by the Criminal Justice Information Services Division (CJIS) of the U.S. Federal Bureau of Investigation (FBI) in the CJIS Security Policy.

Tresorit’s security controls adhere to the 13 policy areas covered by the CJIS Security Policy.

How does Tresorit support compliance with the CJIS Security Policy?

Tresorit’s zero-knowledge end-to-end encryption (E2EE) supports compliance with the CJIS Security Policy through:

  1. State of the art encryption: The CJIS Security Policy requires CJI to be encrypted at rest and in transit. End-to-end encryption, zero-knowledge authentication, and cryptographic key sharing ensure that you are the only one with access to your data.
  2. Boundary and transmission protection from cyber-attacks and unauthorized access: Tresorit’s robust administrator toolset enables granular-level access-right management, ensuring only authorized personnel can access data, which helps entities to abide by the CJIS information integrity and protection requirements and avoid data loss.
  3. Secure collaboration: E2EE file requests allow entities to collect documents from their partners in a completely secure channel rather than as email attachments.
  4. Auditing and accountability efficient: Entities handling CJI must implement audit and accountability controls. Detailed audit logs, reporting capabilities, and reporting options in Tresorit ensure that entities generate CJIS-compliance audit records for defined events.
  5. Offering control and supervision over data handling: Reporting tools help entities detect deviations from regular user activity and suspicious actions in a timely manner.

More information about Tresorit’s data security capabilities can be found here.

Will Tresorit sign the CJIS Security Addendum?

Yes. The CJIS Security Addendum is a uniform addendum to an agreement between the government agency and a private contractor, approved by the Attorney General of the United States, which specifically authorizes access to criminal history record information, limits the use of the information to the purposes for which it is provided, and ensures the security and confidentiality of the information consistent with existing regulations and the CJIS Security Policy.

You may request Tresorit to execute the CJIS Security Addendum if your organization is using Tresorit Business or Enterprise with three or more users. Contact your account manager for further details.